UPnP - Multiple Xbox One Gaming Consoles & NAT

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Vexira

Part of the Furniture
but speaking of issues with nat on the pc side of things, if you looked at the grand theft auto 5 screen shots i posted in the a couple of isses thread, from my pc copy you could see there is clearly a nat issue going on even though port 6672 is forwaded by pcp used to be upnp social club still says moderate nat, so either it needs a masuqrade rule or its being blocked, even the xbox one app in my windows 10 is still flakey, it reads blocked on one of my pcs meaning xbox game stream might not work on my pc again either blocked or in need of a rule in masqurade.
 

FreshJR

Very Senior Member
@Vexira if the router says it's open, then it is open

After the router it can still be dropped by your pc's firewall.

I downloaded an app called ScanNinja for IOS that lets me send an init to the device and listen for a response. So port scan your [email protected] and see the behavior. If it works then it's just more buggy game code

@e38BimmerFN the reason you gave good results with full cone is because the console is not upnp opening ports like it should

At this point it goes to your routers NAT method. Full cone security is almost 99% similar to an open port without a upnp request.

I blame game devs 100%.

I will explain what is going on in a video. I don't think u are really understanding how NAT, port forwards, or the inevitable IPV6 solution to eliminate NAT entirely works.
 

Vexira

Part of the Furniture
@Vexira if the router says it's open, then it is open

After the router it can still be dropped by your pc's firewall.

I downloaded an app called ScanNinja for IOS that lets me send an awk to the device and listen for a response. So port scan your [email protected] and see the behavior. If it works then it's just more buggy game code

@e38BimmerFN the reason you gave good results with full cone is because the console is not upnp opening ports.

At this point it goes to your routers NAT method. Full cone security is almost 99% similar to an open port without any upnp request.

I blame game devs 100%.

I will explain what is going on in a video. I don't think u are really understanding how NAT, port forwards, or the inevitable IPV6 solution to eliminate NAT entirely works.
ahh but that where the issue begins, I had black ops 3 have mod nat on one pc, but open on the pc that got the same external and internal port, merlin fixed it with a masquerade rule, and the guys on mini upnp forums fixed multi console support with masquerade rules :p, also upnp version 2 causes moderate nat on xbox one so double. :p
It just seems to me that masquerade rules are needed to fix things, because to me its odd my old r8000 router got open nat in gta but this one gets mod, I'm going to guess its the same issue cod had, I think that the solution to all the nat issues lol just masquerade rules to insure the port ranges translate correctly. the weird thing is it seems that now it takes a few attempts to get my steam link to by pass the cant connect on port 27031, never had the error 380.66, but on 380.67 alpha one bing every time I run a network test on the steam link it spit that error, not even sure if the link uses upnp.

Multi console masquerade rules:
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=1820

Upnp 2.0 issues:
https://miniupnp.tuxfamily.org/forum/viewtopic.php?t=1833
 
Last edited:

e38BimmerFN

Very Senior Member
Well you can believe what you like. From the information I have and i DO know, it's not 100% game devs. LOL.

Seems like if you haven't experience this issue with two or more consoles/PCs then you might not fully understand.

Lets see what MS does with this new port feature there supposedly adding and making changes to the consoles uPnP behavior. Maybe they will be able to fix all of this.

@Vexira if the router says it's open, then it is open

After the router it can still be dropped by your pc's firewall.

I downloaded an app called ScanNinja for IOS that lets me send an init to the device and listen for a response. So port scan your [email protected] and see the behavior. If it works then it's just more buggy game code

@e38BimmerFN the reason you gave good results with full cone is because the console is not upnp opening ports like it should

At this point it goes to your routers NAT method. Full cone security is almost 99% similar to an open port without a upnp request.

I blame game devs 100%.

I will explain what is going on in a video. I don't think u are really understanding how NAT, port forwards, or the inevitable IPV6 solution to eliminate NAT entirely works.
 

ColinTaylor

Part of the Furniture
@Vexira Those posts just confirm what we're saying, that the problem lies with the games/consoles and how they work with UPnP. In fact those specific links are referring to IGDv2 bugs (that have been fixed) and it's already been discussed about how Microsoft's IGDv2 code is broken.

So this is not something that the router (outside of miniupnp) can fix by "just" adding masquerade rules because the router has no knowledge of the port mappings required. Perhaps in the future there will come a time when Microsoft has fixed it's code sufficiently that people can trust using IGDv2. In the meantime it might be better if the game developers say something like "game X has limited functionally when using multiple consoles behind NAT".
 

e38BimmerFN

Very Senior Member
Not being argumentative either. Just stating what I've done and some of what you have expressed has already been expressed as well higher up in this thread. Just saying that some of this has already been looked into.


When you had it working with one ISP service on two consoles and OPEN NAT across the board, what mfr and model router were you using?

There are a few Mfr routers that continually provide OPEN NAT across the board using FULL CONE NAT. There listed on my post on badmodems.com. ;)

I'm not trying to be argumentative, just giving suggestions from experience that I know work. Two external IP's along with a few routing rules should works 100% of the time. I don't know of any router that has continuously and reliably been able to acccomplish your goal of open console and in game NAT on multiple consoles whle only having one external ip.

e38bimmerfnI've read about this thread and your posts on badmodems on symmetric & cone NATs.

When I've had it working with one external ip...open NAT on console & same game on 2 consoles..... it shows up as a full cone NAT when I hit the both triggers and bumpers after testing my network on my xb1. I've had ports forwarded manually to one and relied on upnp for the second. In my experience, when I look at the logs when it works, the router is remaking various external ports to to the same internal port on the second console.

I'm on Xbox preview...level 3...I've got too much time invested into some games to go any higher. I'll let you know if I notice anything.

Personally I have two modems connected at home...one for internet, the other is a combo device with telephone. I have a total data cap of 1TB, but the internet works and has different ips for each modem, so I'm going to work on setting up dual WAN then set a up different gateway ip for each console.

Finally, I want to say that if you own your own modem, Comcast and some other cable. Internet providers will let you have two active modems. I have four or five registered on my account...they never seem to delete the old ones. I've tried plugging them in...they work.
 

beboptrumpet

Regular Contributor
Not being argumentative either. Just stating what I've done and some of what you have expressed has already been expressed as well higher up in this thread. Just saying that some of this has already been looked into.


When you had it working with one ISP service on two consoles and OPEN NAT across the board, what mfr and model router were you using?

There are a few Mfr routers that continually provide OPEN NAT across the board using FULL CONE NAT. There listed on my post on badmodems.com. ;)

When I've had it working, it's been on the Asus RT AC-87. Both consoles wired straight to the router. I had it working the 1st day I installed the alpha, haven't had both Xbox's here to try it since.

My console is a day 1 Xbox1...it is terrible at upnp--it will usually get 3074 open. However, if the game requires another port, it doesn't open it's self. With that console, I have to manually port forward. There are a lot of comments talking about the poor upnp on early console on Reddit and across the web--with how long this console has been out, it makes me think that this is partially a hardware issue.

The second console that I occasionally have hooked up here is the new 4k/HDR Xbox1. It's upnp is far more reliable. I still have to reset after inactivity, and I sometimes have to try a few things to get it working on the console--
I try going off line and back on in settings,
testing the multiplayer connection,
and restarting the game.

When it's working I get rules show up under system log-port forwards as deamonware port forward such as:
3011 external to 3074 internal
3099 external to 3076 internal
3170 external to 3076 internal

There have been times when I've got in game NAT open but not the 3074 Xbox requires. If I get the in game working, I don't worry about the former. If a game uses an alternate port and I have it open, I don't have any of the issues that a moderate NAT brings, I can even connect to players with strict NAT both in game and with a party.

And finally, one note: I have Comcast service with both IPv4 & IPv6, it is possible that one console if functioning with IPv6 and bypassing the need for forwards. However, connecting to games that run entirely on centralized servers (servers rather than a player in the match is the host) seem to work far more often.in those cases, I think IPv6 may be playing a role. I don't think that's entirely what's happening here, bc most the games I play arent hosting games on their servers, their servers are only doing matchmaking.
 
Last edited:

e38BimmerFN

Very Senior Member
Can you run that NAT tool test on your AC-87 and let me know what NAT kind its using? I'm interested in see that it's using for NAT...

When I've had it working, it's been on the Asus RT AC-87. Both consoles wired straight to the router. I had it working the 1st day I installed the alpha, haven't had both Xbox's here to try it since.

My console is a day 1 Xbox1...it is terrible at upnp--it will usually get 3074 open. However, if the game requires another port, it doesn't open it's self. With that console, I have to manually port forward. There are a lot of comments talking about the poor upnp on early console on Reddit and across the web--with how long this console has been out, it makes me think that this is partially a hardware issue.

The second console that I occasionally have hooked up here is the new 4k/HDR Xbox1. It's upnp is far more reliable. I still have to reset after inactivity, and I sometimes have to try a few things to get it working on the console--
I try going off line and back on in settings,
testing the multiplayer connection,
and restarting the game.

When it's working I get rules show up under system log-port forwards as deamonware port forward such as:
3011 external to 3074 internal
3099 external to 3076 internal
3170 external to 3076 internal

There have been times when I've got in game NAT open but not the 3074 Xbox requires. If I get the in game working, I don't worry about the former. If a game uses an alternate port and I have it open, I don't have any of the issues that a moderate NAT brings, I can even connect to players with strict NAT both in game and with a party.

And finally, one note: I have Comcast service with both IPv4 & IPv6, it is possible that one console if functioning with IPv6 and bypassing the need for forwards. However, connecting to games that run entirely on centralized servers (servers rather than a player in the match is the host) seem to work far more often.in those cases, I think IPv6 may be playing a role. I don't think that's entirely what's happening here, bc most the games I play arent hosting games on their servers, their servers are only doing matchmaking.
 

beboptrumpet

Regular Contributor
Can you run that NAT tool test on your AC-87 and let me know what NAT kind its using? I'm interested in see that it's using for NAT...

It's always been a full cone NAT if it's working

If it's not, and I'm getting moderate NAT, it's been a Port Restricted Cone NAT
 

beboptrumpet

Regular Contributor
Not being argumentative either. Just stating what I've done and some of what you have expressed has already been expressed as well higher up in this thread. Just saying that some of this has already been looked into.


When you had it working with one ISP service on two consoles and OPEN NAT across the board, what mfr and model router were you using?

There are a few Mfr routers that continually provide OPEN NAT across the board using FULL CONE NAT. There listed on my post on badmodems.com. ;)


Have you looked into what those routers are using for upnp? If it's not miniUpnP, Perhaps it can be ported to out routers
 

e38BimmerFN

Very Senior Member
Can you still run the test to see what the router is actually using?

When it's full cone nat, are you using just uPnP and IP address reservations on the router with out any Port Fowarding for the consoles?
 

e38BimmerFN

Very Senior Member
I haven't had a chance to look into what version of miniuPnP is being used on the routers i've tested yet. I presume I might have to look into the GPL code of some of them...

Have you looked into what those routers are using for upnp? If it's not miniUpnP, Perhaps it can be ported to out routers
 

Vexira

Part of the Furniture
I haven't had a chance to look into what version of miniuPnP is being used on the routers i've tested yet. I presume I might have to look into the GPL code of some of them...
our routers are running mini upnp 2.0, with igd 1.1 and uda 1.1
 

Vexira

Part of the Furniture
ive been bad really bad I broke upnp with qos and changed my nat type :p, this should disprove that its only gave devs fault. I was playing with adaptive qos and this is the result proving my long time theory that adaptive qos can mess with upnp, I remember before merlins masquerade fix, I used to change qos priorities to get open nat. So ha check mate. :p :p :p :)

With Adaptive qos set to this:



XBOX Nat Type is this:



XBOX Nat type when set to game mode aka one click game boost:
 

FreshJR

Very Senior Member
@Vexira yes your nat type does have an effect. But that is only without properly working port forwards. If your port forwards were working then it doesn't matter what the nat type / nat behavior is.

I think both of you would see the issue clearly in the video if I have time to finish it.

Bottom line, since you guys want results:

Sloppy security nats ARE a workaround to mask the problem. So setup your router as full cone and you will see positive results. Next focus on finding a dhcp reservation or port forward timeout relation to make existing port forwards stick.

I'm sounding like a broken record so I'm leaving this conversation. Get back on track and experiment with iptable rules and find what works for you. It shouldn't be too hard to find a pattern of what behavior the Xbox expects and write trigger to accommodate it.

My final opinion:
Consoles should assume ZERO communication when are using ports they have not forwarded. They should also expect ZERO communication if they are improperly forwarded.

If these situations are occurring, then they should spend the resources to find the problem. I do not accept sloppy NAT or static IPs a proper solution.

Everything non gaming related for me has properly opened ports for itself. Microsoft sure as hell makes buggy ass products, especially for being in the game as long as they have. Go try programming using VBA in Microsoft excel and see what I mean about their terrible code base. It's probably such a cluster frack they don't know where to begin. Not defending ASUS's attention to detail either.
 
Last edited:

Vexira

Part of the Furniture
upnp has been hijacked if its forwarding unsolicited ports, ive only seen one port open per xbox I have. I don't get why adaptive qos is messing with nat, I do understand that it causes the firewall to restart, but changing nat types that's bizzare.
 

FreshJR

Very Senior Member
upnp has been hijacked if its forwarding unsolicited ports, ive only seen one port open per xbox I have. I don't get why adaptive qos is messing with nat, I do understand that it causes the firewall to restart, but changing nat types that's bizzare.

Qos changes iptable rules to get it working.
The word masquerade in iptables means NAT behavior.

Look at your iptables and see what is going on.

Something has been changed which causes the router to exhibit different NAT behavior.

Invest some time and read the iptables manual.
 

Vexira

Part of the Furniture
I w
Qos changes iptable rules to get it working.
The word masquerade in iptables means NAT behavior.

Look at your iptables and see what is going on.

Something has been changed which causes the router to exhibit different NAT behavior.

Invest some time and read the iptables manual.
I will, but I never thought that qos would change nat type entirely, it seems to be an on and off issue. Since qos is only intended for traffic shaping, even if it uses ip tables it shouldn't affect nat type in theory.
 

ColinTaylor

Part of the Furniture
@Vexira It would be useful if when you were doing those tests you also used the online NAT tester to confirm the results. The Xbox status screen seems so unreliable I wouldn't trust its results alone.

But @FreshJR makes an important point that the only way to actually know what is going on, rather than just speculating, is to dump the iptables rules (iptables-save) after each test and compare them. (And remember to reboot the router followed by the console after each configuration change to clear out any old entries)
 

RMerlin

Asuswrt-Merlin dev
upnp has been hijacked if its forwarding unsolicited ports, ive only seen one port open per xbox I have. I don't get why adaptive qos is messing with nat, I do understand that it causes the firewall to restart, but changing nat types that's bizzare.

Reboot your console whenever you do such changes. My guess is the problem is with the test itself, not with QoS. Changing QoS mode causes existing forwards to be lost, and the XBox fails to re-create them.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top