What's new

UPnP - Multiple Xbox One Gaming Consoles & NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No. Test PC is not in DMZ. Non Gaming device is a VOIP device in the DMZ.


I'll see about loading stock FW later on. As far as I can tell, Port Address Restricted Cone NAT that was reported for both OEM and Merlin FW by the NAT test tool.

Merlin FW seems to be allowing for OPEN NAT with two same games running on both consoles at the same time.
If you go back a few posts the multiple consoles issue was fixed in 380.66, with the extra rules Merlin put in place as side from the global ones. For wan traffic and he switched on a setting.
 
If you were wireless and changed channels, then the ports could have reset on this PC or the ports changed to something that worked after the wireless was re-configured.

I'd go for a more simpler set up, do all wired LAN cable testing first and rule out any wireless. Wireless can be problematic and only adds a layer of troubleshooting.

From what I can tell, Merlin and two same games with two wired consoles seems to be working with or with out any router configurations in QoS and NAT is Port Address Restricted Cone NAT.

I'm hoping I can collect tables with OEM FW, however that may not be possible.

It's something bugging out on my network, I have a pretty elaborate set up, it works 99% of the time. It was just a pc copy of cod reading as moderate nat till the channel changed I preformed nothing to worry about I guess.
 
I hadn't been reading the thread since it's got so big. I wanted to test this out for myself to make sure of all the information I'm testing and gathering for that badmodems post. I'm also collecting a list of what routers work and those that don't for two same game configurations. Glad that Merlin FW works for ASUS routers though.

If you go back a few posts the multiple consoles issue was fixed in 380.66, with the extra rules Merlin put in place as side from the global ones. For wan traffic and he switched on a setting.
 
If you were wireless and changed channels, then the ports could have reset on this PC or the ports changed to something that worked after the wireless was re-configured.

I'd go for a more simpler set up, do all wired LAN cable testing first and rule out any wireless. Wireless can be problematic and only adds a layer of troubleshooting.

From what I can tell, Merlin and two same games with two wired consoles seems to be working with or with out any router configurations in QoS and NAT is Port Address Restricted Cone NAT.

I'm hoping I can collect tables with OEM FW, however that may not be possible.
i know my set up is pretty good excpet one of my extnders is bricked, i get wired level pings currently using an 87u as a wifi ap in its place, its stuck in a recovery loop but thats another issue in it self off topic, back to topic i still need to work out whats buggin a few pc based games nat wise, so ill have to read ip tables manual to fix it. Or find the commands to get it working i know its not fire wall or av blocked i disabled both. Seem on the router end.
 
"When I run a test with blank rules (ACCEPT policy for all), RakNet Detect a Full-Cone NAT. When I try to put the two rules for doing a Full-Cone, as write before, it detect a Port Resctricted-Cone. And if I write the one rule for making a Port Restricted, it detect well a Port Restricted-Cone (as if the rule "iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination" was useless). As a beginner in network development, I'm currently lost. It seems definitions of NATs Type don't match with the iptables rules that I found."

https://serverfault.com/questions/8...-iptables-and-test-with-raknet-detection-type

thats intresting possbly explains why the rules seem to not be working correctly.
 
thats intresting possbly explains why the rules seem to not be working correctly.
I've read that post before and it doesn't provide any extra insight for us. What he's doing with his "Full-Cone" rules is trying to put his client in the DMZ. If you do that on the Asus it works. The reason it doesn't work for him is because he has his internal and external network interfaces to wrong way around.
 
Some more UPNP and NAT detection features rolling out in tonight's insider preview alpha build.
Source: https://www.reddit.com/r/xboxone/comments/6ybol4/psa_some_helpful_features_in_network_settings/

The latest build going out to Preview Alpha contains some small, cool features that I'm really happy about:

UPnP Failure Notification: If a Moderate or Strict NAT is detected and the console was also unable to successfully port map via UPnP, the console will display UPnP not successful under Network Settings. A link will also be displayed that points to xbox.com/xboxone/UPnP. We've got some updated documentation that covers the most common causes of UPnP mapping failures and how to work around the issues that will be updated under this link, but our publication team currently has their work cut out for them with the drafts I sent as they have to fix all of my run-on sentences and penchant for abusing commas whenever possible.

Double NAT Detection: If a Moderate or Strict NAT is detected alongside a double NAT, the console will display Double NAT detected under Network Settings. A link will also be displayed that points to xbox.com/xboxone/DoubleNAT. The documentation for this support page is also in progress, and I've heard that the publication team is now working with Microsoft Research to leverage machine learning to try to translate my documentation into something that resembles human readable text.

Some notes on these features.
  1. We only display the UPnP failure and double NAT detection notifications if the NAT type is not Open. If you have a router that doesn't support UPnP but still provides an Open NAT, there really isn't a need to spend time configuring workarounds like port forwarding rules, DMZ settings, etc. Ditto for a double NAT.

  2. Double NAT detection relies on some UPnP calls to your router. If UPnP isn't supported on your router or isn't functioning for some reason, we won't be able to detect the presence of a double NAT. This isn't a showstopper though as we will still detect that UPnP isn't working alongside a non-Open NAT. Once UPnP is working on your router but the NAT type still isn't detected as Open, the console will then be able to check for the presence of a double NAT.
 
I've read that post before and it doesn't provide any extra insight for us. What he's doing with his "Full-Cone" rules is trying to put his client in the DMZ. If you do that on the Asus it works. The reason it doesn't work for him is because he has his internal and external network interfaces to wrong way around.
i see , well ill just have to try again and post the commands in a text file.
 
Will be nice to see this and hope it helps with two or more consoles running two or more same games.
 
Ok loaded v3.0.0.4.382_15852 back on to the 3100 and just did a clean reboot then did a capture of the IPtables on the OEM FW. I haven't tested consoles. Yet, late here. Will do this tomorrow.

Let me know if you notice anything different with OEM tables vs Merlin.
 
Ok, after OEM FW loaded, 2nd in game console is Moderate NAT using BO3. Captured IPTables for this event and posted at the end of the google doc file for review.

Ok loaded v3.0.0.4.382_15852 back on to the 3100 and just did a clean reboot then did a capture of the IPtables on the OEM FW. I haven't tested consoles. Yet, late here. Will do this tomorrow.

Let me know if you notice anything different with OEM tables vs Merlin.
 
Ok, after OEM FW loaded, 2nd in game console is Moderate NAT using BO3. Captured IPTables for this event and posted at the end of the google doc file for review.
I'm assuming that the console addresses are now 192.168.0.198 and 192.168.0.199.

After a quick scan through the most obvious difference is that the OEM rules don't have a NAT postrouting chain (PUPNP) at all. This means that it is missing a "MASQUERADE --to-ports" rule (and associated DNAT) for port 3075 on console 192.168.0.198.

So 5 stars for Merlin and 0 stars for Asus.
 
Yes, Looking at the Merlin vs OEM, I'm seeing that the 2nd console is getting a MS port 307# for Merlin FW, however on the OEM FW, its not getting any MS port 307# and just some random virtual port.
Yes, 198 and 199 are the game consoles.

I tried Vexiras IPTables config and sent them via Putty and still not getting OPEN NAT on 2nd in game console:
Code:
iptables -t nat -D POSTROUTING ! -s $(nvram get wan0_ipaddr) -o $(nvram get wan0_ifname) -j MASQUERADE
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -j SNAT --to-source $(nvram get wan0_ipaddr)
iptables-save

I presume this is correct?
After loading these two lines I captured the table data. I tried both consoles and still 2nd console was Moderate NAT. So I turned them off and rebooted the router thinking that maybe a reboot was needed. Even after reboot Moderate NAT on 2nd console in game.
 
Yes, Looking at the Merlin vs OEM, I'm seeing that the 2nd console is getting a MS port 307# for Merlin FW, however on the OEM FW, its not getting any MS port 307# and just some random virtual port.
The only difference is port 3075. The high port is the same for OEM and Merlin.


I tried Vexiras IPTables config and sent them via Putty and still not getting OPEN NAT on 2nd in game console:
Code:
iptables -t nat -D POSTROUTING ! -s $(nvram get wan0_ipaddr) -o $(nvram get wan0_ifname) -j MASQUERADE
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -j SNAT --to-source $(nvram get wan0_ipaddr)
iptables-save

I presume this is correct?
No that won't work. It has to be fixed within the miniupnpd setup.
 
Ok. I was wondering. So there is differences between OEM and Merlin FW and the behavior and such.
 
Well at least for ASUS routers and users, Merlin seems resolve this issue. Would be nice if it could be used by ASUS OEM FW and other router Mfrs. :oops:
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top