UPnP - Multiple Xbox One Gaming Consoles & NAT

[RMerlin]

INPUT and OUTPUT chains are for traffic terminating on the router, not on devices on your LAN.

 

[Vexira]

I'm trying to get a port working via upnp, I was hoping if that works, I could use the rules to get steam link port 27031 working again it seems to be blocked for some reason when I do a network test on the steam link it has an error with that port number in the error message saying that it can't connect.

I was hoping that I could use the rules to get my steam copy of battle born to have its traffic pass through the router and change from moderate to open nat.

But the rules are correct in syntax?

If I want to let traffic from that port number pass through the router in both directions it seems blocked in one.

is there a rule to allow all traffic on ports 1024 and above to pass through upnp?

 

[Vexira]

INPUT and OUTPUT chains are for traffic terminating on the router, not on devices on your LAN.

ohh so I need use input then forward
http://ipset.netfilter.org/iptables.man.html

 

[Vexira]

https://airvpn.org/topic/11264-asus-merlin-wrt-port-forwarding-script-setup/
look what I found an easer way of making nat start scripts

 

[ColinTaylor]

is this correct

No.

But the rules are correct in syntax?

No.

ohh so I need use input then forward

No.

None of that is relevant because the setup is completely different. The commands are for an Ubuntu server running on a LAN not a router.

 

[ColinTaylor]

If I want to let traffic from that port number pass through the router in both directions it seems blocked in one.

All outgoing traffic is allowed by default. If you want to direct a specific incoming port to a client you can do it on the port forwarding page in the GUI.

is there a rule to allow all traffic on ports 1024 and above to pass through upnp?

UPnP doesn't work that way. Traffic doesn't go through upnp. The application talks to miniupnpd and then miniupnpd sets up the iptables rules to allow the traffic through.

 

[Vexira]

looks like ill have to go ask on the miniupnp forums for correct parameters, I word it it wrong, I mean to ask for an ip tables rule to all traffic from ports 1024 and above when requested by miniupnp.

 

[ColinTaylor]

looks like ill have to go ask on the miniupnp forums for correct parameters, I word it it wrong, I mean to ask for an ip tables rule to all traffic from ports 1024 and above when requested by miniupnp.

Sorry, that sentence makes no sense. Can you explain it another way, maybe with an example.

 

[Vexira]

sorry im tired i stop making sense when i am,
but in english i wanted to dermine if i could rid my self of an error in my steam link about a port not being able to connect and gta v mod nat
what i was trying to work out was allowing upnp traffic from port 6672 through the router in both directions, with ip tables for gta v my steam copy it uses rockstar social club thats the launcher for it which throws up a nat error.

in regards to the steam link, its like a thin client that allows pc games to be streamed to atv which you can play from not needing to drag the host pc around, issue os after 380.67 alpha 1 the net work test in the steam link, i posted this in my a couple of isssues thread shows up an error of cant connect on port 27031 so i cant see connection statistics and it cant connect on that port to the pc either of them, i have 2 pcs with steam.

when in the thread a cople of issues i asked about an ip tables fix, i suspected the traffic was possibly blocked at the router end, in regards to gta v well at least blocked in one direction.
this is after disableing windows fire wall and trend micro, also on a fresh windows install with windows fire wall disabled, i ve had the mod nat in gta leading me to suspect a possible need to set an ip tables rule, since nat reads as port address restricted.

i tested the commands again from merlin for full cone nat as a script i had fire wall start initiate the nat start script, and i tested it as a stand alone nat start script executable in both cases. Short of editing the the post routing config its not worked. Also is anyone else jave thier router log read as august 1 then time sync and get the correct date.

 

[ColinTaylor]

Also is anyone else jave thier router log read as august 1 then time sync and get the correct date.

That's normal.

 

[Jack Yaz]

sorry im tired i stop making sense when i am,
but in english i wanted to dermine if i could rid my self of an error in my steam link about a port not being able to connect and gta v mod nat
what i was trying to work out was allowing upnp traffic from port 6672 through the router in both directions, with ip tables for gta v my steam copy it uses rockstar social club thats the launcher for it which throws up a nat error.

in regards to the steam link, its like a thin client that allows pc games to be streamed to atv which you can play from not needing to drag the host pc around, issue os after 380.67 alpha 1 the net work test in the steam link, i posted this in my a couple of isssues thread shows up an error of cant connect on port 27031 so i cant see connection statistics and it cant connect on that port to the pc either of them, i have 2 pcs with steam.

when in the thread a cople of issues i asked about an ip tables fix, i suspected the traffic was possibly blocked at the router end, in regards to gta v well at least blocked in one direction.
this is after disableing windows fire wall and trend micro, also on a fresh windows install with windows fire wall disabled, i ve had the mod nat in gta leading me to suspect a possible need to set an ip tables rule, since nat reads as port address restricted.

i tested the commands again from merlin for full cone nat as a script i had fire wall start initiate the nat start script, and i tested it as a stand alone nat start script executable in both cases. Short of editing the the post routing config its not worked. Also is anyone else jave thier router log read as august 1 then time sync and get the correct date.

Is this internally to your network i.e. LAN that it's not connecting?

 

[ColinTaylor]

sorry im tired i stop making sense when i am,
but in english i wanted to dermine if i could rid my self of an error in my steam link about a port not being able to connect and gta v mod nat
what i was trying to work out was allowing upnp traffic from port 6672 through the router in both directions, with ip tables for gta v my steam copy it uses rockstar social club thats the launcher for it which throws up a nat error.

in regards to the steam link, its like a thin client that allows pc games to be streamed to atv which you can play from not needing to drag the host pc around, issue os after 380.67 alpha 1 the net work test in the steam link, i posted this in my a couple of isssues thread shows up an error of cant connect on port 27031 so i cant see connection statistics and it cant connect on that port to the pc either of them, i have 2 pcs with steam.

when in the thread a cople of issues i asked about an ip tables fix, i suspected the traffic was possibly blocked at the router end, in regards to gta v well at least blocked in one direction.
this is after disableing windows fire wall and trend micro, also on a fresh windows install with windows fire wall disabled, i ve had the mod nat in gta leading me to suspect a possible need to set an ip tables rule, since nat reads as port address restricted.

i tested the commands again from merlin for full cone nat as a script i had fire wall start initiate the nat start script, and i tested it as a stand alone nat start script executable in both cases. Short of editing the the post routing config its not worked. Also is anyone else jave thier router log read as august 1 then time sync and get the correct date.

I'm still not sure I'm following what you're saying. It's probably obvious to people that have Steam Link but I don't.

From what I understand Steam Link uses LAN to LAN communication only, therefore any iptables rules will have no effect. If you are seeing an error saying that it can't connect to your PC on port 27031 then that is an issue with your PC's firewall or the Steam client, not the router. The only execption to that is if you have Set AP Isolated = Yes (Wireless > Professional) on your wireless network or are using a guest wireless network and have disabled intranet access.

As for GTA V, that should just work with UPnP without any additional modification. So make sure you don't have any manual rules for port 6672.

 

[Vexira]

I'm still not sure I'm following what you're saying. It's probably obvious to people that have Steam Link but I don't.

From what I understand Steam Link uses LAN to LAN communication only, therefore any iptables rules will have no effect. If you are seeing an error saying that it can't connect to your PC on port 27031 then that is an issue with your PC's firewall or the Steam client, not the router. The only execption to that is if you have Set AP Isolated = Yes (Wireless > Professional) on your wireless network or are using a guest wireless network and have disabled intranet access.

As for GTA V, that should just work with UPnP without any additional modification. So make sure you don't have any manual rules for port 6672.

I don't have any manual rules, for 6672 the odd part of the link is it connects to my pcs fine when doing streaming, but net work test is hit and miss I partly suspected it's bug in the links firmware when I read a about others having issues, odd part is it still have the issue even with the firewall and AV are disabled.

Same with gta v, it used to use upnp and the dev's changed it to PCP same mod nat unless it needs some extra ports to be forwarded, it should read as open.


Since my old r8000 netgear router had open nat in gta which is absurd, I'm theorising that the port restricted part of the routers nat might be problematic.

I even have Battle born on steam reading as moderate nat, but I don't see any upnp forwarding with or without the firewall enabled or trend micro disabled or enabled, I even reinstalled both games after clean installing windows same deal.

I went and downloaded wireshark to try to trouble shooting the issue see what's going on.

 

[e38BimmerFN]

One item that a buddy of mine recently found which works to resolve OPEN NAT on his two same in game consoles, BO3 was to Set Nat Filtering from Secure to OPEN on his R7000 router. His router has Port Address Restricted Cone NAT on his which for unknown reasons differs from my R7800 router which has FULL CONE NAT. So the R8000 may have this NAT FILTERING feature which I have seen before on NG routers. Something you could check out.

Also if your gaming code is LAN to LAN then port configuration shouldn't been needed for those apps that rely on LAN ot LAN connections.

Are you using any kind of Gb LAN switch between your PCs and router or is PC directly connected to the router? Can you give us a diagram if how you have things set up? Test your configuration with a good quality non managed Gb LAN switch between the router and devices.

 

[Vexira]

One item that a buddy of mine recently found which works to resolve OPEN NAT on his two same in game consoles, BO3 was to Set Nat Filtering from Secure to OPEN on his R7000 router. His router has Port Address Restricted Cone NAT on his which for unknown reasons differs from my R7800 router which has FULL CONE NAT. So the R8000 may have this NAT FILTERING feature which I have seen before on NG routers. Something you could check out.

Also if your gaming code is LAN to LAN then port configuration shouldn't been needed for those apps that rely on LAN ot LAN connections.

Are you using any kind of Gb LAN switch between your PCs and router or is PC directly connected to the router? Can you give us a diagram if how you have things set up? Test your configuration with a good quality non managed Gb LAN switch between the router and devices.

That's there for ages I had that in a few netgear units. The nat filtering.

 

[e38BimmerFN]

Guess this is what helps for two same game consoles though on OEM FW.

 

[e38BimmerFN]

Had my buddy re test his with NAT Filtering set to open. Still reports Port Address Restricted NAT while using OPEN for this feature. I presume that this feature maybe only changing the IPTables handling or something that allows OPEN NAT for 2 same in game consoles. Doesn't report FULL CONE NAT.

Guess this is what helps for two same game consoles though on OEM FW.

 

[Vexira]

Had my buddy re test his with NAT Filtering set to open. Still reports Port Address Restricted NAT while using OPEN for this feature. I presume that this feature maybe only changing the IPTables handling or something that allows OPEN NAT for 2 same in game consoles. Doesn't report FULL CONE NAT.

presicle one of the reasons i got rid of the netgear, i had oerfclty open nat one minute then bam nat screwed up, nad i got mod nat all round even on a single instance of cod and the xbox one, with nat flitering set to open, then the the router decided to die on me after a while i even recived a replacment from netgear and that had the same issue it wouldnt load web pages, use the refund money to get an 88u, when i first got the 88u inital firmware.was perfect open nat in cod, susbsequnt updates it changed and this is for a single pc.

 

[e38BimmerFN]

Possible there was issues with your unit or how you had the router configured as well. So far the NG router has been working well using the NAT Filter set to OPEN for my friend.

Will be interesting to see this new line of ASUS routers coming out if you say what they are doing.

 

[beboptrumpet]

Finally! Xbox comes up with a real fix

Alternate Port selection

I'm on Xbox insiders preview. Basically I get builds before they come public. I just noticed, there are some new things in networking. Most notably:
alternate port selection. It looks like it might remap automatically...haven't had a chance to test. However, you can see if I choose manually, it gives me 6 ports to choose from. Looks like Microsoft is coming through.

For anyone interested in preview:

It is no longer by invite. You download the Xbox Insider Hub app and give feedback to get earlier builds. You can see the requirements for different levels in the pic