UPnP - Multiple Xbox One Gaming Consoles & NAT

[Vexira]

Before I forget to say it, thank you Merlin for doing your best to, fix the problem.

 

[RMerlin]

though im not sure what it all means.

Placebo, most likely. I've seen Asuswrt users get Open NAT with multiple consoles just as well, without recompiling miniupnpd.

 

[e38BimmerFN]

Are there any specific configurations of the router using AsusWRT FW that help users get OPEN NAT for mutliple consoles?

Placebo, most likely. I've seen Asuswrt users get Open NAT with multiple consoles just as well, without recompiling miniupnpd.

 

[RMerlin]

Are there any specific configurations of the router using AsusWRT FW that help users get OPEN NAT for mutliple consoles?

Some people report they've had success by disabling Secure Mode (which allows an UPNP client to request a port forward for a different IP - not sure why that would have any impact tho), or by lowering the allowed ports to 1-65535 instead of the (more secure) 1024-65535. NAT acceleration and the selected NAT loopback are other factors that might potentially have an impact. Finally, each game might behave differently, depending on how they deal with being told that the requested port is not available.

 

[Vexira]

Some people report they've had success by disabling Secure Mode (which allows an UPNP client to request a port forward for a different IP - not sure why that would have any impact tho), or by lowering the allowed ports to 1-65535 instead of the (more secure) 1024-65535. NAT acceleration and the selected NAT loopback are other factors that might potentially have an impact. Finally, each game might behave differently, depending on how they deal with being told that the requested port is not available.

Is secure mode like the one in net gear routers where it says nat filter secure and the other option is open, i was wondeirng if tis the same as the imprlentation thatnet gear has.

I only have to change the port range from 1024 to 1 and back to 1024 when miniupnp becomes un responsive, and just wont forward ports, as in ill open a call of duty game on pc and it wont be forwarded, or another work around is to open a games for windows live game, games for windows live gets open nat always, oddly might be an issue whith how deamonware port mapper is handled by the router or miniupnp, where as gfwl is recongsed as xbox live. The gfwl trick only works for games that need port 3074, newer call of dtuy games on pc at least, (black ops 3 and infinite warfare) require port 27017, though modernwarfare remastred still uses port 3074. deamonware portmapper is waht call fo duty uses, or so the upnp log states.
secure mode could be restrcitng traffic.

Worth a read
http://documentation.netgear.com/wnr2000/enu/202-10397-02/Customize.6.13.html

Not sure if it helps, i do get open nat or upnp formwarding to work around 90% of the time, on both my xbox one and my pc, but thats if only one instanc of the game is requesting a port, eg one instance of call of duty, the xbox on ocassion will randomly get moderate nat, which makes no sense whatsoever, only reaon i do belive is that its just miniupnp being a pain.

In regards to Nat acceration doest that mean theres a conflcit with it and mini upnp or with upnp in general, that needs to be resolved by asus/broadcom, which makes me wonder if adaptive qos has any part in the issue since as i stated prior if i change bandwidth values for it, upnp stops responding, im not sure what causes that to happen, if there are any fixed to that it would be nice.

 

[Vexira]

i have screen shots of what belive is upnp miss behaving not sure how to upload them, its ov gta v when i port forwaded the game manually it read up as open, with upnp one port is open but i get moderate, tho i do belive its upnp derping out since on my previous net gear router it was open, not sure if its the client not requesting the extra ports or upnp just not assigen them.

Sould i run wireshark to find out whats going on?

 

[RMerlin]

Is secure mode like the one in net gear routers where it says nat filter secure and the other option is open, i was wondeirng if tis the same as the imprlentation thatnet gear has.

When in secure mode, miniupnpd will reject any UPNP request for a port forward where the destination IP is different from the source of the request. It shouldn't change anything at the iptables level AFAIK.

In regards to Nat acceration doest that mean theres a conflcit with it and mini upnp or with upnp in general, that needs to be resolved by asus/broadcom

I don't know, just saying what kind of things could potentially have an impact, as only Broadcom really knows how CTF works and what real impact it can have on existing network activity.

Sould i run wireshark to find out whats going on?

At that point, this is outside of my field of expertise. You'd need someone who is familiar with the UPNP/NAT-PMP protocol to debug at that level.

 

[e38BimmerFN]

Might be able to see some thing on wireshark.

What happens if you leave ports open for 1 thru 65535?

Ya seems like this is a uPnP behavioral issue when two or more of the same game/console is online at the same time.

i have screen shots of what belive is upnp miss behaving not sure how to upload them, its ov gta v when i port forwaded the game manually it read up as open, with upnp one port is open but i get moderate, tho i do belive its upnp derping out since on my previous net gear router it was open, not sure if its the client not requesting the extra ports or upnp just not assigen them.

Sould i run wireshark to find out whats going on?

 

[Vexira]

Might be able to see some thing on wireshark.

What happens if you leave ports open for 1 thru 65535?

Ya seems like this is a uPnP behavioral issue when two or more of the same game/console is online at the same time.

Same result, not even sure what it is I'll probs have to ask the miniupnp development about it, it's the weirdest bug, if I could upload a screenshot it might make more sense.

But still its odd they changed from upnp to PCP,and yet social club still reads as moderate nat, even though a port of 6627 appears int the upnp log, as a PCP Map.
Is a simliar bug to Call of Duty modern warfare 3 spec ops co op mode, that throws up a nat warining errror even though multiplayers says open, and port 3074 registers as open in upnp for both modes, which is odd.

 

[Vexira]

1. If you selected the Turn UPnP On check box, the following steps apply to you:
2. a. Type the advertisement period in minutes.
   
   The advertisement period specifies how often the router broadcasts its UPnP information. This value can range from 1 to 1440 minutes. The default period is 30 minutes. Shorter durations ensure that control points receive current device status at the expense of more network traffic. Longer durations can compromise the freshness of the device status but can significantly reduce network traffic.

b. Type the advertisement time to live in hops.

The time to live for the advertisement is measured in hops (steps) for each UPnP packet sent. Hops are the steps a packet takes between routers. The number of hops can range from 1 to 255. The default value for the advertisement time to live is 4 hops, which should be fine for most home networks. If you notice that some devices are not being updated or reached correctly, it might be necessary to increase this value.

Ive always wondered why settings like thest are not present in the asus firmware, i know these exist in netgears.
I do belive that port in use is working, tested black ops 3 checked the upnp log only one instance on port 2017 was apparent, not like before where a second instance would appear when a second client was launched and it tried to translate the same internal port number to a few diffrent external ports, which is good to see, seems that part of the issue has been fixed.

 

[RMerlin]

Ive always wondered why settings like thest are not present in the asus firmware, i know these exist in netgears.

Different UPNP daemons. Netgear uses some proprietary UPNP daemon.

As for D-Link, they use a PHP-based (!) daemon. I wouldn't trust that security-wise any farther than I could throw it...

Linksys uses Broadcom's own closed-source daemon. Not as scary as D-Link's PHP stuff, yet I'm not sure how much I'd trust it security-wise...

Miniupnpd has the benefits of being actively developed, and fully open sourced.

 

[e38BimmerFN]

From what I know, uPnP that D-Link uses is safe and secure. Yes they had the issue of the main uPnP bug a few years ago. They fixed it. I have never had any issues with uPnP security-wise.

 

[e38BimmerFN]

To upload a screen shot here in the forums, use a picture service site like photo bucket or imageshack or something like that. Upload the picture file to there. Then take the IMG url code they give you for forum use there and paste the IMG URL address in the box. Save and the linked image should now appear as a picture in the forum post.
Example:

Same result, not even sure what it is I'll probs have to ask the miniupnp development about it, it's the weirdest bug, if I could upload a screenshot it might make more sense.

But still its odd they changed from upnp to PCP,and yet social club still reads as moderate nat, even though a port of 6627 appears int the upnp log, as a PCP Map.
Is a simliar bug to Call of Duty modern warfare 3 spec ops co op mode, that throws up a nat warining errror even though multiplayers says open, and port 3074 registers as open in upnp for both modes, which is odd.

 

[Vexira]

thnx for the help this is what i mean, like i said modern warfare 3 spec ops mode has a simlar error about nat even though the port 3074 appears in the upnp log. Port 6672 is what appears when i launch GTA V, odd not sure if it needs the whole range to be forwarded, acuse when i manualy forward these ports UDP Ports: 6672, 61455, 61457, 61456, and 61458 i get full open, and i think upnp, is broken since i had the same nat error when the game used to use upnp to forward ports. I also wanted to ask merlin if its possible to set port tigger to open a range of ports rather than just one so if 6672 opens it triggers the rest to open. is it possible that a upnp rule is needed to fix this? im not entierely sure how to diagnnose this issue.

Social Cub:



Router:

 

[RMerlin]

From what I know, uPnP that D-Link uses is safe and secure. Yes they had the issue of the main uPnP bug a few years ago. They fixed it. I have never had any issues with uPnP security-wise.

It's based on PHP. That means you are open to a wide range of PHP-related security issues on top of everything else, as D-Link isn't using an up-to-date version of it (I didn't check which PHP version it was, but it definitely wasn't 5.6/7.x).

 

[Vexira]

I think my upnp froze i have ports opened yeterday still being forwarded to my pcs ip even thought he pc had been shut off for hours, and i never re open the applications that requested them orginally, ie the 2 cod games, Balck ops 3 and moderwarfare remaster, should i re config the router?

Port 3074 is in the upnp log opened by this spec ops mode when it connects to online services, yet i still get this error, which makes no sense. If i was to open multi player it will have nat as open, both multi-player and this specops mode use the same port 3074.

 

[Vexira]

omg merlin i love you, i just did a test after my router rebooted cause the isp's dhcp lease expired, and both my black ops 3 copeis report open nat, every thing seems to be forwarding propperly, so far hope it survives a reboot but so far its working perfectly with 2 pcs running black ops 3 open nat, xbox one open nat advanced warfare on xbox one open nat. i just need every one esle whith issues to check.
Ok so speck ops and gta v only things that are reporting the same nat errors.

also xbox one runs 3 operating systems
https://www.engadget.com/2013/05/21/xbox-one-runs-three-operating-systems/

 

[reerden]

I think my upnp froze i have ports opened yeterday still being forwarded to my pcs ip even thought he pc had been shut off for hours, and i never re open the applications that requested them orginally, ie the 2 cod games, Balck ops 3 and moderwarfare remaster, should i re config the router?

Port 3074 is in the upnp log opened by this spec ops mode when it connects to online services, yet i still get this error, which makes no sense. If i was to open multi player it will have nat as open, both multi-player and this specops mode use the same port 3074.

Make sure your local firewall isn't blocking incoming connections. Also, some applications that use UPnP require network discovery to be enabled.

MiniUPnP should work fine for multiple consoles. Some models have forwarding issues with NAT acceleration, so I would try disabling that if the forwarding rule fails to appear on the router.

 

[e38BimmerFN]

What did you do or change that go you OPEN NAT on all of your gaming device?

omg merlin i love you, i just did a test after my router rebooted cause the isp's dhcp lease expired, and both my black ops 3 copeis report open nat, every thing seems to be forwarding propperly, so far hope it survives a reboot but so far its working perfectly with 2 pcs running black ops 3 open nat, xbox one open nat advanced warfare on xbox one open nat. i just need every one esle whith issues to check.
Ok so speck ops and gta v only things that are reporting the same nat errors.

also xbox one runs 3 operating systems
https://www.engadget.com/2013/05/21/xbox-one-runs-three-operating-systems/

 

[e38BimmerFN]

I'll see if I an find more information on this. Thank you.

It's based on PHP. That means you are open to a wide range of PHP-related security issues on top of everything else, as D-Link isn't using an up-to-date version of it (I didn't check which PHP version it was, but it definitely wasn't 5.6/7.x).