uPnP and Port Forwarding (Teredo Issues)

[Xruptor]

uPnP and Port Forwarding (XBOX Teredo Issues)

I'm having an issue on my lan where we have multiple gaming consoles. Primarily the issue seems to be with the two Xbox One's on the lan. There apparently is a problem with Xbox One and the Teredo protocol behind NAT. The port which is used is 3074. When this port is used by one of the console the other one is put in a moderate NAT. This causes complications during party invites and voice chat. Which at times also causes party function to disconnect completely. Now I've researched the problem and although there are a few ways to get around it the problem still persists until Microsoft fixes it. Its apparently a huge issue with their console. Until then I'm trying to work around the issue. Any assistance or suggestions would be great!

Router: Asus RT-N66U
Firmware: Tomato Shibby 1.28.0000 MIPSR2-121 K26 USB AIO-64K

Questions:

1) Does Port Forwarding override the port forwarding rules used by uPnP? It doesn't appear that this is the case but I wanted to ask just to make sure. You see when one of the Xbox One claims access to port 3074 the other Xbox One utilizes a completely different random port for the Teredo protocol. When this happens the systems function just fine. So I'm trying to see if I can force one of the systems to always utilize 3074 to make the other system always grab a random port number.

2) uPnP list seems to clear the port forwarding rule when the port is closed. Are these rules supposed to stay on the listing even if we un-check the cleaning process? On DD-WRT the port redirection map stays on uPnP list until it's cleared or the router is reset. Because of this the ports almost always get remapped properly when port 3074 is in the redirection list. I'm wondering if this functions similarity on Tomato?
The reason I bring this up is because no matter what I do port 3074 still gets claimed sometimes by both systems.

3) Is there anyway to force uPnP to assign a port always to a specific IP address? Is there anyway to force a port in general to a specific console so that uPnP causes the remaining console to establish a random port? I've tried several combinations but it doesn't seem to work right. Now I had some success with dd-wrt but honestly speaking I prefer the tomato firmware over dd-wrt. So I'm trying to find solutions to this problems utilizing tomato rather than dd-wrt.

4) is the uPNP different in dd-wrt than tomato? I thought they used the same daemon (miniupnp). You would think they function similarly.

BTW I have static IP assigned to both Xbox One consoles. When you perform a hard reset on both they show as Open Nat. It's not until the issue with port 3074 that one of them gets pushed immediately to Moderate NAT. This is what I'm trying to avoid.

I welcome any suggestions or advice!

 

[Xruptor]

No one has any ideas or suggestions as to what may be going on?

 

[Shikami]

Port forwarding always overrides UPnP. Therefore, you should only use UPnP which can dynamically handle the hosts; at least it should. When you punch-a-hole into NAT it is the only rule for that private host (IP). For example, if you have forwarding of TCP/UDP 3074 to xxx.xxx.xxx.002 those packets are only meant for .002. If you try the same rule for a different IP it should give you a conflict for that rule and IP for these type of NAT'ing devices.

UPnP is dynamic, used and then closed, after its usage; at least it is supposed to. When the port is opened it is between the host and the router to configure. The version of the daemon used can cause various results along with the coding of the port mapping protocol, UPnP, IGD. The host's handling of these protocols can cause various results too.

Curious, is your network behind two routers? In other words, a modem could be in use that performs routing, and if so should be disabled so as to be only able to pass packets to the router that would rather be used. Sometimes, most of the complications with NAT and UPnP are when two routers that are being used for NAT.

 

[Xruptor]

Curious, is your network behind two routers? In other words, a modem could be in use that performs routing, and if so should be disabled so as to be only able to pass packets to the router that would rather be used. Sometimes, most of the complications with NAT and UPnP are when two routers that are being used for NAT.

I will see if using a blackhole for the port will force the two xboxes to get random Teredo ports other than 3074. It seems most of the issues is when multiple consoles fight over this port. Apparently Microsoft has programmed the consoles to check for that port. If it's in use it opens a random port in the 50K range instead which seems to work better than relying on port 3074 always.

My Comcast Modem should not be routing anything. All network traffic should be routed to my Asus rt-n66u. I will have to double check to make sure but that should be how it's setup.

 

[Shikami]

Blackhole is really unnecessary. What is more important is the fact that you do, or dot not have two network (Layer 3) domains performing NAT. The problem is inherent with some NAT types when it comes to a port and for multiple IP's. You will need 1:1 NAT, or a proper configured network (https://kb.meraki.com/knowledge_base/11-nat-versus-port-forwarding). Configured meaning make sure the modem does not handle routing also, because they can, and do for every recent installation-especially the recent ones handed out for "free Wi-Fi."

Just post what the modem is. Also, some ports are specific and will not change; such as the XBox 3074 (http://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live). This is the very port for all game data.

BTW, there are 65535 ports with the first 1024 reserved. Such as DNS 53, 80 HTTP, 88 (is not) but is used for authentication; talking about XBox port usage. Most SOHO routers are only firewalls for ingress, not egress also. Meaning you can easily request a DNS request on port 53. When things like this and an XBox do not work, especially with UPnP, it is because of another routing/firewall/NAT device. This happens very very often. You just call and say bridge the modem, you are using your own router which is a really good idea with their new routers (https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=comcast free wifi bad).

 

[Xruptor]

Shikami thanks for the informative response. I really appreciate it. I'll get you that modem info once I get back home. I'm pretty sure I have it on bridged mode but I may be wrong.

 

[Xruptor]

Comcast Arris TM722G/CT. Need to get my sister off freaking Netflix so I can determine if the modem is in bridged mode lol

 

[Xruptor]

Okay, after looking it up apparently the Comcast Arris TM722G/CT is not a gateway/router. It's just a standard modem with straight data output. There is no option to set it to bridge mode because of this.

 

[Shikami]

Yes, that is a modem only device. So, it is possibly settings within the router or XBox settings. What are the settings for UPnP/NAT-PMP and such that you have toggled/enabled/disabled? Do you have any conflicting rules/scripts/configurations for the router? Automatic settings for the XBox's?

It is normal for one of the XBox's to be 3074 and another with a ephemeral port when there are two of them on same private network.

EDIT: One way to resolve the problem, is to place the second XBox in the DMZ.

 

[Xruptor]

Yes, that is a modem only device. So, it is possibly settings within the router or XBox settings. What are the settings for UPnP/NAT-PMP and such that you have toggled/enabled/disabled? Do you have any conflicting rules/scripts/configurations for the router? Automatic settings for the XBox's?

It is normal for one of the XBox's to be 3074 and another with a ephemeral port when there are two of them on same private network.

EDIT: One way to resolve the problem, is to place the second XBox in the DMZ.

I don't have any rules/scripts that would interfere with the uPNP. The settings are pretty much out of the box. I had port forwarding rules but I turned those off. I had to enable Port Triggering to open port ranges for the XBOX because of the multiple consoles. Unless this itself is causing issues?

Here is a pic of the triggered ports.

I do have both XBOX set with Static IP's on the router. That being said the settings for the XBOX themselves are both on automatic for DNS etc..

I don't mind if one of the boxes grabs 3074 so long as the other one triggers the ephemeral port properly.

Also from what I've read on other posts putting the other XBOX on DMZ supposedly still triggers the uPnP. So it doesn't really solve anything as they both will still compete for the same port(s) like 3074. That's what I've read of course but I could be wrong.

Thanks for your continued help!

 

[Shikami]

All the triggered ports are unnecessary, including the ranges that you have opened. UPnP is port triggering, but better. Triggering is dynamic and technically should only have one entry 3074. What happens when all of these are removed? You can back up the settings and restore afterwards.

 

[Xruptor]

I'll give it a try. Will save the configuration first before attempting.

 

[Xruptor]

I removed the port triggers. When I turned on (console A) it opened a port in upnp for 3074. However, the first time I booted (console B) it didn't grab a random port for Teredo as its supposed to (because port 3074 is in use). In fact it didn't show up in the list at all. So I turned it off and then I turned it back on again. The second time (console B) grabbed a random port for Teredo. It's really strange. This is why I was trying to force one of the consoles to always have port 3074 regardless. In essence forcing the second console to always rely on grabbing a random port.

I've tried combinations of force resetting consoles as well (hard boots) by holding the XBOX button. (BTW both are XBOX One's)

This may be an innate issue with XBOX One. Since there are so many people suffering from this same problem.

 

[Shikami]

Are the consoles using reservations for their IP's; are they static IP's?

Keep the forwarding list clean still for now, if you can. Besides, how you have it set is not how it works: http://en.wikipedia.org/wiki/Port_triggering.

Also, when the console B is not in the list does it shows through diagnostics to not be in the NAT preferred?

Curious, are you using IPv6?

 

[Xruptor]

Are the consoles using reservations for their IP's; are they static IP's?

Keep the forwarding list clean still for now, if you can. Besides, how you have it set is not how it works: http://en.wikipedia.org/wiki/Port_triggering.

Also, when the console B is not in the list does it shows through diagnostics to not be in the NAT preferred?

Curious, are you using IPv6?

Well both systems have static IP's on the router itself. The systems themselves though are set to automatic. Which they then grab the appropriate static IP from the router. I suppose I could always set their info manually.

I will continue to keep the port triggering list I had before removed. It didn't seem to be helping before and it's still the same now. So no point in keeping it around.

The Console does show up in the upnp list and assign 3074 if it's the first to boot up. The other one console ((console b)) when turned on won't show up in the upnp list at all. Unless it's forcefully reset. I think it's still trying to actively use port 3074. There are times where I can force both systems to use different ports but that requires musical chairs with turning on/off the systems. It's really odd actually.

 

[JustMeJon]

I am having the same issue and would like to state that someone from the ASUS support center told me to disable my NAT but all that did is prevent anything from connecting to the internet in the entire household and in addition to that I have not had any luck with one feature on my XBOX One. The issue is that I cannot join, start or even hear other friends when in a party chat.