What's new

UPnP - Multiple Xbox One Gaming Consoles & NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Interesting. I've seen this port restricted cone nat before on other older routers. They also had a EndPoint Independent selection as well. I recently tested this and from what my results are, any port restricted or address restricted causes Moderate NAT in game on the 2nd console. When Endpoint Independent is selected, we see OPEN NAT in game on the 2nd console.

ohh oooh oooh o found this thingy, check it its a nat test thing.
http://nattest.net.in.tum.de

My results
 
Yep that's the issue right there, but what baffles me, is that cod gets open nat on both PC's after Merlins fix that involves masquerade rules, but nat is not picked up as symmetric or full cone I wonder if it's possible change it to symmetric NAT via IP tables, looks like I have to ask miniupnp dev mabye he knows more.
 
So it a combination of port restricted and address restricted cone NAT. Not quite full cone not quite symmetric.

(Address)-restricted-cone NAT
  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.
  • An external host (hAddr:any) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:any. "Any" means the port number doesn't matter.
Port-restricted cone NAT

Like an address restricted cone NAT, but the restriction includes port numbers.

  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.
  • An external host (hAddr:hPort) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:hPort.
 
Nice little thingy man. Heres my results for the R7800:
http://nattest.net.in.tum.de/individualResult.php?hash=6bb3221b01a4e167f0badf30638c8e99

Say Full Cone NAT for the R7800. Going to run this test on other routers I have.
Merlin said that in that router it's most likely a black box or closed source, impmentation.
Also do you have any pc games with rockstar social club like gta v I'd be interested in what nat reading it gives also battle born, and mw3 spec ops, my r8000 used to have open nat in gta.
 
I'll try ip tables again tomorrow to see if it works.
 
Yes, these are the same nat features I see on older D-Link routers. They had all three selectable features...They started removing them around the 2011/12 time frame. The feature was still in the FW however the user selections were hidden in the UI. This feature is no longer in there newer generation models.

So it a combination of port restricted and address restricted cone NAT. Not quite full cone not quite symmetric.

(Address)-restricted-cone NAT
  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.
  • An external host (hAddr:any) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:any. "Any" means the port number doesn't matter.
Port-restricted cone NAT

Like an address restricted cone NAT, but the restriction includes port numbers.

  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.
  • An external host (hAddr:hPort) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:hPort.
 
Seems to be FULL CONE NAT on the R7800.

At any rate, nice tool to find what router is using for NAT kind. I'll start using this and put the GT-5300 back online later today and start collecting data. This is good stuff. Just what we needed.

Merlin said that in that router it's most likely a black box or closed source, impmentation.
Also do you have any pc games with rockstar social club like gta v I'd be interested in what nat reading it gives also battle born, and mw3 spec ops, my r8000 used to have open nat in gta.
 
Open or secure nat filtering on the netgear, I think it's a switch between full cone and symmetric
 
I presume so. All I do know is that this model router doesn't have problems with two consoles and getting OPEN NAT on both in game. I've posted this link else where and have asked a couple of people I know to check there routers. Will be interesting too see results from various Mfrs and models. I'll check the GT later on today. I can't do any testing right now as others are using the internet.
 
Last edited:
  • NAT Type 1 (Open) – You are either NOT behind a router/firewall OR you have already DMZ enabled. You shouldn’t run into any issues whilst gaming, but this may cause security issues.
  • NAT Type 2 (Moderate) –Your PS3/PS4 is connected properly and you shouldn’t run into any issues.
  • NAT Type 3 (Strict) – You may be able to connect to the PSN and perform downloads/updates other functions may not work as intended.
Found that on a gaming site. The best I can get is NAT Type 2 which is secure and Open. I have never seen any PS4 owner get NAT Type 1.
 
The GT NAT will be 100% identical to any other Broadcom-based Asus router - it's the exact same NAT code.

I know for a fact that the R7800 uses proprietary NAT code, it's not just speculation:

Code:
merlin@ubuntu-dev:~/netgear$ find R7800-V1.0.2.32_gpl_src/ -name ipt_CONENAT.ko
R7800-V1.0.2.32_gpl_src/git_home/kmod-conenat.git/ipt_CONENAT.ko

Again, you guys are just putting far too much emphasis on the NAT type... And you need to look at the more important fact that Full Cone NAT *IS* a security risk versus more restrictive NAT types. It pretty much nullifies part of what an SPI firewall does.

Security should be far more important than having two consoles report a magical open NAT mode. If games need that security issue to work properly, then the game code is broken, and needs fixing.
 
Merlin has a good pint. Security is most important. I think there are more important things in life than having an Open NAT. :)
 
Unless our PS is directly connected to the ISP Modem, you won't see NAT1 while behind a router...

  • NAT Type 1 (Open) – You are either NOT behind a router/firewall OR you have already DMZ enabled. You shouldn’t run into any issues whilst gaming, but this may cause security issues.
  • NAT Type 2 (Moderate) –Your PS3/PS4 is connected properly and you shouldn’t run into any issues.
  • NAT Type 3 (Strict) – You may be able to connect to the PSN and perform downloads/updates other functions may not work as intended.
Found that on a gaming site. The best I can get is NAT Type 2 which is secure and Open. I have never seen any PS4 owner get NAT Type 1.
 
I agree security is important. However NAT is import for gaming as well. This is about gaming and when it comes to multiple game consoles playing online and using game game, it's very important for OPEN NAT to be achieved. Yes Moderate NAT may work ok for some, however I have personally had bad experiences when Moderate NAT is seen in game with group chat and connecting to gaming lobbies. I see much less issues with both consoles are getting OPEN NAT.

I maybe putting some emphasis on NAT however I'm trying to narrow down where the problem is coming from. And this is what I'm seeing in my testing. Both old and newer generation routers and these games. I do hope that even if the problem isn't actual NAT, I want to bring this to light and get everyone involved to get it fixed. Regardless of where the problem is. Its not just about getting what we have currently fixed right now, however coming up with some work rounds for those effected would be nice.

We call know theres more to life then OPEN NAT and all this other stuff. However non the less, nothing wrong in OPEN NAT either for those who want it.

Some of this points to testing I believe with the gaming services, that may or may not have done any mutltiple game environments. I presume maybe if this had been tested years ago, possible that all of this wouldn't be a factor. However since MS has mentioned that a new network PORT feature is being added to the Xbox1, I presume maybe MS has finally started some multiple gaming console test. We'll see.
 
Last edited:
The problem here is people not fully understanding what these reports actually mean. Having NAT2/Moderate is not a bad thing, it's actually what you should be having. Getting NAT1/Open means your gaming console is not being NAT'ed at all, which is a bad thing, your router/firewall is essentially exposing your consoles IP directly on the WAN interface without any kind of security at all.

Why on earth would you ever need to have your gaming consoles IP fully exposed on the Internet? Online gaming has been going on for years, and pretty much all home networks due to the limitation of IPv4 have always used NAT translation to translate your single public IP address into several local IP addresses. Regular port forwarding is perfectly fine for all other online gaming, why should it be any different for a gaming console?

And it should be completely impossible to have two Xbox One's reporting Open NAT on the same network. As you most likely only have one public IP going into your home network, how would you be able to give two consoles their own fully exposed IP when your entire network only has one public IP to begin with?
 
Users need to remember there are different meanings on gaming NAT types. SONY and MS differs.

However history, at least for me and others say that it is possible to have two or more game consoles online and at least, on the networking dashboard of xboes, we see OPEN NAT. Symmetric or FULL CONE. I have tested two and three consoles where we get OPEN NAT IN GAME on all consoles when using FULL CONE NAT routers. So this has been possible and I believe it is still possible if those that be take a closer look at Symmetric NAT, Game code , uPnP and all thats involved for gamers with two or more game consoles running, especially for same game being played on all of them at the same time.

I presume if that what MS/Sony and game dev's intended, and of course this is what we have been experiencing on those routers that seem to give this support to more than just one console, then I presume all consoles should be OPEN NAT, even with same game running. This is what I've been testing and put in that badmodems post with all the various routers i've tested and also find differences in NAT kinds on each model tested..seems to play a role in all of this. I presume gaming standards are what needs to be really looked at and those that be, need to figure this out....

Did you not see the MS new feature post that maybe coming out?
 
Last edited:
Did you not see the MS new feature post that maybe coming out?

It's not maybe, the feature is already available to members of the insider program. I have the feature on my console right this moment, however I only have one console so I can't test its effectiveness.
 
Reason why I said maybe is that its not been released and ya, only to the preview program. I have one console that got an update the other day however I didn't see the feature in there. :oops:


Ya single game consoles are really effected.

It's not maybe, the feature is already available to members of the insider program. I have the feature on my console right this moment, however I only have one console so I can't test its effectiveness.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top