Test Request: UPnP Fix for Multiple Consoles playing the same game / static port outbound NAT

aniel

@chrcoluk said in Test Request: UPnP Fix for Multiple Consoles playing the same game / static port outbound NAT:

https://redmine.pfsense.org/issues/7727

yep me and my brother are on pc, we can't both have open not

chrcoluk

@aniel

Is very frustrating, the consoles have a test feature which allows debugging.

I cannot find a way in windows to simply diagnose and test upnp.

How are you even getting one peron on open nat on the pc, how are you testing it?

--edit--

Tired after a few hours of uno, but I fixed it had 2 devices using same port using upnp at same time, which I believe was the reason for this thread?

I will need to collate everything together I did and compile it into a report for the devs to look into.

aniel

@chrcoluk yes please and also can u share how u got two pc to be playing the same game at the same time and both have open nat?

DonZalmrol

I'm trying to get two computers (A and B) that are on the same network in open NAT in order to play Anno 1800.

What I did:

1. Enabled "NAT Reflection mode for port forwards" with Pure NAT mode

2. Checked "Enable NAT Reflection for 1:1 NAT"

3. Checked "Enable automatic outbound NAT for Reflection"

4. Under NAT -> Outbound mode have my NAT mode set to "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)" as I have some other services (e.g. mail and webserver) running that need a static port for NAT. *

5. Set my LAN network on which the computers reside to static port

6. Enabled "UPNP & NAT-PMP"

7. Checked "Allow UPnP Port Mapping"

8. Checked "Allow NAT-PMP Port Mapping

9. External interface = WAN

10. Interfaces = LAN

11. Checked "Log packets"

12. Checked "Deny access to UPnP & NAT-PMP by default"

13. Created as a test a non-scoped ACL entry "allow 1024-65535 MyLANNetworkRange/24 1024-65535"

14. Did a reset of the states

15. Restarted both computers

Question for Item 4 -> Do I need to have my outbound NAT mode set to Hybrid, or is it OK to have it in Manual mode?

Results: Computer A gets open NAT = success, Computer B gets strict NAT and multiplayer is offline. If computer B starts the game before A, the roles are reversed.

Any tips would be greatly appreciated!

PS: Have not yet checked "IP Options" under my LAN rule.

theprestigepacketfilter

@donzalmrol Your results are consistent with the expectations of your settings at this time. The only other workaround for end users at the moment is to use one of the workarounds mentioned earlier in this thread, or sit tight while more details and development are ironed out. Being subscribed to this thread (as you are since you have replied) will help you know when more progress has been made. Best of luck.

DonZalmrol

@theprestigepacketfilter Thanks for validating!

Another workaround is creating a new VLAN where the ISP its network is routed through, then place the 2nd computer in that vlan (by either cable or wireless), downside is that you bypass the firewall...

DeeSti

Add me to the list of users having this issue. Spent 5+ hours today reading through this forum, Reddit, etc. I can’t get two series X online with Warzone at the same time. If I move one Xbox over to my LTE router, everything is fine. I have the latest PFS release with outbound NAT rules and upnp with an allow list. The Xboxes test fine with an Open NAT. Warzone refuses to function on one.

DeeSti

I found a solution that actually worked for me for the meantime. I never noticed Warzone trying to NAT out 1024 also, so rbflurry's response (link below) was what I needed. A NAT from 3075->3075 and then another from 3075->1024 on the other console was what I needed.

https://forum.netgate.com/topic/152142/call-of-duty-modern-warfare-multiple-xbox-ones-upnp-and-nat-failure/8?loggedin=true

Still, I'd love to have a workable upnp solution in the future. Thanks!

Mkayze

I wish this was fixed...

hansaya

Like others have mentioned this is what helped me: https://redmine.pfsense.org/issues/7727#note-35

And I got both of the PCs to show open NAT. In my case I was trying to get COD to work so port "3074" works and this is what UPNP should have been doing automatically for us.

For what it's worth, I did have both PC's showing "Open" NAT types, and both were able to join each other's lobby, without upnp. I manually created port forwards and outbound mappings.

For outbound, I had:

192.168.1.48:3074 => WAN:13074
192.168.1.49:3074 => WAN:23074

For port forwards:

ANY:13074 => 192.168.1.48:3074
ANY:23074 => 192.168.1.49:3074

Marc05

@hansaya It'd be nice to have this tested on the latest dev snapshot. There seems to have been a lot of fixes with NAT.

aniel

@chrcoluk said in Test Request: UPnP Fix for Multiple Consoles playing the same game / static port outbound NAT:

How are you even getting one peron on open nat on the pc, how are you testing it?

do u still this question to be answered ? btw: i don't check this forum that often or at all

aniel

@marc05 said in Test Request: UPnP Fix for Multiple Consoles playing the same game / static port outbound NAT:

@hansaya It'd be nice to have this tested on the latest dev snapshot. There seems to have been a lot of fixes with NAT.

do u know if this is fixed in the latest dev builds ?

Mkayze

@hansaya Can you post a screenshot of your outbound and port forward rule? Thanks

hansaya

@mkayze sure
Outbound

Port forwarding

Port Aliases

Some of you ask to test on a dev branch and I might try that this weekend. I just need to make sure my vm backed-up etc.. before I attempt it.

Mkayze

@hansaya Thank you for that! I was finally able to get both PC's to not have strict NAT. Although one PC is still showing Moderate no matter what I do, not sure why. But this is way better than having it at strict.

Tested it on both PFsense and OPNsense and both work with this method.

hansaya

@mkayze My guess is you are not covering all the ports needed for the game(check both TCP and UDP). I do not have UPNP enabled and both machines are showing Open NAT for all call of duty games. Vanguard, Cold war, Warzone etc...

@aniel @Marc05 I tested the latest 2.6.0_devel and UPNP acts the same way. Both computers was on static NAT on outbound and UPNP turned on. First one to get online will get moderate NAT and the other gets strict. Without the static outbound rule both game shows strict as expected. UPNP seems to work as well since I can see the requests pop up on the upnp status page. However I only can see the requests from one of the computers(whoever makes the request first).

Marc05

@hansaya If this works, that means that static ports aren't actually necessary which goes against the general consensus. This is what pfSense does by default, and the only thing that would really be needed is for UPnP and NAT Reflection to be enabled. It would be really helpful if you could retest on latest dev again but skip setting any additional outbound rules with static ports (edit) unless there's specific ones that are known to need the option like with the switch.

vMAC

Unfortunately, this gives me moderate for both of my PS5s. I really wish we had a working solution to this..... 3 years later.

Marc05

@vmac That's exactly what you're supposed to get. The only way to get open NAT would be for the consoles to have a public IP themselves.