Is UPnP the reason my games don't work?
-
@semtex99 said in Is UPnP the reason my games don't work?:
OPT2 interface (where my router is connected to)
What router ?
@Gblenn said in Is UPnP the reason my games don't work?:
since UPnP does indeed reduce security in your network
Humm, I'll share you my point of view :
A process 'upnp' that listens on LAN, and open firewall port 'on command' and NATs traffic to that device (or any other device) on command.
No, thanks.
I already have to trust the firewall, and with unpn I also have to trust the application(s) I install on my LAN networks ...upnpn is nice to automate NATting, I fully understand
Its 2025 and are there are still game servers that need upnp ..... wow, I thought unpn was by now abolished....
@Gblenn said in Is UPnP the reason my games don't work?:
With some testing, and checking what ports various games require
If a game server needs to reach the client app, hidden behind a firewall (like pfSEnse, or any other firewall), the the game server creator will detail this out during the installation by showing a FAQ, or a manual or whatever, because the 'game' will fail to run.
The big players, like Blizzard (WoW, my past ... 2005 ?) completely abandoned the need for NAT, or unpn for that matter.Game servers that like to control your hardware right through your firewall... ok, but I would throw all these devices in some sort of DMZ network, totally isolated form all my other LAN type devices.
-
@Gertjan said in Is UPnP the reason my games don't work?:
The big players, like Blizzard (WoW, my past ... 2005 ?) completely abandoned the need for NAT, or unpn for that matter.
What do you mean Blizzard abandoned the need for NAT or UPnP?? Where do you get that from? It's rather the opposite I'm afraid...
Sure, you can play the campaign, and yes will be able to play online on a public server even when you have what's referred to as Strict NAT.
BUT, the second you want to host a game, or play a Private match with your friends, you will need as a minimum to get Moderate NAT and preferably at least one of you shold have Open NAT (the one hosting the game). There is no way you get Open NAT without either UPnP or doing a lot of manual configuration on your port forwarding and outbound NAT rules... -
@Gblenn said in Is UPnP the reason my games don't work?:
What do you mean Blizzard abandoned the need for NAT or UPnP?? Where do you get that from?
Back then, I used my crappy ISP (USB based ?) 'thing', no upnpn for sure, and it wasn't needed.
The I switched to M0n0wall, (from which pfSense was forked a bit later on) : no upnpn.
I still manged to go to '90'.We used to gather up, build a 'massive' MAN, and played together, it was a "bring your PC, hookup the Ethernet cable, and play' experience.
On my pfSense, I never activated the upnpn.But ok, these are my experiences from way back.
Maybe things changed. Not for the better I see.
Humm, as said, needed but well hidden. Great
@Gblenn said in Is UPnP the reason my games don't work?:
online on a public server
Public ? The official Blizzard servers. Why ? Are their 'private' servers now ?
-
@Gertjan said in Is UPnP the reason my games don't work?:
What router ?
Sorry, access point, the Asus RT-AXE7800 in AP mode I mentioned earlier
@Gblenn said in Is UPnP the reason my games don't work?:
With some testing, and checking what ports various games require and checking the status page for UPnP when playing, you can limit the allowed ports dramatically.
This does also seem interesting, I will try to see what ports get used by the various games I play to see if I can make my network more secure. I did notice that most games only use ports in a certain relatively small range, only Pavlov VR uses ports from 20000 to 60000 from what I've seen so far.
For now the practicality of UPnP weighs heavier to me than the potential security risks. I just want to enjoy the games I play with my friends and I'll try to narrow the security down later as my network grows. For example I still have to test if both me and my gf's Wii still work with Mario Kart CTGPR and online play. In that case I just want to play online and not have to figure out which ports I have to pass
-
@Gertjan said in Is UPnP the reason my games don't work?:
Back then, I used my crappy ISP (USB based ?) 'thing', no upnpn for sure, and it wasn't needed.
The I switched to M0n0wall, (from which pfSense was forked a bit later on) : no upnpn.
I still manged to go to '90'.We used to gather up, build a 'massive' MAN, and played together, it was a "bring your PC, hookup the Ethernet cable, and play' experience.
On my pfSense, I never activated the upnpn.Haha, that sounds much like my "journey" as well, starting over 20 years ago with a bunch of friends who I still today regularly play online with, private server matches only.
It started as a small LAN party style in a living room, and evolved into playing online once a week. My firewall/router was a WRT54GL running DDWRT and moved on to Smoothwall and back to DDWRT before settling on pfsense....@Gertjan said in Is UPnP the reason my games don't work?:
Public ? The official Blizzard servers. Why ? Are their 'private' servers now ?
I guess Blizzard (or should we say Microsoft?) is about several things, and I suppose most people recognize them from battle.net where you buy and download the game. But sure, I guess for some of the games they developed and maintain, they also host Public servers, as a means to promote online gaming.
These, and others, are all those you get listed within the game you are about to play. It probably contacts Blizzard, or Steam, to get the IP's of the servers and then list them preferably in order of lowest latency.Private servers exist as well, sometimes even visible in those lists, often with a Padlock next to them, indicating they are Password protected. OR, they are just temporary during matches between groups of people.
Like you can do with nearly all Call of Duty games, post World at War from 2008. You set up your Private match from within the game, and have your firends join you from their friends list or an invite you send them.And THIS is what needs at least Moderate, but preferably Open NAT, or they will not be able to join... UPnP is a huge help in this, and is used on pretty much every consumer router as well.
-
@semtex99 said in Is UPnP the reason my games don't work?:
This does also seem interesting, I will try to see what ports get used by the various games I play to see if I can make my network more secure. I did notice that most games only use ports in a certain relatively small range, only Pavlov VR uses ports from 20000 to 60000 from what I've seen so far.
For now the practicality of UPnP weighs heavier to me than the potential security risks. I just want to enjoy the games I play with my friends and I'll try to narrow the security down later as my network grows. For example I still have to test if both me and my gf's Wii still work with Mario Kart CTGPR and online play. In that case I just want to play online and not have to figure out which ports I have to pass
If you google the game name and port forward, you will get a lot of pages with support information. Sometimes even outlining how to do port forwarding or UPnP on various routers. Often the publisher, or Steam, Blizzard have support pages with this information as well. Use those ports to start with. Setting static port may also narrow things down and could be helpful if you are more than one person playing on line at the same time (same game).
For Pavlov VR, are you sure it actually needs any ports forwarded? As I read it that is mostly if you host your own server that needs to be publicly visible... The fact that it ends up with those high ports could simply be masquerading, and they will change every time...
You could test it and just turn off UPnP to see if it works. When testing these things you need to remember to do a ipconfig /release ipconfig /reload on your gaming PC. Otherwise there is a risk that some states are left over from before you make changes...
-
@Gblenn Good to know! When I get home from work I'll see what ports are needed.
@Gblenn said in Is UPnP the reason my games don't work?:For Pavlov VR, are you sure it actually needs any ports forwarded? As I read it that is mostly if you host your own server that needs to be publicly visible... The fact that it ends up with those high ports could simply be masquerading, and they will change every time...
I suppose I might not even need UPnP with the allow from OPT2 to any rule if I just want to join other people's servers...
@Gblenn said in Is UPnP the reason my games don't work?:
You could test it and just turn off UPnP to see if it works. When testing these things you need to remember to do a ipconfig /release ipconfig /reload on your gaming PC. Otherwise there is a risk that some states are left over from before you make changes...
Will do, thanks for the heads up!
-
@semtex99 said in Is UPnP the reason my games don't work?:
I suppose I might not even need UPnP with the allow from OPT2 to any rule if I just want to join other people's servers...
Exactly, but many games will need a bit more to work well and connect with all servers. It depends a bit on the server side as well...
-
@Gblenn I've done a bit of testing with UPnP disabled and only the allow from OPT2 to any rule, and everything seems to work! The only thing that I get is a moderate NAT on Call Of Duty, but it hasn't inhibited me from playing any matches. I've also only tried PC games for now, tomorrow I'll try some consoles like my PS3 and Wii and see how well that works
-
@semtex99 With Moderate NAT you will be fine for the most part, especially when playing on public servers since they are typically set up to have Open NAT. With Moderate NAT you will even be able to play private matches in CoD, as long as your friends also have at least Moderate or Open NAT.
There is one odd thing with MW2 (the old 2009 version) if you play that? It will not report anything but Strict NAT unless you have UPnP enabled. Even though it does work fine if you set up port forwarding manually...Perhaps make some tests with and without your Static Port rule in your Outbound NAT settings as well, to see what you get from that.
