Multiple Xboxes on the same network, Open NAT, cannot play together
-
Well maybe your consumer router is doing a shitty job and nat and is just doing a cone nat where once you open the port anyone can send traffic to your publicIP:port and get forwarded to your machine behind the nat?
But how does that solve an issue when game requires source port to be X? Is it really only require source port to be X thru Z? What is required to figure out your issue is understanding the ports used in the game and any requirements they have like hey this connection to destIP:port has to come from source port X?
Makes no sense why that would be a requirement to be honest Why would you give a shit what the source port is?? If that is the case it would seem they put in such a restrictions to prevent multiple players from all playing from the same IP..
Pfsense can clearly do nat reflection, and it can do UPnP so that would be exactly what your consumer router would be doing. How does that get you around any sort of source port restriction??
As to doing cone nat, it might be possible to do that.. It's not a option in the gui that I am aware of.. But I would think it possible.. Would not suggest it from a security point of view that is for sure. Can you not just get multiple IPs from your ISP.. This would be the best solution for sure!!!
-
I really don't think that the xboxes require source port to be x. I think that setting static source port made the xbox believe that it was behind a cone nat, which was creating one udp port for each source port, regardless of destination. Where it was really causing as many problems as it was solving.
I had to re-setup our netgear, my roommates could not stand it any longer. I will still experiment though, although it certainly looks like enterprise security and game consoles just don't mix. (Who is really that surprised?).
I will say, Johnpoz, you are really the voice of tough love on this forum, you are trying to help , but you don't tolerate bulls%&t, I thank you for it. I will look into doing a cone nat, but I am honestly looking at the x86-64 version of OpenWrt, It is a hack, but it is just consumer oriented enough that it might work. I cannot use any other enterprise routing solution like untangle or sophos, since they don't even have upnp as an option at all! I will re-install pfsense when I have a setup more under my control. I still think I must be missing something with my setup. I will research at a later day.
Or maybe I will just setup a completely custom setup with a linux distro, iptables, and miniupnpd. But god I hate iptables.
-
Or just get multiple IPs from your ISP would be the simple solution if you ask me.
-
Well maybe your consumer router is doing a shitty job and nat and is just doing a cone nat where once you open the port anyone can send traffic to your publicIP:port and get forwarded to your machine behind the nat?
But how does that solve an issue when game requires source port to be X? Is it really only require source port to be X thru Z? What is required to figure out your issue is understanding the ports used in the game and any requirements they have like hey this connection to destIP:port has to come from source port X?
Makes no sense why that would be a requirement to be honest Why would you give a shit what the source port is?? If that is the case it would seem they put in such a restrictions to prevent multiple players from all playing from the same IP..
Pfsense can clearly do nat reflection, and it can do UPnP so that would be exactly what your consumer router would be doing. How does that get you around any sort of source port restriction??
As to doing cone nat, it might be possible to do that.. It's not a option in the gui that I am aware of.. But I would think it possible.. Would not suggest it from a security point of view that is for sure. Can you not just get multiple IPs from your ISP.. This would be the best solution for sure!!!
I have played with this issue for years, and somehow my linksys router running DDWRT can pull off NAT "magic" to allow multiple xboxs to play online. It might be doing something outside the TCP/UDP/IP spec, but it works. When enabling UPnP the xboxs can see that if an inbound port is currently being used and it will pick a different one. Then all of the xboxs operate as if they have dedicated IPs. I am able to get similar UPnP functionality out of my pfSense box but I have never been able to replicate the NAT functionality.
It's a mystery that many have tried to solve in pfSense, but I have yet to see it work as well as some lesser consumer routers.
-
"xboxs can see that if an inbound port is currently being used and it will pick a different one."
"I am able to get similar UPnP functionality out of my pfSense box but I have never been able to replicate the NAT functionality."That is the really the whole point of UPnP.. Your saying that UPnP in pfsense does not do that?? Or just doesn't work with xboxes? If client 1 says hey I need port xyz forward to me.. The nat box doing UPnP should open that for them, if not should tell them hey pick another port that one is in use.
Can you sniff the UPnP traffic on your dd-wrt router and see what is going on? My guess is more that its just doing cone nat and has no security at all so that is why it works. I open a connection to IP-A from source publicIP:X… Then IP-B can then talk to me going to publicIP:X which is not secure.
The biggest issue to getting it to work is undertanding the communication required.. Since it never seems that any of these game makers actually point out what ports need to be used, or allow to change ports, etc.
Why can you not go into the game on console 1 and say use port X, then forward that port on your router. Then go into console 2 and say use port Y and go into your router and forward Y to that console, etc.
-
Hi All,
Apologies for digging out an old thread. I am suffering this exact issue and have not been able to find a resolution. I ask the question against this thread because this is the most in depth thread I have found and looks to have a real grasp of the issues.
Did anyone find a resolution that doesn't require more than one IP from the ISP?
Thanks
CV8R -
Hello,
I had the same issue with many games (Warframe, Red Dead Online, Destiny 2) on Xbox.
The tips is check Static Port for the 1 console (Menu NAT Outbound) and don't check Static Port for the second.
The second Xbox will appear with NAT Strict but you can invite and play together in Warframe for example.you must activate Pure NAT also.
Now it's OK for me in all game.
I will do a complete tuto for multiple Xbox One.
Edit 19/06/19 :
Hello,
I did a full howto for Xbox One without UPnP/DMZ.
Topic : https://forum.netgate.com/topic/144291/howto-multiples-xbox-play-together-without-upnp-dmz
Howto : pdf : https://forum.netgate.com/assets/uploads/files/1560932072924-pfsense_multiples_xboxone_v0.1.zip -
Hello,
I just happened to check back on these forums, it has been quite a while. And noticed a few people asking what happened.
I never found a good solution, and I believe (maybe incorrectly) that the issue's root cause is the underlying BSD Packet filter (pf) from what I read, pf is only capable of setting up a symmetrical NAT. Which maybe ideal for many enterprise applications, causes problems with gaming. Many games need a cone nat to operate properly (This is what "gaming mode" does on most consumer routers that have it). UPnP is also supposed to resolve this, but at the time (3 years ago) minupnp was not solving the issue, and I solved it by using another router installation that was based on Linux's netfiltering (iptables). Still like PFsense, but it never worked correctly for my setup with multiple xboxes behind one nat, all trying to play together in the same party.
-
Now you can play together with multiple consoles with Open NAT
https://forum.netgate.com/topic/168376/multiple-xbox-consoles-with-open-nat-and-working-play-together
-
https://forum.netgate.com/topic/169837/upnp-fix-for-multiple-clients-consoles-playing-the-same-game
The patch above looks like the solution. I am taking some time to test it. But if you find this old post, try the stickied patch thread above. That looks to be the real solution.