Call of Duty games switch from Open to Moderate

PrototypeActual

So I have all the necessary settings set up and nothing has changed in regards to changes to pfSense, new programs, or an antivirus update. For some reason every game works well getting ports open with UPnP on my PC; except any of the Call of Duty games. At first Infinite Warfare went from Open to Moderate (I did notice this is a problem as my friend has this problem on their Xbox One despite the previous series COD games having an Open NAT). Previously I had to open Call of Duty Remastered, exit, and then open Infinite Warfare in order to have an "Open NAT" connection. Every so often Black Ops 3, and COD Remastered go from Open to a Moderate NAT connection. I make no changes to anything within pfSense or my PC that would cause this to happen. Any other games like Gears of War display an Open NAT status and I can see UPnP opens the necessary ports.

Double K

Do your firewall logs show any traffic being blocked on ports 3074, 3075, 3076 on the WAN interface?

Reference: https://support.activision.com/articles/en_US/FAQ/Ports-Used-for-Call-of-Duty-Games

PrototypeActual

I'll check this again the next time it happens as I didn't notice anything blocking the connections. But like now I have an open NAT connection with both COD games (aside from Infinite Warfare due to confirmed issue with the game).

PrototypeActual

@Double:

Do your firewall logs show any traffic being blocked on ports 3074, 3075, 3076 on the WAN interface?

Reference: https://support.activision.com/articles/en_US/FAQ/Ports-Used-for-Call-of-Duty-Games

Checked the logs and I found nothing blocking the connections or causing the ports to be restricted. Is there a way I can check to see if my ISP is the one that could be causing this issue?

Double K

Here's what I found with ours;

The XB1 running CoD sets up a Demonware port in UPnP and makes a connection to the Demonware (Activision CoD) server using the server port 3074 as the destination.
However, Demonware then makes a separate connection from a different server on server port 3075 to port 3076 on your public IP address.  It only does this once.  pfSense CE's normal behaviour is to block this unsolicited traffic.

As soon as I created a NAT forward source: Any:3075 destination: WAN address:3076 to the XB1 & the associated firewall rule, I got open NAT in CoD. (Now of course I changed Any to the Demonware IPs for better security, but this was just for the test)

So it seems,
If you are not forwarding (nor permitting in the firewall rules) port 3076 to your XB1, you will get NAT type moderate in CoD.
If you are forwarding (and permitting in the firewall rules) port 3076 to your XB1, you should get NAT type open in CoD.

Of course, this Demonware/Activision server configuration/behavior means that only 1 XB1 can get an open NAT type in CoD due to the NAT forwarding of port 3076 to only 1 XB1.  We have multiple XBox's & PC's, so only 1 XB1 can get an open NAT type in CoD.

In your case, you might want to verify that you have a NAT forward & permit rule of inbound WAN destination port 3076 to your PC.  In fact, I would suggest logging this traffic so that you can see the inbound successful connection.  Because if you don't see the inbound packet at all,  it means it's being blocked farther up your WAN (like your ISP)

Also, feel free to post a screen shot of your Status / UPnP&NAT-PMP page while the game is running (which should show your Teredo port & your Demonware port).