Call of Duty Modern Warfare - Multiple XBOX Ones / UPnP and NAT failure
-
I successfully have two Xbox ones reporting open NAT for MW. I have upnp enabled and the following nat and port forwarding rules.
Port Forward:
Outbound NAT:
Port 1024 and 3075 were ports I had observed MW trying to utilize via UPNP from time to time. Using the Options menu in MW you can see what port it is trying to use via the internal IP setting.
56901 and 55010 are the alternate ports I selected on each xbox to use xbox live services. See (https://answers.microsoft.com/en-us/xbox/forum/all/how-does-alternate-port-selection-work/287cb06c-f09b-47a3-bf77-103cbb76c74a)
-
@rbflurry Thanks for the follow up? What are ports 1024 and 3232? Are these ports you've assigned your xbox?
-
@iamreesethegeek I updated my post above. 1024 was a port I saw MW trying to use from the options menu. 3232 was a port I randomly picked to use but this only resulted in a moderate NAT type for that xbox.
-
@rbflurry Thanks, this worked great to get both of my XBOX Ones to show Open NAT. Wondering if you've had any experience with high jumps in latency while playing Modern Warfare. My ping will run anywhere between 42ms to 78ms at the highest, but it will jump every 10-15 seconds to around 230ms in-game. When this happens, the three yellow squares signifying packet loss will show up on screen.
Wondering if there is a setting I should try to fix this. Never had this issue with my connection before, only after I installed my PFSense router do I have problems.
EDIT: Disabled hardware checksum offloading and that seems to bring the ping substantially down. I'm getting normal pings in game between 42 and 58 (as expected), but I'm still experiencing those spikes up to either 150ms or as high as above 200ms.
-
@rbflurry hello - when you said you enabled upnp, did you open it for all machines, or did you do the usual - Default deny and then grant ACL for specific machines?
@thunderman When I followed just your instructions without having to enable uPnP, my sons (one playing MW on Xbox, and another playing on a PC ) complained they would freeze, and the XBox would say Checking Services. Also what is the significance of having Static ports checked in both of @rbflurry 's Xboxes vs not?
-
This is how I have it, but to be honest I have not locked it down any further.
-
@rbflurry Thank you.
-
Ich habe das gleiche Problem mit 2 PC's. kann ich für die beiden PC's die gleichen Ports (3075 und 1024) verwenden wie bei X-BOX oder werden für die PC Spieler andere Ports von Activision
bereitgestellt?VG, Thomas
-
This might help others with multiple xbox's behind the same public IP. I'm specifically talking about Halo 5, but it could pertain to other games as well....
For anyone else that is still having a problem, I have a potential solution that allows multiple XBOX's connected behind a single Internet IP address achieve an open NAT on XBOX Live, and work with Halo 5.
I use OPNsense as my firewall, but the same steps will work on PFSense or any other firewall that allows you to configure inbound port forwarding and outbound PAT (port address translation).
I noticed that most posts that include a "fix" for the XBOX Live Open NAT issue will tell you to configure an outbound NAT rule for the XBOX and choose the option "Static Port". This will help you achieve Xbox Live Open NAT, but it's like using a bazooka to kill a mosquito. All traffic from the XBOX will preserve the original source port no matter what which doesn't work well with Halo 5 and multiple XBOX's.
XBOX traffic uses a lot of multicast and UDP packets. By looking at the traffic, I discovered that certain UDP/TCP packets will use the XBOX configured port as the source port of the packets. I also discovered that when a Halo 5 match starts, both of the XBOX's in my house were creating a UDP connection to the exact same host using the exact same source port and destination port combination at the exact same time. This is a HUGE problem if all packets are being statically translated, because the firewall won't know how to properly create a stateful connection for both XBOX's. The only way around this is to let the firewall dynamically remap the source port of the outbound traffic to ensure a unique UDP connection in the stateful database for the appropriate XBOX.
Long story short, IMO you need two things to get an open NAT in XBOX Live and for Halo 5 to work:
-
Configure each XBOX to use a unique static IP address and a unique static port. It's in the network settings area of your XBOX and very easy to do. You can use 3074 for one of the XBOX's if you want to, but I recommend using something in the 50,000 range. It's probably a safer bet and I didn't look at the traffic for an XBOX configured with 3074. Create a TCP/UDP port forwarding rule on your firewall for each XBOX's static IP address and its associated static port. You could use UPnP, but either way you're doing the same thing. Each XBOX will get its own unique port and a hole in the firewall to allow internet hosts to originate TCP and UDP traffic to that port. I prefer not to use UPnP because of security concerns.
-
Configure a manual outbound NAT rule matching only UDP traffic for each XBOX using the corresponding static port as the source port and choosing the "Static Port" option. What you're doing here is telling the firewall do not dynamically PAT (port address translate) packets from my XBOX if they are UDP packets and the source port of the packet matches the static port you configured in the XBOX. For everything else, go ahead and dynamically translate the source port to ensure a unique connection in the stateful database of the firewall. By doing this, when Halo 5 starts those packets that are going to the same destination using the same source port and destination port combinations will get a remapped source port in the firewall database and therefore the return traffic will route back to the correct XBOX.
I hope this helps someone else that like me is trying to get to SR152 and also has a wingman in the same house with them.
-
-
This post is deleted!