Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP Fix for multiple clients/consoles playing the same game

    Scheduled Pinned Locked Moved Gaming
    109 Posts 22 Posters 63.9k Views 29 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ Offline
      jimp Rebel Alliance Developer Netgate
      last edited by jimp

      Thanks to analysis by @encrypt1d we were able to determine the last piece of the puzzle to solve NAT issues with multiple UPnP clients using the same game.

      Redmine Issue: https://redmine.pfsense.org/issues/7727

      There were multiple components necessary here:

      • miniupnpd needed the ability to add the correct outbound NAT rules corresponding to the ports it used for inbound port forwards
      • The firewall ruleset needed NAT anchors to ensure that the rules from UPnP would be matched before automatic outbound NAT or manual outbound NAT rules

      The version of miniupnpd in current releases of pfSense Plus and CE software adds the NAT rules, but a patch is required to setup the appropriate NAT anchors:

      diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
      index d36d6df2e2..5a7c21bc2a 100644
      --- a/src/etc/inc/filter.inc
      +++ b/src/etc/inc/filter.inc
      @@ -2091,6 +2091,8 @@ function filter_nat_rules_generate() {
       
              $natrules = "no nat proto carp\n";
              $natrules .= "no rdr proto carp\n";
      +       $natrules .= "binat-anchor \"miniupnpd\"\n";
      +       $natrules .= "nat-anchor \"miniupnpd\"\n";
              $natrules .= "nat-anchor \"natearly/*\"\n";
       
              $natrules .= "nat-anchor \"natrules/*\"\n\n";
      

      That patch can be applied using the System Patches package. Create a new entry and either use commit id 3b50f7656967fbb4daa869a7ae6d18bc5ab6eec3 OR paste in the diff, then save and apply changes.

      After applying the fix, either reboot the firewall OR trigger a filter reload (Status > Filter Reload) and then reset the state table (Diagnostics > States).

      It was too late for this change to be included in pfSense Plus 22.01 or CE 2.6.0, but it will be in the next release. The fix has been merged into development branches and will be in snapshots soon.

      The patch is also available on Github and on the Redmine issue.

      Static port manual or hybrid outbound NAT rules are NOT required with this fix in place, provided the game in question uses UPnP. Such rules can be removed in many cases as they are no longer necessary.

      Anyone running a build with the fix included, whether it is a development snapshot or the patch applied to 22.01/2.6.0 or even 21.05/2.5.2 is welcome to provide feedback.

      Thanks!

      Please keep this thread on topic and only post about whether or not the fix worked including information about the platform(s) and game(s) involved. This isn't a thread for commentary, discussing development, or anything else, only for test results. Unrelated comments will be removed.

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      D JeGrJ Y 3 Replies Last reply Reply Quote 12
      • jimpJ jimp pinned this topic on
      • jimpJ jimp referenced this topic on
      • jimpJ jimp referenced this topic on
      • D Offline
        DonZalmrol @jimp
        last edited by

        @jimp & @encrypt1d fantastic!
        I have applied the patch and will test it out this week.

        5b62be98-9dfb-445d-8ab8-6d198192831b-image.png

        1 Reply Last reply Reply Quote 1
        • JeGrJ Offline
          JeGr LAYER 8 Moderator @jimp
          last edited by

          @jimp said in UPnP Fix for multiple clients/consoles playing the same game:

          The version of miniupnpd in current releases of pfSense Plus and CE software adds the NAT rules, but a patch is required to setup the appropriate NAT anchors:

          Current means CE 2.5.2 as well as CE 2.6 (and 21.05 as well as 22.01)? Just to check :)

          Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          jimpJ 1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate @JeGr
            last edited by

            @jegr said in UPnP Fix for multiple clients/consoles playing the same game:

            @jimp said in UPnP Fix for multiple clients/consoles playing the same game:

            The version of miniupnpd in current releases of pfSense Plus and CE software adds the NAT rules, but a patch is required to setup the appropriate NAT anchors:

            Current means CE 2.5.2 as well as CE 2.6 (and 21.05 as well as 22.01)? Just to check :)

            Yes, the fix was discovered too late to include it in 22.01/2.6.0, so those need patched as well.

            It will be in whatever the next release is after (e.g. 22.05) but until then the patch is required.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D Offline
              DonZalmrol
              last edited by

              Had moment to test, unfortunately not working for Anno 1800.

              Computer A:
              44a63392-9fa6-4a47-8acb-25ce14a09fb4-image.png

              Computer B:
              bdf73530-318b-4327-a452-c8a8add143a6-image.png

              however it improved a bit, I now get nat type open/moderate instead of both strict.

              If you tell me which logs you need, I'll happily test again and provide them.

              PS: It seems that the UPnP & NAT-PMP status stays empty now, no sessions are logged.
              ea24f32e-2e3b-4a6d-b894-c477d0a27f67-image.png

              M 1 Reply Last reply Reply Quote 0
              • P Offline
                pcross616
                last edited by

                I have applied the patch to 2.5.2 and have tested without any Hybrid port mappings. I have 6 console and 4 PC all receiving OPEN nat. Apex, Sea Of Thieves all are working as expected. I will continue to test and see if anything that was failing previously has any issues. So far looking good.

                Thanks!

                1 Reply Last reply Reply Quote 2
                • R Offline
                  rivageeza
                  last edited by

                  Updated from 2.5.2 to 2.6.0 then to plus 22.01.

                  Tested with Warzone, PS5 and PC, both wanting to use port 3074 and it worked. Son and I can play in the same game, it's brilliant. Issue resolved for me.

                  1 Reply Last reply Reply Quote 1
                  • M Offline
                    Marc05 @DonZalmrol
                    last edited by

                    @donzalmrol That's certainly odd. Try rebooting the computers/pfSense and then test again. Make sure to remove any manually added Outbound NAT rules.

                    D 1 Reply Last reply Reply Quote 0
                    • W Offline
                      whiteshadow
                      last edited by

                      No fix here.

                      playing COLD WAR or VANGURD. Both PC players. Applied the patch and restarted pfsense box. Shows open for one and the other pc gets connecting to finally, unable to connect. I collected tcpdump collected will review

                      Tried on my Sons pc as well and same issue.

                      Trace shows conversation over port 3074 so it "seems" like it worked but doesn't always show under "status > upnp" or under states (see rst pckt so expect state to be clear).

                      Settings:
                      running: 2.6.0

                      System > Advanced > Firewall & NAT >
                      "NAT Reflection mode for port forwards" : Pure NAT
                      Enable automatic outbound NAT for Reflection : checked
                      Enable NAT Reflection for 1:1 NAT : unchecked

                      Nothing in "port Forwarding" for these pcs just my "calibre and minecraft server"

                      Firewall > NAT > Outbound
                      Hybrid : set
                      Mappings: alias name for my PC's set to static port <-- is this what is killing me?

                      Snip:
                      https://drive.google.com/drive/folders/1rPumILNl6trWzYoMOh_d-Id1dJ8_O2pC?usp=sharing

                      plug my netgear router and no issues.

                      update:
                      Error for Cold War: Negative 345 Blazing Gator | Which leads to port forwarding and all that

                      Interesting I use to see COD try and open other ports, but I no longer see that behaviour. A

                      update 2: Disabled and rebooted :
                      Firewall > NAT > Outbound > Mappings: alias name for my PC's set to static port

                      get strict now

                      m0njiM 1 Reply Last reply Reply Quote 0
                      • m0njiM Offline
                        m0nji @whiteshadow
                        last edited by m0nji

                        @whiteshadow
                        as far as i know: "static port mapping" does NOT work with multiple players on the same game, even with applied patch. you should delete this manual created outbound nat rule.

                        for me right now, cod warzone tells me "open nat" so far so good. with anno 1800 i still get "strict nat" but possible matchmaking. i think there is somehing else wrong with anno 1800.

                        Intel i3-N305 / 4 x 2.5Gbe LAN @2.7.2-Release
                        WAN: Vodafone 1000/50, Telekom 250/40; Switch: USW Enterprise 8 PoE, USW Flex XG, US-8-60W; Wifi: Unifi 6 Lite AP, U6 Mesh

                        W 1 Reply Last reply Reply Quote 0
                        • W Offline
                          whiteshadow @m0nji
                          last edited by whiteshadow

                          @m0nji
                          I have already moved the static port option in my "Firewall > NAT > Outbound"
                          Screenshot 2022-02-15 170517.png

                          This didnt resolve per update 2. just get strict on every game and pc now. Making things worse

                          so create a output mapping rule for every pc (for games)for ports 3074?
                          So we are saying UpNp is opening allowing in (even though nothing in UpNp Or states to say that is working" but im not allowing it to go out?

                          Anyone who has any COD game what are your settings to get both to show open? did u have to create outbound rules for each PC and if so and u didnt use static what is your NAT port?
                          I thought having "pure NAT" and "Enable automatic outbound NAT for Reflection" would create the outboud rule?

                          NOTE: removing my static rules for my PC's and now all games are strict, vs one being open and one being strict.. and nothing in UpNp anymore either and no states.

                          @pcross616 : what are your settings at that everything is showing as open?

                          In Thread: https://redmine.pfsense.org/issues/7727

                          @Jon8RFC . : Did you have to create outbound rules?

                          1 Reply Last reply Reply Quote 0
                          • W Offline
                            whiteshadow
                            last edited by whiteshadow

                            Looking into game "Pummel Party" u can hoist and choose a port to use. So I went ahead and launched game on both pc's and tried creating a match. It only worked on pc and teh nother never saw the state for the port show or in UpNP.

                            If I go to game and change port from 14242 to 14243 then both pcs show up. It seems it wont allow to clients using the same ports. It seems like the same issue as before, not sure what fixed but none of my games can we have more than 1 person playing at a time.

                            Please share how your configs are that allow multiple games using the same port to work?

                            both pc's using same port:
                            Screenshot 2022-02-15 173840.png

                            Telling the another pc to use another port for same game (game thankfully gives me this option) :
                            Screenshot 2022-02-15 173853.png

                            @rivageeza : I see you tested with COD and it uses the smae port 3074, what does your UpNP status show when both are running and showing open? What is your config look like? are you using "pure NAT" ?

                            Going to disable "hybrid" and try "automatic". Rebooted after this change and still every pc is STRICT..

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              rivageeza
                              last edited by

                              Had already tested the patch with Call of Duty Warzone, PC and PS5. Post patch we both get open NAT, can join the same lobby and play in the same game. Both platforms are using port 3074.

                              Saw some people having difficulty with PC and PC, I've just finished testing and happy to report the fix is working for this configuration too.

                              2 PC's on the same LAN, both playing warzone using 2 different battle.net accounts, both open NAT and was successfully able to start a duo and loaded into a game together. Again, both PC's used port 3074.

                              W 1 Reply Last reply Reply Quote 0
                              • W Offline
                                whiteshadow @rivageeza
                                last edited by

                                @rivageeza : What are your settings?

                                R 1 Reply Last reply Reply Quote 0
                                • jimpJ Offline
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  If it's not working for someone, first check that the patch is actually applied. This is what it should look like in the system patches package:

                                  08715ecf-972e-4134-bf26-f5edd9970093-image.png

                                  Next, check the ruleset and make sure the nat anchor is there:

                                  $ grep miniupnpd /tmp/rules.debug
                                  binat-anchor "miniupnpd"
                                  nat-anchor "miniupnpd"
                                  rdr-anchor "miniupnpd"
                                  anchor "miniupnpd"
                                  

                                  If you have more than one WAN, make sure UPnP is using the same WAN the clients exit.

                                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  W 1 Reply Last reply Reply Quote 0
                                  • W Offline
                                    whiteshadow @jimp
                                    last edited by whiteshadow

                                    @jimp : Only one WAN

                                    Screenshot 2022-02-15 180108.png

                                    Screenshot 2022-02-15 180206.png

                                    1 Reply Last reply Reply Quote 0
                                    • I Offline
                                      iculookn
                                      last edited by

                                      Not related to multiple devices/games, but I applied the patch, removed static port mappings and changed outbound mode to automatic and I can still get open NAT on XBOX.

                                      well done to all involved.

                                      W 1 Reply Last reply Reply Quote 0
                                      • W Offline
                                        whiteshadow @iculookn
                                        last edited by

                                        @iculookn : what are your setting for this:
                                        System > Advanced > Firewall & NAT:
                                        NAT Reflection mode for port forwards ?
                                        Enable NAT Reflection for 1:1 NAT ?
                                        Enable automatic outbound NAT for Reflection?

                                        I 1 Reply Last reply Reply Quote 0
                                        • I Offline
                                          iculookn @whiteshadow
                                          last edited by

                                          @whiteshadow
                                          System > Advanced > Firewall & NAT:
                                          NAT Reflection mode for port forwards ? DISABLED

                                          Enable NAT Reflection for 1:1 NAT ? UNCHECKED

                                          Enable automatic outbound NAT for Reflection? UNCHECKED

                                          W 1 Reply Last reply Reply Quote 3
                                          • W Offline
                                            whiteshadow @iculookn
                                            last edited by whiteshadow

                                            @iculookn :

                                            Thank you for posting those settings. I went ahead and applied them and rebooted pfsense, and boom it all works all is open.

                                            Screenshot 2022-02-15 182008.png

                                            Currently NAT is set to automatic and then the above settings iculookn pointed out. With those set it seems this patch fixes the issue.

                                            thank you for the fix, and think this piece should be documented. Even though it sounds like a bug to me, when "pure NAT" enabled upnp doesnt work as expected.

                                            "pure nat" disabled and it works perfectly.

                                            C 1 Reply Last reply Reply Quote 3
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.