Multiple Xbox 360s behind one public IP



  • I just wanted address the issue of multiple Xbox 360s behind 1 public IP.  This applies to Halo 3 only.  Basically Bungie(Halo 3 creators) has developed an algorithm which choses players for a matches based on various statistics such as skill level/rank, geological location etc.  The algorithm then chooses the player with the best connection to the internet as "Host" which would be the same as a listen server(ie NOT dedicated server).  The person who is Host effectively has 0ms ping while the other players have at least 20ms.  You can imagine the advantage that this gives the host.

    BUT… I have read that if the algorithm detects multiple accounts behind the same public IP address, then those players are considered last for hosting the match.  This sheds some light on why we rarely get to be host.

    I have also read that a record is stored on the hard drive of the console of how many times you've hosted a match and how well your connection handled it.  You are then favored for hosting the game in future matches if your "record" is good.  I don't really think this is happening however.

    As annoying as it is that we rarely get host, it makes sense from a fairness standpoint.  If we are all in the same location we can communicate more quickly and easily AND we would all have very very low (LAN-like) ping times to the host, making our advantage even greater.

    None of this is confirmed to be true because Bungie would probably never reveal how their net code works but it makes me feel better.

    I feel we could easily solve this problem by allowing dedicated servers on Xbox Live but what do I know?



  • Good post xcrustwadx. I split this from the other thread and am making it a sticky.



  • I will be receving 5 static IPs (and a service upgrade)this Friday and I will put this "Bungie theorem" to the test.  I plan on creating 1:1 NAT for 4 Xbox 360s and use the 5th static for my private LAN.  I hope the algorithm doesn't look for consecutive addresses too.  I've got my fingers crossed!



  • Be sure to post back, I'm sure a lot of people would be interested in this.



  • I got my five static IPs… but I am forced to use the ISP's router / modem combo.  I tried 1 to 1 NAT to 4 Xbox 360s on the provided router (each Xbox had 1 to 1 NAT to one of my static addresses).  Each Xbox 360 could get on to Xbox Live, register as Open NAT, join and host games fine, however they could not join each others' games.  I suspected it was something like the NAT redirection thing in PFsense and I made that clear to the phone technician however he did not really understand me. After 1.5 hours he said it was an Xbox Live issue and that he could not provide a working configuration (and that it would not work no matter which router or modem combo I used).  This was after he initially said the reason why it was not working was because my computer had a virus.

    The tech did say it would work using PCs so I did a test...
    I did 1 to 1 NAT for two computers on my LAN, PC1 and PC 2 (just as I had done previously with the Xbox 360s).

    ie
    PC 1 - Private LAN address - 10.1.10.245 --> 1 to 1 NAT --> Public Static IP - 123.123.23.44
    PC 2 - Private LAN address - 10.1.10.246 --> 1 to 1 NAT --> Public Static IP - 123.123.23.45

    When I attempted to ping / access PC 1 from PC 2 using the 1 to 1 NAT public IP address (ie on PC 2 I typed "ping 123.123.23.44"), it timed out.  I was able to ping / access fine using their private IPs and when I was coming from a remote host to the public IP... Is this a limitation of 1 to 1 NAT?  Shouldn't these devices be able to communicate using their 1 to 1 NAT public IPs?

    I am currently stumped.



  • Here is a diagram of what I am going to try next… Does anyone think this will work?

    Basically this removes the 1 to 1 NAT totally and gives a public IP directly to each of 3 Xbox 360s.  The rest of the Xbox 360s "fight" for a 4th public IP address using uPnP behind a PFsense firewall.  One public IP is assigned to the modem / router / gateway provided by my ISP.

    Thank you for your help.




  • With the 1:1 NAT did you try unchecking "Disable NAT Reflection" on General -> Advanced?



  • I should have specified… I was not using PFsense when the 1 to 1 NAT was enabled, I really couldn't since my new service plan requires that I use THEIR equipment - which means router / modem all-in-one by SMC... I had the NAT redirection enabled before I "upgraded" my service (when i was using pfsense exclusively) and that was what I was trying to tell the tech - that there should be a setting on the ISP-provided router similar to enable NAT reflection.  He had no clue what that was.  My new plan (pictured above) is what I'm trying next.  Sorry if this is unclear.



  • Why not just place the Xbox's behind pfSense using 1:1 NAT. You should be able to place their router/modem in bridge mode. Or if you want more firewall protection for the Xbox's bridge an interface to the pfSense WAN and place the Xbox's on that with firewall rules setup for the Xbox required ports.



  • I just called my ISP and they do not allow me to use bridge mode…  BUT I also found out that they actually gave me a gateway address so now I don't have to use up one of my 5 static addresses for the gateway itself.

    So really I could just put the PFSense behind the ISP-provided router / modem and give PFsense all 5 statics, then distribute 4 of them as I please via 1 to 1 NAT to the Xbox 360s AND use the 5th address for my private LAN (with uPnP for the 5,6,7 and 8th Xbox 360).  I would enable NAT redirection and I would also not have to implement firewall rules for the Xbox 360s that otherwise would have been outside of PFsense.  I also would not have to manually set static IP addresses for the Xbox 360s outside PFsense so that when my friends take them home, they don't call me saying, "my Xbox won't connect to Xbox Live Anymore.. why did you break it?  I'm never bringing it over again!"  Is this configuration correct?

    It's all starting to make some sense and I'm not crying so much anymore about being forced to use ISP-provided equipment.

    I have attached a revised diagram.  Please let me know how it looks because I am implementing this today.




  • Looks good to me. That's probably how I would go about implementing it.



  • Thank you once again for your help.  I will be implementing this shortly and I will report my results as to the initial topic of this thread.



  • In order for me to "give" the 5 static addresses to pfsense as per the diagram above, which one do I use; Virtual IP or Aliases?

    I'm trying virtusl IP now and when I do a 1 to 1 to a private address, ipchicken indicates the proper IP but I cannot ping between two hosts which are using 1 to 1 NAT using their public addresses.  I have also added a rule in advanced outbound NAT for the range of static addresses from WAN to allow any (static port).

    Am I missing something?



  • I have made an exception and placed 4 Xbox 360s outside the PFsense firewall, as illustrated in the first diagram posted.  Everything seems to be working OK now.  We will continue to test our connection as far as hosting games goes and I will report back.  I plan to convert back to virtual IPs with everything behind pfsense when I find a fix for the 1 to 1 NAT issue.



  • I have had the new service for about 2 weeks now.  I have no real scientific way to test this but the preliminary results indicate that we are definately "getting host" more often now that each Xbox has it's own public IP address.  I am going to keep testing and I am very happy so far.

    The problem is that I can't really determine if the increase is due to the 33% augmentation of our upstream bandwidth or the 4 unique public addresses or the fact that they are not behind a firewall or all three.

    If anyone has any suggestions for my testing setup, please feel free to let me know.  I am certain that there are better ways to test.



  • I have been using te above setup for ~ 2 months now and it works great.  The only problem is that the 4 consoles are outside the firewall because when using virtual IPs they cannot connect to each other.  I have looked around the 1:1 / virtual IP forums and found that there is no fast and reliable way to have the 4 consoles behind pfsense without have connection problems.  Does anyone have a suggestion or am I stuck keeping these machines in front of PFsense?

    Xbox 1 - 192.168.1.200 –> 68.97.56.44
    Xbox 2 - 192.168.1.201 --> 68.97.56.45
    Xbox 3 - 192.168.1.202 --> 68.97.56.46
    etc

    on xbox live the xboxes can't connect to one another using the virtual IP 68.97.56.x (even with NAT redirection on)
    This is the same for PCs I've tried using Virtual IP.

    Thank you.


Log in to reply