Question Strict NAT error

[CU]

My kids and I got Snowrunner on Epic. Problem is we cannot do multiplayer. It says your NAT type is strict, so you can not use online features.. Doing some reading most suggest port forwarding or putting your computer in DMZ. Well port forwarding wouldn't work with more than one computer and I am not putting our computers in the DMZ. I have tried the following in windows:

• Search for Windows Defender Firewall with Advanced Security
• Open Inbound Rules and click on “New Rule…” on the right side of the window.
• Make rule SR1: Port > TCP > Specific local ports 11700-11710 > Allow the connection
• Make rule SR2: Port > UDP > Specific local ports 48800-49000 > Allow the connection
• Open Outbound Rules and do the previous two steps with opening ports.

But, that didn't work. I have an EdgeRouter Lite. In there I went to Firewall/NAT then Firewall Policies. I then added two rules to WAN_IN. One to accept udp 48800-49000, and one to accept tcp 11700-11710. I left the destination blank as I need it to work for every computer. I assume that is a valid setup. It didn't help at though. I even put in my computer's local IP as the destination without success. Am I missing something or does this game just not work behind a router due to NAT Strict?

 

[VirtualLarry]

The easiest way I know of to deal with something like that, is to enable the dreaded "UPnP" on the router. That allows each PC behind the router, to negotiate and request, with the router, to open certain ports (different ports per each PC), to allow incoming connections through, and automatically map them through the NAT.

Otherwise, you need to manual open port(s) (potentially both TCP and UDP, sometimes different ranges of each), to EACH different PC behind the NAT, and then configure EACH PC's game, to bind to those port(s) that you MANUALLY mapped through the NAT to each separate PC's IP address. (DHCP reservations or static IPs on those PCs really helps out here too.)

This can get VERY complicated VERY quickly, if you are dealing with multiple PCs, and multiple games, and everyone wanting to get "online" at once, sometimes in the same group games!

 

[CU]

What are the cons of UPnP on the router? All the PC's are dynamic IP's, so managing port forwarding would be rough. I would need to move to static. But, I don't think I can make the game use different ports anyway. So, only the computer I mapped the ports to would work. It really just seems like they messed up the networking on this game. Never seen this before on other games. Makes me miss LAN gaming. It always worked.

 

[VirtualLarry]

Well, I was using an Asus AC68U-family router, with Asus factory firmware, up-to-date, around a year ago, and I got hacked pretty badly. I had UPnP enabled. I don't know for a FACT, that's what let them in, but it's... possible. Some routers, allow UPnP requests from the WAN side, which is a poor implementation. Most slightly-more-secure routers, only allow UPnP requests from LAN side or LAN ports or LAN IP addresses, take your pick.

If nothing else, after enabling UPnP on your router, go and visit grc.com and click on ShieldsUp, and have it scan common ports, it should tell you if UPnP is exposed on the WAN side. (In hindsight, why didn't I think of doing that THEN. Sigh.)

 

[CU]

I tried to enabled UPnP and UPnP2 on my EdgeRouter without success. I need to find away to test if I have UPnP setup right. Also does the game /application need to support UPnP?

Found this on their site under known issues. So, maybe it is a game issue that I can not fix without using a VPN. Although I should be able to get one to work. Are their free VPN's I could use? Never had to use VPN to get a game to work before.

"I can't play with someone using the same internet router
Players on the same internet routeur can't play coop together right now. We're working on the issue.

Temporary workaround: one of the player can use a VPN targeted at the same country (to reduce lag)

 

[mnewsham]

Are their free VPN's I could use? Never had to use VPN to get a game to work before.

Nothing free that would be decent.

Depending on where you are in the country, you could rent a single CPU core VPS somewhere geographically close to you with half a gig of RAM and 10-20GB of HDD space with a 1gbps ethernet connection, set up a VPN server and then connect through that.

I live in the Washington DC area and for a while, my ISP had really crappy peering bandwidth to youtube causing video buffering even at 480p on my 1gbps fiber internet, so I rented a VPS in new york for ~$4-5/month, set it up as a VPN server, and whenever I had issues with youtube I'd just hop on the VPN and suddenly youtube no longer had issues loading.

You can also look at VPN services like Mullvad, PIA, NordVPN, etc.

 

[Genx87]

Assume your edgerouter is behind the ISP's modem? If so, log into the ISP's modem and NAT the WAN IP of the EdgeRouter to the public of the modem. This will eliminate the NAT from the ISP's modem. Which is probably your issue as you are double natting.

 

[CU]

Well I don't plan to pay for a VPN, to fix a game so that is out.

My Edgerouter is not behind my ISP's modem. I have an ethernet cable coming into my house. It goes to a switch my ISP gave me. From that switch one cable goes to my Edgerouter and the other goes to their DVR / router / wifi box. Nothing is connected to their box except the TV cable box.

I have read other game have this problem also. Mostly seems to be console ports and even games on consoles. Do dev's just expect customers to put their pc / console in the DMZ, use UPnP, or setup port forwarding. Port forwarding is OK I guess, but that only works for one device behind the router.

 

[CU]

Just noticed my WAN IP on my EdgeRouter dashboard doesn't match what I get from whatismyip.com or any other site like it. So, doesn't that sound like my ISP has me behind another router and NAT'ing me. Thus blocking any port forwarding I am trying to do.

 

[mnewsham]

Just noticed my WAN IP on my EdgeRouter dashboard doesn't match what I get from whatismyip.com or any other site like it. So, doesn't that sound like my ISP has me behind another router and NAT'ing me. Thus blocking any port forwarding I am trying to do.

Depends on your ISP, but it's certainly possible, usually, a decent ISP wouldn't do that though.
Are you SURE that your isp gave you a switch, and it's not actually a router?

 

[CU]

Yeah, it is a tiny Netgear 5 port gigabit switch GS605v5. I have a 1 gigabit Ethernet connection going into it. That cable comes from outside the house. From that switch one cable goes to their all in one box and another cable goes to my EdgeRouter.

Might try and chat with them tonight and see what I can find out.

 

[CU]

I found out my ISP ran out of IPv4 addresses and groups of house are in a CGNAT. IPv6 is being tested, but no ETA on roll out. So, that is why the game doesn't work, and why I couldn't get any kind of port forwarding working. I can pay for a static IP that would move me out of the CGNAT, which I may do. But, at least now I know what the problem is. I still say games shouldn't really be designed like this and thankfully most are not as I have never ran into this problem before.

 

[DaaQ]

Curiously, I have ran into this on XboxOne games, I don't won the console btw. So this was customer equipment.
I've ran into it twice. Where the Xbox sets NAT type to strict and multiple online games fail to work.

The one person told me they were messing with settings trying to "improve" their game performance.
The setup was as follows. They had ISP provided gateway, with 2 WiFi extenders, that run through MOCA. IIRC they had 1gig service, but MOCA 2.0 maxes out at about 650 MBps, well the one MOCA extender ran to the "adult" kids room in the basement (insert meme) Our MOCA extenders are Hitron dual band with one ethernet port. The XboxO was ethernet wired into the extender. It worked this way for several months. Until he did whatever to muck up the NAT settings on the console.
I couldn't figure out how to change it since I don't own any current gen consoles.
Our equipment doesn't allow for alot of changes inside the GUIs of the extenders or gateway. Best you can do is some port forwarding on the gateway, and on the extender is setting the MOCA channels, WiFi channels, and SSID passwords.

Basically had to disconnect the ethernet and just use the 5g WiFi to resolve the issue.

Any insight as to why the consoles do this would be appreciated, I've not run into it on PS4 although I have seen it having NAT type settings in the menu.

TIA, and seemed related, although not trying to hijack OPs thread.

 

[ch33zw1z]

I found out my ISP ran out of IPv4 addresses and groups of house are in a CGNAT. IPv6 is being tested, but no ETA on roll out. So, that is why the game doesn't work, and why I couldn't get any kind of port forwarding working. I can pay for a static IP that would move me out of the CGNAT, which I may do. But, at least now I know what the problem is. I still say games shouldn't really be designed like this and thankfully most are not as I have never ran into this problem before.

Game designers have to balance performance and security. Port forwarding has been part of online gaming forever. It's good you have an ISP with technical people to answer with a REAL answer, not some big corporate sham with automated voice systems and L1 script followers that don't know what you're talking about when simple tools like ping and tracert are used.

 

[mnewsham]

but MOCA 2.0 maxes out at about 650 MBps

MoCA is highly dependant on coax quality, how long the coax runs are, and any splitters in the run.

MoCA 2.0 can hit ~400-500mbps. Bonded MoCA 2.0 i've seen hit over 900mbps in both directions.

MoCA 2.5 i've not used personally, but from everything I've heard, it can EASILY do 1gbps.

 

[mxnerd]

The following article explains how multi-players games are designed.

So for peer-to-peer (co-op) games some tcp/udp ports need to be open.

Getting Started with Multiplayer Game Programming

Getting Started with Multiplayer Game Programming

hub.packtpub.com

Then the article talked about Javascript & WebSockets, TLTR however. Will find another time.

 

[CU]

Game designers have to balance performance and security. Port forwarding has been part of online gaming forever. It's good you have an ISP with technical people to answer with a REAL answer, not some big corporate sham with automated voice systems and L1 script followers that don't know what you're talking about when simple tools like ping and tracert are used.

I have used port forwarding for games before, but it was years ago. Also, how would port forwarding even work with multiple PC's playing the same game? Who would you forward the port to? You can't tell a game to use one port on one PC and another port on a different PC. And, yeah my tech was great. The first person I got knew all about port forwarding and how I was behind a CGNAT. Told me about their IPv6 testing and all. I was expecting a long conversation and going through several techs before I got to someone who knew about all this stuff.

 

[ch33zw1z]

I have used port forwarding for games before, but it was years ago. Also, how would port forwarding even work with multiple PC's playing the same game? Who would you forward the port to? You can't tell a game to use one port on one PC and another port on a different PC. And, yeah my tech was great. The first person I got knew all about port forwarding and how I was behind a CGNAT. Told me about their IPv6 testing and all. I was expecting a long conversation and going through several techs before I got to someone who knew about all this stuff.

Sure is a PITB when you have a multiplayer situation. I know it's not ideal, but I'm lazy sometimes and would likely just static DHCP my devices to certain ips, add those ips to the dmz, then take them off the dmz when I'm done. *Shrug* lol

 

[CU]

Curiously, I have ran into this on XboxOne games, I don't won the console btw. So this was customer equipment.
I've ran into it twice. Where the Xbox sets NAT type to strict and multiple online games fail to work.

The one person told me they were messing with settings trying to "improve" their game performance.
The setup was as follows. They had ISP provided gateway, with 2 WiFi extenders, that run through MOCA. IIRC they had 1gig service, but MOCA 2.0 maxes out at about 650 MBps, well the one MOCA extender ran to the "adult" kids room in the basement (insert meme) Our MOCA extenders are Hitron dual band with one ethernet port. The XboxO was ethernet wired into the extender. It worked this way for several months. Until he did whatever to muck up the NAT settings on the console.
I couldn't figure out how to change it since I don't own any current gen consoles.
Our equipment doesn't allow for alot of changes inside the GUIs of the extenders or gateway. Best you can do is some port forwarding on the gateway, and on the extender is setting the MOCA channels, WiFi channels, and SSID passwords.

Basically had to disconnect the ethernet and just use the 5g WiFi to resolve the issue.

Any insight as to why the consoles do this would be appreciated, I've not run into it on PS4 although I have seen it having NAT type settings in the menu.

TIA, and seemed related, although not trying to hijack OPs thread.

While reading about this it does seem more common among console games. More often designed for peer-2-peer? It isn't a setting on the console as far as I know though. This is a networking problem. The console is just reporting the error. I don't have a XBOX or PS, so I could be wrong. It would seem that the person either moved their XBOX from the DMZ or removed port forwarding that was setup for it. As for it working on WiFi and not Ethernet, that is strange. That implies his Ethernet is not going through the same router as the WiFi. Or, maybe his entire WiFi is in the DMZ. As one is letting it except connections where the other isn't. I wouldn't think the MOCAs have anything to do with it. But, I have never used them. Maybe try moving the XBOX closer to the router and connecting straight to it, just for a test. Note, I would never suggest putting something in the DMZ.

 

[CU]

Sure is a PITB when you have a multiplayer situation. I know it's not ideal, but I'm lazy sometimes and would likely just static DHCP my devices to certain ips, add those ips to the dmz, then take them off the dmz when I'm done. *Shrug* lol

With three kids it would be a giant pain to add and remove their computers to the DMZ every time they wanted to play online. Not to mention I wouldn't add my computer to the DMZ, and there is no way I would add a less tech savvy kid's computer to the DMZ. I do enough home tech support without dealing with viruses hitting them in the DMZ.

 

[ch33zw1z]

With three kids it would be a giant pain to add and remove their computers to the DMZ every time they wanted to play online. Not to mention I wouldn't add my computer to the DMZ, and there is no way I would add a less tech savvy kid's computer to the DMZ. I do enough home tech support without dealing with viruses hitting them in the DMZ.

I understand your plight. A managed switch and a DMZ VLAN with specific ports assigned is more like what I'd do. Make some ports on the isolated DMZ VLAN, go move the cables when you wanna play snow runner, move them back when you're done.

As far as virus's go, they're not going to just come out of nowhere, you'll have to browser to website, download software, or make an effort to find them.

I understand your reluctance

 

[DaaQ]

While reading about this it does seem more common among console games. More often designed for peer-2-peer? It isn't a setting on the console as far as I know though. This is a networking problem. The console is just reporting the error. I don't have a XBOX or PS, so I could be wrong. It would seem that the person either moved their XBOX from the DMZ or removed port forwarding that was setup for it. As for it working on WiFi and not Ethernet, that is strange. That implies his Ethernet is not going through the same router as the WiFi. Or, maybe his entire WiFi is in the DMZ. As one is letting it except connections where the other isn't. I wouldn't think the MOCAs have anything to do with it. But, I have never used them. Maybe try moving the XBOX closer to the router and connecting straight to it, just for a test. Note, I would never suggest putting something in the DMZ.

To be fair, it was etherneted into the moca extender, which connects to the gateway with moca built in.
Then again customer info is so very lacking, "I was messing with settings and then things broke"