• October 03, 2024, 01:01:18 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 ... 3 4 [5] 6

Author Topic: Achiveing OPEN NAT in game with two or more game console online at same time  (Read 99218 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I reversed the order of consoles being turned on and still, 2nd console only see's Moderate NAT in game.  :-\
Any chance D-Links IPtables and or uPnP can be looked at to better handle nat status? Theres mention of this with Merlin code over on SNB.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 139

I wonder how the new port feature will work.. Does it allow port modification on the Xbox? Will BO3 follow the same port changes or will it continue to use 3074?


Still not working for 2nd console with a port address restricted NAT router and this new port feature:
http://badmodems.com/Forum/viewtopic.php?f=6&t=21

 :-\

Remember, uPnP is doing its simple job by assigning the ports requested by internal/external devices but it requires NAT's permission first. A full NAT will allow anything but a Symmetrical NAT is like a firewall.

D-Link is sticking with Port and address restricted cone NAT and so are the other router manufacturers. We can see this because most new router's use Symmetrical because it is more secure. Everyone wants a secure internet experience and that is the direction that most high tech companies are headed. This is going to be Microsoft's problem and they need to test and figure out how 2 Xboxs will need to work on a restricted NAT environment.


I reversed the order of consoles being turned on and still, 2nd console only see's Moderate NAT in game.  :-\
Any chance D-Links IPtables and or uPnP can be looked at to better handle nat status? Theres mention of this with Merlin code over on SNB.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

You bring up a good point. the Game maybe not be following the changes seen on the new PORT feature which is done on the console. There is a drop down of some either preselected or detected virtual ports. 50k port range seen here. 307x port numbers are not seen here.

I agree that Port Address and or Symmetric NAT is the wave of the future. I beginning to think that since this is a multi part issue that the final part is the game Mfr. Since Full Cone NAT and current uPnP implementations work with this configuration. I can only surmise that some games may not play well or use there own uPnP handling with PAR or Sym NAT and or possible that IPTables could play a role this in. I think that MS may have a role to play however I'm not seeing Moderate or Strict NAT on the console dash board. It's open up to this point for each console. It's when we start the 2nd console same game is when we see Moderate NAT, both BO3 and IW. So makes me think that there is game Mfr involvement some where or IPtables that could be adjusted.

I saw with ASUS OEM FW that on there PAR NAT router that 2nd in game would only get Moderate NATin same game. If I loaded the supported Merlin 3rd party FW on the same router to which RMerlin had adjusted the IPTables with in his FW, the 2nd in game console would get OPEN NAT while using this 3rd party FW which had it's IPTables adjusted for two game consoles playing same game. Not sure if more than two are supported as I couldn't test that out as I only have two consoles.  ::)

There any kind of configurations allowed in D-Link IPTables by chance?   I know that D-Link and other mfrs are keeping PAR or Sym NAT kinds.

Just trying to see if there would be a work around solution for using OEM FW and DIR series routers for two same game consoles while keeping PAR or Sym NAT kinds. Would be nice to have this flexibility, however I also understand that there maybe some market driven limits as well and usage. Still, there is a growing market of house holds with two or more game consoles.  ;) And yes, when and if IPv6 becomes the norm, we can put all of this to bed. However for now, i'm not gonna see that with my ISP from what they say, any time soon.  ::)
« Last Edit: October 09, 2017, 03:13:12 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 139

IPTables? Yea you can create basic port-forwarding rules via GUI VirtualServer but anything more advance requires a debug CLI access to the router, only the programmers have access to that.

DIR-860L A1 F/W 1.00, has "NAT endpoint Filtering" but it was removed on v1.01 because it was a security vulnerability.


Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Yes, I see that on ASUS Merlin FW, they allow user access to the CLI via telnet. Merlin was able to gather information for this and thus he was able to adjust the IPTables for his FW.

Ya I tried some of your suggestion in VS earlier in this thread. Didn't help.

Ya, I looked at some UI with out Styles in FF browser. Saw some routers with it hidden however didn't seem to do anything if I changed it to EndPoint Indy so I presumed the core code was removed while leaving the UI function hidden.

Any chance you could talk to the programmers to see if they could help on this? Allow for some IPTable adjustments for DIR series routers for this issue? I could probably get some info from Rmerlin on what he did maybe. Seems to work for that FW on PAR NAT routers. Would be nice if we could get something going on D-Link routers and gaming.

IPTables? Yea you can create basic port-forwarding rules via GUI VirtualServer but anything more advance requires a debug CLI access to the router, only the programmers have access to that.

DIR-860L A1 F/W 1.00, has "NAT endpoint Filtering" but it was removed on v1.01 because it was a security vulnerability.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
« Last Edit: October 10, 2017, 03:52:07 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 139

IPtables adjustment? That is something the engineers will never give out because it requires root access to the router. Besides those functions are beyond what a consumer router should be doing. You might as well get a bare-bone router and load your own router OS. Those IPTables commands are basically opening up NAT to full cone mode on specific LAN IPs.
Logged

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 139

Furry,
Is your DIR-868 a full cone NAT on firmware v1.00?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I presumed IPTables were something to be kept confidential. Was thinking that maybe they could some how implement rule configurations with in the FW that when two or more same game consoles would be connected to a PAR or Symmetric NAT router, the FW would automatically handle this condition and configuration for D-Link routers. Like RMerlin did for his FW. I see that Netgear has a similar end user feature on there routers. NAT Filtering feature on there routers seems to help with this multiple console NAT issue as a buddy of mine has one of there PAR NAT routers and said that he was getting Moderate NAT on a 2nd console however once he changed the NAT Filtering setting, he now gets OPEN NAT across the board. And yes this is on a newer generation router. Just seeing if anything could be done for D-Link routers and multiple game consoles behind the scenes with out any end user intervention and not impact security.

IPtables adjustment? That is something the engineers will never give out because it requires root access to the router. Besides those functions are beyond what a consumer router should be doing. You might as well get a bare-bone router and load your own router OS. Those IPTables commands are basically opening up NAT to full cone mode on specific LAN IPs.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I'd have to load it up and test it out. I thought I reported what NAT it was on badmodems. Guess i didn't add it. I know that I did test it and it reported PAR NAT if I remember on v1.12. I just downloaded v1.00 and will get it loaded and test it.

Furry,
Is your DIR-868 a full cone NAT on firmware v1.00?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Ok, loaded v1.00 on the 868L. 868L is connected to main host router in it's DMZ.
I Noticed that NAT Endpoint UI features are listed. I believe they are missing in later versions of FW. Loaded v1.12WW and the NAT Endpoint feature is missing from the UI. Looking at the v1.12 UI with out any styles reveals the NAT Filter feature is there and marked at Port and Address Restricted.

First test was with default NAT set to Port and Address Restricted

Here are the results of the test:

UPnP Test (?): found: DIR-868L
UPnP Port mapping works



 
STUN Test (?): Port Address Restricted Cone NAT



 
UDP Binding Test (?): Endpoint independent binding, port prediction is easy
TCP Binding Test: Endpoint independent binding, port prediction is easy
 
I changed to Endpoint Independent, rebooted the router, cleared browser caches, exited the browser then re-tested:
Here are the results of the test:


UPnP Test (?): found: DIR-868L
UPnP Port mapping works



 
STUN Test (?): Full Cone NAT



 
UDP Binding Test (?): Endpoint independent binding, port prediction is easy
TCP Binding Test: Endpoint independent binding, port prediction is easy
 


Did a test with the main host router NG R7800, cleared browser caches, exited the browser and tested:
Here are the results of the test:


UPnP Test (?): found: R7800 (Gateway)
UPnP Port mapping works



 
STUN Test (?): Full Cone NAT



 
UDP Binding Test (?): Endpoint independent binding, port prediction is easy
TCP Binding Test: Endpoint independent binding, port prediction is easy
 
So based on NAT Filter setting on v1.00 seems to dictate NAT kind. Any chance of getting NAT Filter UI features added back?  ::)
« Last Edit: October 11, 2017, 05:11:27 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gattsu

  • Technical Engineer
  • Level 3 Member
  • *
  • Posts: 139

Remember, the request to add the feature back was already rejected back in 2013. =)

Try this: On 1.0, set to "Endpoint Independent" only and then save the configuration. Update firmware to the latest and then restore the configuration. Test the NAT again.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Ok.

I presume that may not work. I already tried to select EndPoint by using No Styles, saving the configuration. It still reported PAR NAT.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Well, very interesting.

Got FULL CONE NAT after loading v1.00, setting Endpoint Independent, setting up wifi. Then saving the configuration. Then didn't do a factory reset, just applied v1.12 FW over v1.00. I see that the router configuration was not erased and it kept the v1.00 configuration I had set up. I looked at the Firewall UI with no Styles and found Endpoint Independent was still selected after the v1.12 was installed.

Connected the 868L to my main host router in the DMZ and ran the NAT test: FULL CONE NAT
http://nattest.net.in.tum.de/individualResult.php?hash=538f0fb18ecac7f21006ebae9fe3c222

So do this mean the save configuration from v1.00 is saving the NAT Filter tables and even after applying v1.12 that the IPtables or filter rules for endpoint indy can still work? Can you explain this please?

I'll get my 868L set up as the main host router and do more testing with it being online and connect my two game consoles.

Remember, the request to add the feature back was already rejected back in 2013. =)

Try this: On 1.0, set to "Endpoint Independent" only and then save the configuration. Update firmware to the latest and then restore the configuration. Test the NAT again.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Ok, put the 868L online as main host router. FULL CONE NAT:
http://nattest.net.in.tum.de/individualResult.php?hash=9d4889b497c15bdd7ea94d2d6a075c31

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: 1 ... 3 4 [5] 6