matrixman92
Member
i swear mine changes from open to moderate every other day.
Disable UPNP as it is just asking to be exploited, set a static IP (and a reservation on DHCP for the mac address) and forward your ports normally.
This is really simple to do and is well documented online for every major router out there.
You will be constantly open after that and have no security vulnerabilities on your router anymore.
This, this, a thousand times THIS.
UPnP has a bunch of security flaws that are easily exploited. Not to mention using UPnP on a weak router with little RAM can cause it to have performance issues.
You don't necessarilly need a $160+ router (though it can help our entire network) but getting a cheapassed $30 Netgear or D-Link or some other piece of crap certainly won't do it any favors.
TL;DR
Get a decent router within your budget.
Set it up correctly.
Turn off UPnP because it's a security hole and makes your router run worse anyway.
Multiple devices needing access to the same ports makes your "solution" a nightmare.
Xbox one, my only console in the last 10 years to slap me with a moderate nat type
I always have it on PS3 and PS4 (type 2) no idea why.
Really? I thought the types were the nat settingsNAT type 2 means you are using a router and everything is running fine
Really? I thought the types were the nat settings
Multiple devices needing access to the same ports makes your "solution" a nightmare.
EDIT: NETGEAR R6250 seems to be free of this issue. 2.8 and 2.2 are the Xbox Ones. Both set to "Instant-On"
Any gurus feel like explaining Advertisement Period and Adversisement Time to Live in layman's terms?
Oh snap - I've never once gotten a game of DA:I multiplayer going on Xbox One. I've tried every night since the game launched, and NEVER gotten into a game - it can't connect me with anyone. I assumed it was because of shitty EA Origin servers, but I have Instant On on... wonder if it's a NAT issue after all. Off to try!
miniupnpd[521]: HTTP connection from 192.168.1.106:49164
miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetConnectionTypeInfo
miniupnpd[521]: HTTP connection from 192.168.1.106:49165
miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetNATRSIPStatus
miniupnpd[521]: HTTP connection from 192.168.1.106:49166
miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#[B]AddPortMapping[/B]
miniupnpd[521]: [B]AddPortMapping: ext port 3074 to 192.168.1.106:3074[/B] protocol UDP for: Teredo leaseduration=0 rhost=
miniupnpd[521]: [B]UPnP permission rule 0 matched : port mapping accepted[/B]
miniupnpd[521]: [B]redirecting port 3074 to 192.168.1.106[/B]:3074 protocol UDP for: Teredo
miniupnpd[521]: upnpevents_selectfds: 0x43b3f8 1 10
miniupnpd[521]: upnp_event_notify_connect: '192.168.1.106' 2869 '/upnp/eventing/rtkfsdxeim'
miniupnpd[521]: upnpevents_processfds: 0x43b3f8 2 10 0 1
miniupnpd[521]: upnp_event_send: sending event notify message to 192.168.1.106:2869
miniupnpd[521]: upnp_event_send: msg: NOTIFY /upnp/eventing/rtkfsdxeim HTTP/1.1
Host: 192.168.1.106:2869
Content-Type: text/xml
Content-Length: 389
NT: upnp:event
NTS: upnp:propchange
SID: uuid:4e59862d-6fc0-4e8b-8575-62a4454a095b
SEQ: 1
Connection: close
Cache-Control: no-cache
miniupnpd[521]: HTTP connection from 192.168.1.106:49524
miniupnpd[521]: HTTP REQUEST : UNSUBSCRIBE /evt/L3F (HTTP/1.1)
miniupnpd[521]: ProcessHTTPUnSubscribe /evt/L3F
miniupnpd[521]: SID 'uuid:4e59862d-6fc0-4e8b-8575-62a4454aa048'
miniupnpd[521]: HTTP connection from 192.168.1.106:49525
miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#[B]DeletePortMapping[/B]
miniupnpd[521]: [B]DeletePortMapping: external port: 3074[/B], protocol: UDP
miniupnpd[521]: [B]removing redirect rule port 3074 UDP[/B]
miniupnpd[521]: Trying to delete nat rule at index 0
miniupnpd[521]: Trying to delete filter rule at index 0
miniupnpd[521]: upnpevents_selectfds: 0x43b098 1 10
miniupnpd[521]: upnp_event_notify_connect: '192.168.1.106' 2869 '/upnp/eventing/wlofnqblfn'
miniupnpd[521]: upnpevents_processfds: 0x43b098 2 10 0 1
miniupnpd[521]: upnp_event_send: sending event notify message to 192.168.1.106:2869
miniupnpd[521]: upnp_event_send: msg: NOTIFY /upnp/eventing/wlofnqblfn HTTP/1.1
Host: 192.168.1.106:2869
Content-Type: text/xml
Content-Length: 389
NT: upnp:event
NTS: upnp:propchange
SID: uuid:4e59862d-6fc0-4e8b-8575-62a4454a959e
SEQ: 1
Connection: close
Cache-Control: no-cache
miniupnpd[521]: ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 (ver=1)
miniupnpd[521]: SSDP M-SEARCH from 192.168.1.106:50249 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[521]: Single search found
miniupnpd[521]: SendSSDPResponse(): 0 bytes to 192.168.1.106:50249 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
USN: uuid:4e59862d-6fc0-4e8b-8575-62a4454a01e1::urn:schemas-upnp-org:device:InternetGatewayDevice:1
EXT:
SERVER: UPnP/AsusWRT UPnP/1.1 MiniUPnPd/1.9
LOCATION: http://192.168.1.1:42856/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1
BOOTID.UPNP.ORG: 1
CONFIGID.UPNP.ORG: 1337
I decided to do further research and had the assistance of some knowledgeable people in networking - one is the author of a custom router firmware, and the other the developer of the mini UPnP daemon. With the data captured and logged, we've been able to conclude that the issue does in fact reside with the Xbox One, and is a bug that Microsoft needs to address. Technical details below for those interested:
Here's part of the UPnP negotiations from the Xbox One booting out a full power-off state ("energy saver"). Note the AddPortMapping request, where the Xbox One asks for port 3074 to be redirected/forwarded to it. To simplify things, this is what gives you an open NAT.
Code:miniupnpd[521]: HTTP connection from 192.168.1.106:49164 miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1) miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetConnectionTypeInfo miniupnpd[521]: HTTP connection from 192.168.1.106:49165 miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1) miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetNATRSIPStatus miniupnpd[521]: HTTP connection from 192.168.1.106:49166 miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1) miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#[B]AddPortMapping[/B] miniupnpd[521]: [B]AddPortMapping: ext port 3074 to 192.168.1.106:3074[/B] protocol UDP for: Teredo leaseduration=0 rhost= miniupnpd[521]: [B]UPnP permission rule 0 matched : port mapping accepted[/B] miniupnpd[521]: [B]redirecting port 3074 to 192.168.1.106[/B]:3074 protocol UDP for: Teredo miniupnpd[521]: upnpevents_selectfds: 0x43b3f8 1 10 miniupnpd[521]: upnp_event_notify_connect: '192.168.1.106' 2869 '/upnp/eventing/rtkfsdxeim' miniupnpd[521]: upnpevents_processfds: 0x43b3f8 2 10 0 1 miniupnpd[521]: upnp_event_send: sending event notify message to 192.168.1.106:2869 miniupnpd[521]: upnp_event_send: msg: NOTIFY /upnp/eventing/rtkfsdxeim HTTP/1.1 Host: 192.168.1.106:2869 Content-Type: text/xml Content-Length: 389 NT: upnp:event NTS: upnp:propchange SID: uuid:4e59862d-6fc0-4e8b-8575-62a4454a095b SEQ: 1 Connection: close Cache-Control: no-cache
Here's the Xbox One shutting down into standby ("instant on") mode. It relinquishes its hold on port 3074 now that it's done with it.
Code:miniupnpd[521]: HTTP connection from 192.168.1.106:49524 miniupnpd[521]: HTTP REQUEST : UNSUBSCRIBE /evt/L3F (HTTP/1.1) miniupnpd[521]: ProcessHTTPUnSubscribe /evt/L3F miniupnpd[521]: SID 'uuid:4e59862d-6fc0-4e8b-8575-62a4454aa048' miniupnpd[521]: HTTP connection from 192.168.1.106:49525 miniupnpd[521]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1) miniupnpd[521]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#[B]DeletePortMapping[/B] miniupnpd[521]: [B]DeletePortMapping: external port: 3074[/B], protocol: UDP miniupnpd[521]: [B]removing redirect rule port 3074 UDP[/B] miniupnpd[521]: Trying to delete nat rule at index 0 miniupnpd[521]: Trying to delete filter rule at index 0 miniupnpd[521]: upnpevents_selectfds: 0x43b098 1 10 miniupnpd[521]: upnp_event_notify_connect: '192.168.1.106' 2869 '/upnp/eventing/wlofnqblfn' miniupnpd[521]: upnpevents_processfds: 0x43b098 2 10 0 1 miniupnpd[521]: upnp_event_send: sending event notify message to 192.168.1.106:2869 miniupnpd[521]: upnp_event_send: msg: NOTIFY /upnp/eventing/wlofnqblfn HTTP/1.1 Host: 192.168.1.106:2869 Content-Type: text/xml Content-Length: 389 NT: upnp:event NTS: upnp:propchange SID: uuid:4e59862d-6fc0-4e8b-8575-62a4454a959e SEQ: 1 Connection: close Cache-Control: no-cache
Here's the Xbox One booting up out of its stanby ("instant off") state. Nothing like the full boot, just a simple "hey I'm here" without any of the port mapping. Note that the port mapping is absolutely necessary since it released it during shut down. Without it, we're stuck in moderate NAT land again.
Code:miniupnpd[521]: ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 (ver=1) miniupnpd[521]: SSDP M-SEARCH from 192.168.1.106:50249 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 miniupnpd[521]: Single search found miniupnpd[521]: SendSSDPResponse(): 0 bytes to 192.168.1.106:50249 ST: HTTP/1.1 200 OK CACHE-CONTROL: max-age=120 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 USN: uuid:4e59862d-6fc0-4e8b-8575-62a4454a01e1::urn:schemas-upnp-org:device:InternetGatewayDevice:1 EXT: SERVER: UPnP/AsusWRT UPnP/1.1 MiniUPnPd/1.9 LOCATION: http://192.168.1.1:42856/rootDesc.xml OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01 01-NLS: 1 BOOTID.UPNP.ORG: 1 CONFIGID.UPNP.ORG: 1337
If anyone has advice for getting this to the right people at Microsoft, it would be appreciated. I have more detailed logs available. It's time for this to get fixed.
QFT.
Although it should be said that for the first time ever tonight, I ran into a strict, followed by a moderate NAT on my XB1, and I do not use instant-on (never have).
SMFH. MS needs to fix this shit.
Glad at least one person saw that post. No luck so far trying to figure who to send this to or how to contact them. Official Xbox support channels will likely go nowhere since this has been brought up repeatedly on their support forums for over a year now.
Why don't you just tweet visible Xbox people?
No twitter account, unfortunately. Also, I think the only way this will actually get fixed is if it goes straight to the engineers.
You seem to be implying that I'm being lazy about this issue, which is a little odd given that I've done more research and gathered more evidence than anyone else. As for the Twitter thing, I've been looking and haven't found anything. If I knew the handles of the engineers, I'd have tweeted them by now.Then make a twitter account. Find the twitter accounts of relevant engineers. If you care about this problem, try and solve it.
There's a good chance it won't stay that way, or it will report that it's okay and it actually isn't.Got my XboxOne on Friday and immediately had the NAT set to open.
There's a good chance it won't stay that way, or it will report that it's okay and it actually isn't.
If you're manually port forwarding you should be fine - the issue only affects UPnP automatic port mapping.That would certainly indicate a device issue. I tend to set static ips to all my devices as well as proper port forwarding. This has allowed me to set all my relevant devices to NAT 2 in the past. If that changes, sadly I will know it is currently out of my hands.
No twitter account, unfortunately. Also, I think the only way this will actually get fixed is if it goes straight to the engineers.
There is an MS employee that posts in the XB1 update threads, his user name is Kampfheld. Send him a PM and give him your information and I bet he can get it to the right people.
I don't use instant-on either and my xbox is regularly at moderate NAT. However, I've never had any online issues, so I don't know what that means, at least in my case.QFT.
Although it should be said that for the first time ever tonight, I ran into a strict, followed by a moderate NAT on my XB1, and I do not use instant-on (never have).
SMFH. MS needs to fix this shit.
I have a static ip and mac set but how do i forward ports to that specific ip? I only see where it lets me add the ports but never to a specific ip
Turned UPnP off, have static IP set, but NAT shows Strict with message "Your network is behind a port-preserving port symmetric NAT".
Wired Connection
Any advice?
I would check for any firmware refreshes for your modem and your switch. From that point onward, twofold watch that your switch has UPnP empowered. In the event that that still doesn't work, I'd unplug everything for a couple of hours and afterward plug it back in once more. In the event that there's still issues, I'd call your ISP or Xbox backing and stroll through the investigating ventures with them.UPDATE: Evidence of the issue in the form of detailed system log files available in post 118. Confirms Xbox One is not properly re-negotiating port mapping after coming out of standby and confirms this is a Microsoft/Xbox bug.
For those of you not familiar with UPnP, think of it in this context as automatic port forwarding. The device communicates with the router and says "hey, I'm located here at [IP address] and [MAC address] and I need access to ports [port], [port], and [port] please!" This is great, as it allows for consoles to have an "open NAT" and communicate effectively with the internet, allowing players to connect to other players and servers and such without hassle. It's also great for situations where multiple consoles are being used on the same network where manual port forwarding would not be effective.
However, the Xbox One's implementation of UPnP is bugged. Since devices are requesting ports to be opened and held for them, it's obvious that these reservations can't be held forever for security and compatibility reasons. So routers will eventually expire these UPnP reservations after a period of time of inactivity. No big deal - when a device needs access again, it renegotiates the leases and they become active again.
The Xbox One, however, doesn't do this unless a full reboot of the console occurs. As a result, users with a secure UPnP setup and the Xbox One on the "Instant On" setting will have a moderate or closed NAT, impeding their ability to connect to other players and services. So for those of you with the console with "Instant On" enabled, there are three ways I've found so far to temporarily resolve the issue:
Here's the advanced screen in question:
- Hard reset the console by holding the power button on the console.
- Perform the "test multiplayer connection" test in the settings app. Once it finishes, hold LT + RT + LB + RB and an advanced screen will appear. During the advanced screen, the Xbox will attempt to renew its UPnP leases.
- Disable "Instant On" and switch to "Energy Saver" and deal with very long console boot times.
Don't be fooled by the short "NAT type" description, either, as this is cached and not accurate. As the above example shows, the NAT type is listed as Moderate, but the description from the advanced test is that of a "cone NAT" (open). The reverse happens as well - the console will show that your NAT is open, when in fact the UPnP leases are not active and you're not able to connect with some other players.
What's particularly frustrating about this issue is that it has existed and has been brought up since the console's launch. Refer to this article, this unacknowledged Xbox support forum post from August, and this unacknowledged thread spanning from November of last year to October.
So to those of you on here, if you're using UPnP and Instant On, chances are your NAT isn't as open as you think it is and you're not able to connect to everyone. For those of you who are more network savvy, you'll be able to verify this by looking at your port reservations and UPnP lease tables on your network.
To Microsoft: what's the deal, guys? It's been a year and a major system bug still exists and hasn't been acknowledged. Please get around to patching this for your customers.