Hi al, having issues with an xbox user with strict NAT type… Normally we set the antenna to router mode and the customers router we change to AP mode. Many Playstation users on the network and not one has a strict NAT type on our setup. I tried the force 25 in NAT, Router and Bridge mode and no success… I tried all the suggestions on the xbox support with no success. any help would be greatly appreciated!
Thank you
Same issue with Playstation network. On UBNT and Mikrotik devices working fine without issues.
So, does the “antenna” (I assume this is your ePMP radio ?) do NAT ? When their router is in AP mode does that mean it is routing (and doing NAT) or bridging ? Is this an old X box or a new one ?
Depending on the age of their router and the xbox this may be as easy as enabling uPNP on the ePMP and on their router. However if uPNP doesn’t work then you are looking at port forwarding or DMZ forwarding and that seems to not always work well, break often, on ePMP. The few customers we have that we have had to set up port forwarding or DMZ on constantly called because it would just stop working. We thought it got fixed a while back because it had been a long time since we had any calls about port forwarding not working but turned out the customers had just learned to angerly power cycle their/our radios.
uPNP seems to work though with newer routers / playstations / xboxes.
This sounds like a routing issue. If the epmp radio is in router mode and the wifi AP is in AP only mode then the problem is on the epmp radio. Xbox expects either to be the only gaming console on the network (nat routers) or to have a public IP. In otherwords it must be directly reachable from the internet. Playstation does not care as it will happily coexist with 20 others behind nat (type 1 or type 2 are fine, just means that you can open ports to the internet but are not directly accessible).
Upnp should help but the wifi AP must be told to not listen for Upnp and just pass packets. Dlink wifi routers are bad for this.
As of 4.6.1, upnp does work but still randomly stops letting connections through, a simple reboot fixes this.
DMZ is another sometimes works.
We solved this with our service contract where hosting of any kind is not permitted nor supported on residential connections. If they want to host then they need to either use a vpn which can expose them via a rented IP or they will need a managed router with internet connection (business connection). We get the odd gamer pissed that they cant host but its usually a young teen that complains that the internet doesnt work but they are violating the contract.
Thank you for your reply! I did try NAT mode on the Force 300 25, so yes it does do NAT. I assume that when the router, which we set to AP mode, is bridging when in AP mode. It is an xbox series x.
I tried enabling UPnP in the Force 300 25, the router doesnt have that option when set to AP, which is understandable, and still no go. Funny thing was that the xbox was on port 3074 and it showed that the UPnP was allowing 3074 for the xbox but NAT remained strict. The router is a TP Link C50
Thank you for your reply! I agree that the issue must be the force 300 25. I have done the exact same setup with ubiquiti antennas in router mode and issue was resolved quickly… For both of my networks that are using ubiquiti or cambium antennas, we set to router mode, put the home router to AP mode and we NAT the antennas private IP with a public IP. Not a single issue with strict NAT type for xbox users who are on our ubiquiti network and no issues on either ubiquiti or cambium antenas for playstation users, just seems to be force 300 antennas giving xbox users grief… very frustrating.
I have some force 300 25 in NAT mode and left the router as a router and NAT type for playstation users sits at NAT type 2. Most of our users just dont want a strict NAT type just so that they can connect to more hosts than being limited by a strict NAT type.
I am literally lost on this latest customer because I set the router to AP and set the force 300 25 to bridge mode and still the xbox said strict NAT type.
Really appreciate the comments!!
The xbox needs these ports
If the customers router is bridged and your ePMP is doing DHCP / NAT then something you can do:
(1) On the radio Monitor > Network > DHCP Assigned IP Address Table find his xbox and copy the MAC address and note the IP address. (if the DHCP client table is empty, as happens with this crappy interface , look in the ARP table, which does not show Device Name so you will have to look up the MAC addresses on the LAN until you find the one that tracks back to Microsoft OR just reboot the radio, and as soon as it comes back up go watch the DHCP table and try to catch the xbox before it vanishes from the DHCP table)
(2) Configuration > Network > Ethernet Interface > DHCP Clients > Add
- Past the MAC address of the Xbox in the MAC field
- Enter the IP address you noted in the previous step in the IP field
- Enter Xbox or whatever you want in the Name field.
(3) Same page > Port Forwarding > Disable uPnP IGD
(4) Same page > De-Militarized Zone (DMZ) > Enable
- enter the IP address you noted initially and entered on the DHCP clients for the Xbox in the IP address field.
Save / Reboot
The radio should always hand the Xbox that same IP address and all ports should be forwarded to it.
Another way would be on step 4 to enable Data Port Forwarding instead of DMZ and just forward all the above ports to the ip of the xbox.
The downside is now you have a customer with a custom config that you have to remember / keep track of. As stated, the ePMP radios are bad about port forwarding breaking and requiring a reboot to fix so may want to make sure customer is made aware of how to power cycle the radio from time to time.
Edit: Oh I forgot, unless they changed it in recent firmware you can’t Forward or DMZ Port 80 if the Management interface/GUI is using Port 80 Configuration > System > General > Web Access > HTTP port change it to something besides 80 (even if you aren’t using HTTP unless, again, that was fixed recently)
Ok… so if the customer router is bridged, your ePMP radio is bridged … how does the xbox get an IP ? Are you still doing NAT somewhere ?
playstation will always say nat type 2 as long as the playstation can not open ports through the entire network (think firewalls and your outbound gateway routers). Type 1 if it can and open if there is nothing between it an the PSN to filter the connection (good luck! there is always something).
Xboxes just prefer to have public IP addresses since they do not use a proxy network to join/host games. We treat them like VOIP boxes that cant use stun and call it a day. 99% of the time its not that big of an issue for the client and those that it is are more than willing to pay for a business feed that we do not do anything to filter the traffic (not even bot/virus/DDOS filtering).
If this is a situation thats bothering you, then look to all of the settings for that routing that you setup and you may find that something very simple is either set/not set the way it should and make sure that route has UPNP enabled all the way to the gateway.
Thank you all for your comments and advice! Really appreciate it!! Got everything figured out for the customer. Again, really appreciate the feedback on this forum!!
Hi I have exactly same issue, can you please provide details how you fix it? tks
Hi, we ended up opening the port on our core router to the specific device, the Force 300 25 in NAT mode, and customers issue was solved. Not sure of your setup but @brubble1 and @Douglas_Generous commented earlier in the post and gave good advice as well. Are you using Bridge, router or NAT mode on the antenna? What are you using in customers home, router or AP?
I have them with nat static IP addreess on the CPE; then we put them a router but that router can be set up as AP as well so IPs are assigned from cambium CPE
So it sounds like you are saying your CPE (ePMP customer radio) is configured to router mode and on it’s WAN interface it has a static private IP and a router upstream is doing 1 to many NAT for it (and I assume other customer ePMP radios ?) or is this 1 to 1 NAT for some reason ? Then on the LAN side of the CPE you are doing DHCP / NAT to the customer’s equipment ?
I’m not sure how or if that can be made to work.
We have a similar setup as you. CPE is in NAT mode, it receives an IP from the edge router and we NAT 1:1 on the core router the private IP of the CPE with a Public IP address.
Hi CPE is configured as nat mode with a private IP 170.16.24.30 as example. Then LAN side of CPE is doing DHCP to customers home router
I’m even more confused. The 170.#.#.# isn’t a private range so now I don’t know if you are using a private range but chose for some reason to use a public IP as an example, don’t know what a private range is and/or are actually using a public IP. Or maybe you are intentionally using public IP addresses on your network as private addresses (which is fine as long as you make sure they never leak out the cloud side of your network). Or maybe you meant 172.16 instead of 170.16 ?
So I’m just going to assume you meant 172 instead of 170 and are doing NAT / DHCP at some point above your CPE. If you are doing 1 to 1 nat then then whatever device is upstream doing NAT for your CPE will need to be configured to either forward all ports or the specific x-box ports to the CPE’s IP address and then your CPE will need to be configure to forward those ports to the customer’s device (assume wifi router ? ) and then the customers wifi router will need to be configured to forward those ports to the x-box.
If you are doing 1 to Many ( Many CPE’s being NATed to a single public IP ) then I don’t know how you could forward ports to just 1 of the Many without breaking things for the rest of the Many. If however this is the only CPE behind that one public IP that needs those ports then I guess you could forward them to that one CPE (and then like above, forward to the customer router then forward to the xbox).
sorry I meant 172 doint 1 public IP to may CPEs
Without upnp enabled epmp radios will always show nat-strict. This just means that the nat table can not be modified by network members to set reserve ports per application (not reserved ports which are all ports between 0 and 1024).
For xbox users, the only real way to ‘fix’ their problem is to bridge a public IP to the xbox as MS does not actually provide for NAT STUN like PlayStation does.