Russ's Blog

• • Xbox Live NAT info (E.g. why you can’t play online)

    January 3rd, 2006

    I spent a day thinking about this and I think I know what’s going on so I’m going to try and save you the hassle of working it out for yourselves and attempt to explain what’s going on. None of this is official from Microsoft but has been discovered through experiments and by reading some of the pre-NDA documents that they’ve made available to router manufactures who want to get certified for Xbox Live compatibility.

    I’m going to do this in reverse so the people that know the terms can skip the explanation and those that don’t understand can keep reading until they do. Anyone reading this and thinking, ‘All you’ve got to do is open ports 88 and 3074′, you’re possibly correct but that isn’t guaranteed to fix it.

    The three NAT types.
    Microsoft have decided to separate NAT types into three classes Open, Moderate and Strict. Here’s what each of them means:
    Strict: You have a symmetric NAT.
    Moderate: You have a cone shaped NAT with port filtering or with UPnP turned off.
    Open: You have a cone shaped NAT with no port filtering or with UPnP turned on.

    So those are the types. A lot of people know about port forwarding and the basics of NAT but the whole symmetric/cone stuff was new to me so I’m guessing that it’ll probably be new to a lot of other people so I’m going to start by explaining that.

    NAT Shapes
    The shape of your NAT depends on your port allocation policy. Now what we call NAT is usually NAPT (Network Address and Port Translation), the port bit is what makes the different between cone and symmetric.

    When an private address makes a connection outwards the NAT has to assign a port number so that return traffic can be sent to the correct private device. What makes the difference for Xbox Live is how these port numbers are chosen for UDP packets.

    Symmetric NATs create a new entry (the name for the mapping of a external port to an private address and port) for every outgoing UDP packet if the destination and port aren’t the same. Cone NATs create a new entry only if the port number changes.

    So sending three UDP packets to three different machines (all on the same port) creates three entries on a symmetric NAT and one on a cone NAT. These two extra entries are what breaks stuff. When you talk to the Live servers they remember the port and tell other Xboxes to talk to you over that. If your NAT is symmetric then the NAT blocks the traffic from the other Xboxes as there’s only a rule for the Live server on that port.

    Changing your NAT shape
    This isn’t the easiest thing to do, and in some cases it isn’t possible at all. Even if you can it might limit you to a single Xbox inside your private network (though I’m not sure on that).

    The way I managed to change my NAT type was to add a special rule to my rules list, called a Basic rule on my router, that tells the NAT that it should only translate the IP address from connections from my Xbox and leave the port as it is. This ensures that only one entry is created for outgoing UDP packets with multiple destinations.

    If anyone knows ways of doing this on other routers post it in the comments section and I’ll update the doc.

    What’s NAT?
    Ok here comes a computer networks lesson hopefully it won’t be too boring.
    Every machine on the internet needs a name which is called an IP address and they’re usually in the form of 111.222.333.111 . Now there’s only a certain number of these available so your broadband provider (ISP) will only give you one and if you want to give more then one machine in your home access to the internet you need a NAT. If you have a gateway/router or are using the internet connection sharing in XP then that’s your NAT.

    Now each machine on the network in your home has an IP address in one of the private address blocks (192.168.*.* or 10.*.*.*), while these work fine in your house these don’t exist to the rest of the internet. Your NAT fiddles with the stuff going out and coming in so the rest of the internet thinks it’s coming from your NAT device (with your only internet IP) and forwards what comes back to the correct machine on your network.

    NAT Forwarding
    The thing is NAT entries are only created when one of your devices sends stuff out. If someone out there wants to talk to your Xbox that you haven’t talked to yet (say a friend trying to connect to play a game) then you’re NAT will just ignore them. Forwarding rules tell the NAT that when stuff comes in on a given port that it should be sent to this private IP (your Xbox).

    So to make things work you need to forward UDP ports 88 and 3074 and TCP port 3074 to the 360 and that should swap you between Moderate and Open.

    UPnP
    UPnP is thing that devices can support and it makes finding stuff and what it does easier for other devices. If you are using Internet Connection Sharing in XP or have a UPnP enabled router (with UPnP turned on) then the 360 can ask the router to do the port forwarding automatically so you don’t have to fiddle with it.

    Devices that I know work
    Finding Xbox Live certified routers in the UK seems to be tricky at the moment so I’ll try and collect a list of devices and firmware versions that work on Xbox Live here.

    • Netgear DG834Gv2 (with stand), firmware: 3.01.25.

    Posted in Uncategorized |
• • 
  • RSS Feed
  • Xbox Live NAT info (E.g. why you can’t play online)

  • Twitter Updates
  • Blog Archive
  • www.flickr.com

    More of rasmithuk's photos
    
• © Copyright 2007 Russell Smith