Since this is my first post I’ll introduce myself before asking for everybody’s help I recently purchased a Routerboard 433 for my home because we kept burning out cheap consumer routers. I have 5 roommates plus myself (college…) in my house, so in total there are 6 computers, 4 XBox 360s, 2 PlayStation 3 consoles, and a wifi VOIP phone (T-Mobile UMA). The entire house is networked over 100mbps Ethernet and wireless. I believe everyone is using the wired connection except the phone and a laptop. As you can imagine, with 10+ hosts and multiple QOS rules for voice traffic, etc, I needed more than 16MB of RAM. All this then feeds into the Routerboard which is NATed over a 6mbps (800k up) ADSL connection with a single public IP.
Now I am fairly qualified when it comes to networking. I am a junior electrical engineering student and work for my university networking and telecom. department, but we have so many public IPs (its ridiculous, we throw them around like candy…I want a few) that my experience with NAT is fairly limited. I also mainly use Cisco IOS, so I love that RouterOS is setup a lot like IOS is. My problem is with XBox Live. Its a real pain and very picky about NAT implementations. Since there are 4 of Xbox hosts, individual port forwarding is not an option. I also do not have access to my roommates consoles or systems, so all settings must be configured from the router.
So far I have setup a simple src-nat with masquerade, and enabled UPNP. Each machine gets a static DHCP lease. This results in what the Xbox calls a “Moderate” NAT type - I want an “Open” NAT type (strict is the worst I guess). Unfortunately there seems to be very little technical information available about what Xbox live actually wants. All Microsoft can do is recommend an “Xbox live certified router” or tell me to forward UDP port 3074. Neither of these is an option. The odd part is - the DD-WRT box with UPNP worked fine with multiple consoles, as does a $25 Netgear wireless router with UPNP on. But again, none of these tell me what is actually going on! They are so simple I can’t seem to replicate their settings.
Does anybody have any suggestions? If a crappy Netgear or DD-WRT can do it, RouterOS must be able to. I have tried 3.17 and 4.0Beta1. It seems to be more than just turning on UPNP, unless the RouterOS implementation of UPNP isn’t working correctly with the XBox. If anyone has solved this issue (or a similar issue with NAT and identical private host applications) please let me know! And thanks for the great forum!
Yes I did. UPNP seems to be enabled because the upnp testing app on Windows sees an xbox and a Vista media share. However, enabling/disabling UPNP does not change the reported NAT type on the Xbox. The only thing that I can think of is that Mikrotik’s UPNP implementation is not correct.
Put on 4 extra IPs, one for each xbox. DST nat them in and out on a 1 to 1 basis or configure them with public IPs and route them out (if possible) .
Simply put, if you have more than one xbox behind the NAT, only one can function correctly, regardless of UPNP or your dstnat rules. The only way to fix this, is to get more public IPs for each xbox. Everything else will work fine though one IP.
That makes sense, but I swear it worked fine with DD. Although I never tested them simultaneously (its probable that only one was “open” while the other was “moderate” during simultaneously play). Getting more public IPs is out of the question. I’m pretty sure AT&T DSL would charge an arm and a leg for additional IPs I assume. Very rarely are two Xbox systems online at the same time - the main thing I need is for port 3074 UDP to automatically be forwarded to whichever Xbox needs it - even if it is only one at a time. I can’t think of a good way to do this - which is why upnp exists.
The only solution I can think of is to create a separate 4 - IP DHCP pool, with the first IP in the pool having the forwarded port. I could make the lease time small, like 1-2 hours, and only put the Xbox’s in that pool. I don’t know if it is possible to restrict certain MACs to certain pools though. I can’t put them on a separate VLAN because every host, including PCs, is attached to a non-managed switch in the basement. That way, whichever Xbox is turned on first will grab the IP with the forwarded port. Seem possible?
The MT UPnP will not work with one Xbox. I have tested it several times and it will not work. The XBox does work with Linksys and Netgear UPnP routers, even with multiple XBox consoles being used. I really would like to see a solution to this problem also.
Well I am extremely upset. This is a complete deal breaker for me. I absolutely LOVE RouterOS (being a Cisco IOS guy), but with a broken UPNP I just can’t use it on my network. Actually, this really puts me in a hard place. I have this $140 Routerboard433 I just purchased. RouterOS doesn’t have a working UPNP, so I can’t use it. OpenWRT Trunk won’t work because the QOS package causes kernel panics (“known issue”). Awesome. I have a useless RouterBoard…
This is true if you have multiple Nat’d firewalls (lets say 2 or more) than the UPNP does not seem to work. And if you have multiple users/clients behind that one UPNP firewall the ports get allocated and it does not seem to work. I have had this problem from day one. What I do is I usually either do one of two things. Do the src-dst 1:1 NAT with an external public IP address for that one customer or I use a different wireless vendor and place it into a bridge mode. Once in bridge mode the customer will have some firewall with a public IP address on its router/firewall. This has been a huge problem and we have lost many customers I wish the UPNP would work for mulitple users. If so it is not documented well. All you should have to do is identify your external and your internal and enable the UPNP but it does not work. Those that have gotten it to work I do not think know what they are talking about. They probably do not have a WISP/ISP or do not have any customers that need such a service. But game consoles even though they are purely entertainment we must address this issue. These are customers that can have their games work on a crappy DSL line but for a high performance wireless symmetrical broadband we can not give a user UPNP it is horrible..
We always charge like $5(USD) additional a month for a public IP address for the gamer’s wireless setup.
If any one can correct me on this and tell me I.m an idiot I would love them to do so, so that I can properly set up UPnP. I challenge some one to show me a working network and what they are doing. I CHALLENGE you with a proper respectful response with intelligent detail. NOT an RTFM response.
Perhaps their is a limitation to how many IPs can reside in the internal side of the network for the UPNP to work. If so these limitations have not been expressed.
Please do not take my tone so harshly I have just been battling this issue now for two years and I would like to see a proper response to this topic.
Can you get a 2nd DSL line from AT&T?
Perhaps it is cheaper than getting more IP’s.
It would let the XBox get more speed and AT&T would like you spreading your traffic over two lines instead of maxing out the one line.
But, you would need to get even more lines to get each of the 4 XBoxes online fully.
Perhaps you could use another router to do NAT & UPnP and use the Mikrotik as a Bridge doing some QOS, IP Firewall, or Bandwidth shaping.
I recently purchased a Routerboard 433 for my home because we kept burning out cheap consumer routers. I have 5 roommates plus myself (college…) in my house, so in total there are 6 computers, 4 XBox 360s, 2 PlayStation 3 consoles, and a wifi VOIP phone (T-Mobile UMA). The entire house is networked over 100mbps Ethernet and wireless. I believe everyone is using the wired connection except the phone and a laptop. As you can imagine, with 10+ hosts and multiple QOS rules for voice traffic, etc, I needed more than 16MB of RAM. All this then feeds into the Routerboard which is NATed over a 6mbps (800k up) ADSL connection with a single public IP.