As the title suggests, I have 2 Xbox Ones on the same network. First off, here’s what I hope to achieve.
My wife and I like to play the same game at the same time. Trouble is that when we do this, the NAT does one of three things:
Box1 - Strict / Box2 - Open
Box1 - Moderate / Box2 - Moderate
Box1 - Strict / Box 2 - Moderate
My hope is to get both to be open, so that it doesn’t cause issues chatting or joining games.
I know that I need to forward the ports for both to get it to work correctly, but I’m really new to RouterOS. I may have this all sorts of screwed up, but here’s what I’ve got set up for my NAT.
I’m sure I’ve got this configured incorrectly. Those are just for one xbox. The other hasn’t been configured to forward the ports, as it seems to not work when I do that. Can anyone help point me in the right direction? I’m at a loss as to how to configure this to work. I’ve even considered getting another IP specifically for the second xbox, but from what I understand, I’d need another modem, and I’d prefer to not have to do that if I can get this working without it.
Unfortunately, what you are trying to achieve is impossible with only one IP.
Let me explain. NAT involves sharing a single external IP with multiple internal devices. To do this, the router swaps the source IP of each outgoing packet with it’s own IP, and then makes a note of the original IP, the destination IP, and the port that it went out on. The destination server will respond to that same port; and so the router will know which internal PC to route the return traffic to.
The problem is, what if the router recieves a packet which was unsolicited? Meaning that a packet arrives to the routers external IP, destined for port 88… But the router isn’t expecting any return traffic on port 88, and so it doesn’t know who to send this traffic to. These packets are usually thrown away.
dst-nat, or “Port Forwarding” as some call it; fixes this by the router “Hey, if you get ANY traffic on these ports, just send it to this IP over here.” Hopefully now you see the issue. There’s no way to port-forward to multiple IPs; There would be no way of differentiating between traffic intended for Xbox-#1 and Xbox-#2 when it arrived at the router.
P.S. The reason your rules won’t work, is that NAT rules are processed sequentially by the router. After it finds the first rule that matches, it NATs it and stops processing any rules further down.
That’s actually what I thought. So if I were to use a separate IP, with a separate modem, and used load balancing, would that do the trick? I actually have 2 IPs on my account, and one is currently not being used.
Universal Plug n’ Pwned? Why hand over control of your router to any internal device that wants it? In that case, Just open up ALL the ports; it’s just as secure and at least then nobody else can make changes to your NAT and firewall policies without your knowledge.
This is a home environment, why would I care if a device that needed a port open be able to open it with out any intervention from me? The only devices on my network are device that I have allowed access.
UPnP is there for a reason, it lets thing play nice together, just saying!
I’m not a fan of using UPnP. I get the reasoning for it, but I’ve never had consistent success with it.
I think I’m going to go the load balancing route following this guide. I’m not 100% sure that it’ll work how I’m hoping, given that this shows 2 different ISPs and I just have 2 different IPs from the same ISP, but it should be the same setup, in theory. http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways
I’ll test that out and see if it does what I’m looking for. Worst case, I’ll just buy another MikroTik and plug the second modem and xbox into that one.
Here’s a suggestion you might not have thought of:
As you know, NAT was developed to deal with address size restrictions of IPv4 and UPnP was developed to assist devices behind a NAT. IPv6 does not require a NAT. Windows 10 devices, including Xbox One, love IPv6. If you configure your network or subnetwork to use IPv6, you will get Open status on as many Xbox Ones as you wish, completely avoiding any UPnP issues. I’ve done this on my newly set-up network (just purchased a CCR router) and it works like a charm.