Community discussions

 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

NAT problems - Xbox One and Nintendo Switch

Sat Feb 09, 2019 3:40 pm

Good morning everyone.

I do not understand NOTHING of Mikrotik and I am looking for help about a specific situation where I did not find help on the internet. I apologize for the lack of technical terms.

The situation is as follows: I live in a condominium and hired a company to do the following installation: we signed 4 internet links 100/30 MB, which "enter" the Mikrotik (model RouterBOARD 750G r3) at the concierge, and a cable "exits" Mikrotik, going to a switch right there at the gate. This switch, sends 4 or 5 network cables to the condominium posts, and we have another 4 or 5 switches on the poles, from which network cables go straight to the houses. Inside the house, I use a router (TP-LINK TL-WR849N) where it is necessary to put a user and password to authenticate.

Regarding usage, everything works very well: navigation, downloads, streaming, apps and etc, all in a satisfactory way.

The only drawback would be in relation to video games, more specifically online games:

- PS4: downloads are ok, rare connection errors with other users and allows online game in a satisfactory way;

- Xbox One: downloads ok, some connection errors, and shows the NAT as "strict", in addition to "double NAT detected"

- Nintendo Switch: here is the main problem ... downloads are ok, but it is practically impossible to play online ... I mention Mario Kart 8 Deluxe as an example. The game establishes a connection, but in match search it returns an error: "Could not connect to other consoles. There was a transverse NAT error."

I am absolutely sure that the errors occur due to our internet "scheme", since before, when each resident had his own ADSL internet, none of this happened.

Anyway, I strongly encourage you all to help me solve this problem, and I will asap provide any clarification. Thank you.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1364
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Sun Apr 21, 2019 6:01 pm

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
MTCNA, MTCTCE, MTCRE & MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2940
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: NAT problems - Xbox One and Nintendo Switch

Sun Apr 21, 2019 9:01 pm

Concur, the company should provide the design solution assuming you have detailed the user requirements properly.
This also assumes they purchased the mikrotik equipment. If not then CZFans idea is the correct one.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
victorsoares
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Mon Apr 22, 2019 4:23 pm

Well, from my experience the only sure way to get videogames to work without any NAT problems is using IPv6 or giving the client a valid and public IP address. My guess is that whoever designed this network used NAT to distribute the connections but forgot that the connections also arrive there on a CGNAT. Call the company that did the service and tell them to check for double NAT on your network. Maybe a call to your ISP`s can solve the issue too, but they will need to work together with the people that did the internal network.
MTCNA MTCRE
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Fri Apr 26, 2019 8:46 pm

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
Well, from my experience the only sure way to get videogames to work without any NAT problems is using IPv6 or giving the client a valid and public IP address. My guess is that whoever designed this network used NAT to distribute the connections but forgot that the connections also arrive there on a CGNAT. Call the company that did the service and tell them to check for double NAT on your network. Maybe a call to your ISP`s can solve the issue too, but they will need to work together with the people that did the internal network.

Thanks. The installation was made by a ex employer of the ISP.

I will try this first. If not works, the solution may be hire a consultant.
 
HzMeister
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Jan 28, 2018 9:48 pm

Re: NAT problems - Xbox One and Nintendo Switch

Fri Apr 26, 2019 9:36 pm

The tplink router might be the second nat. If they didn't configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap.
Unplug the wire going into the WAN port of the tplink and plug into into any LAN port.Then you must be sure that the dhcp server is disabled in the router's settings for there to not be conflicts with the mikrotik.
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sun Apr 28, 2019 10:16 pm

The tplink router might be the second nat. If they didn't configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap.
Unplug the wire going into the WAN port of the tplink and plug into into any LAN port.Then you must be sure that the dhcp server is disabled in the router's settings for there to not be conflicts with the mikrotik.
Thanks, I will give a try...

basically, i must:

1. put the wire into any LAN port
2. acess the TPLINK page
3. Disable dhcp server

that´s it?

I have some questions...
1. how the tplink router will handle with the login/pass from the mikrotik settings?
2. Do I have to change the router's operation mode?

sorry but I have really basic knowledge about network settings

thanks
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sun Apr 28, 2019 10:18 pm

Well, from my experience the only sure way to get videogames to work without any NAT problems is using IPv6 or giving the client a valid and public IP address. My guess is that whoever designed this network used NAT to distribute the connections but forgot that the connections also arrive there on a CGNAT. Call the company that did the service and tell them to check for double NAT on your network. Maybe a call to your ISP`s can solve the issue too, but they will need to work together with the people that did the internal network.
Victor I live near Ubatuba...

can you send me your email so we can talk?

thanks
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Jun 10, 2019 4:15 am

The tplink router might be the second nat. If they didn't configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap.
Unplug the wire going into the WAN port of the tplink and plug into into any LAN port.Then you must be sure that the dhcp server is disabled in the router's settings for there to not be conflicts with the mikrotik.
it does not work :(

thanks
 
anav
Forum Guru
Forum Guru
Posts: 2940
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: NAT problems - Xbox One and Nintendo Switch

Mon Jun 10, 2019 4:36 am

Hey Rodrigo,
This is a decent guide for adjusting the TP link.
https://www.dslreports.com/faq/11233

What I am not clear on is the logging in part of your users.
Do you mean to use the Access Point (radio part) of the TP links (ssid and password)?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sat Jun 29, 2019 9:07 pm

Hey Rodrigo,
This is a decent guide for adjusting the TP link.
https://www.dslreports.com/faq/11233

What I am not clear on is the logging in part of your users.
Do you mean to use the Access Point (radio part) of the TP links (ssid and password)?
I don't know if I can explain it better...

All users must use an router (configured as router, not AP) and insert an user name and password (PPPoE, configured on Mikrotik) to acess the internet.

For example, here at home to acess my TPLINK the adress is 192.168.0.1
to acess Mikrotik, the adress is 10.5.0.1

the user, internet speed and their passwords are all over Mikrotik

Here is more info:

LAN

IP ADRESS: 192.168.0.1
Máscara de Sub-Rede:255.255.255.0
Operation Mode: Router
Name (SSID):RODRIGO (Every home has it own SSID, using its own router)

WAN

IP ADRESS: 10.5.0.231(PPPoE)
Máscara Sub-rede:255.255.255.255
Default Gateway:10.5.0.1
DNS server:10.5.0.1 192.168.3.1

Hope it can help

thanks again
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sat Jun 29, 2019 9:30 pm

Some more info (from Mikrotik)...

# Action Chain Src. Address Dst. Address Protocol Src. Port Dst. Port Any. Port In. Interface Out. Interface Bytes Packets
-D 0 masquerade srcnat ether1 109.9 MiB 982 142
-D 1 masquerade srcnat ether3 104.9 MiB 817 521
-D 2 masquerade srcnat ether2 103.0 MiB 713 636
-D 3 masquerade srcnat ether4 100.8 MiB 699 116
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Aug 12, 2019 5:56 am

six months and I still have no solution...

I need more help, please

thanks
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1364
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Thu Aug 15, 2019 12:42 am

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
See above
MTCNA, MTCTCE, MTCRE & MTCINE
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sun Aug 25, 2019 5:22 am

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
See above
I’ve already talk with two consultants... both don’t know what to do...

Honestly, I’m start thinking that Mikrotik can’t handle this...

What a pity
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sun Aug 25, 2019 10:01 pm

So to sum it up, everything works well, except few devices and who knows what crazy things they are doing. We know close to nothing about your config. There's one RB with four connections to internet. Then there are several switches and you do something with PPPoE in LAN. No exact config. We even have no idea how many NATs are there. Most likely one on RB, probably another on TP-Links, and it may not be all, because we don't know if RB itself has public addresses or not, so there might be another one at ISP.

Since we don't know any better what to change, getting rid of NATs is good start. It won't be possible to get rid of all, but only one should remain on RB. So first make sure that all internet connections on RB have public addresses, i.e. they are directly on RB itself. Then you'll need to get rid of NAT on TP-Links. Problem is, I'm not sure if they can do it while keeping PPPoE uplink.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Aug 26, 2019 5:32 am

Yes, you're right @sob.

You know close to nothing about my config because I don't know what you need to know. I'll be glad to give you every detail, you just need to show me what you want and how I can obtain it.

I'm not sure if all internet connections on RB have public adresses. How can I confirm it?

User @HzMeister said that " If they didn't configure the rb750gr3 in a way that would prevent it, you could just use that as your router and use the tplink as a switch+ap". How can I confirm that configuration?

Glad for your help.

Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Aug 26, 2019 4:31 pm

I won't lie to you, "how do I recognize public IP address?" is not good start. And following steps are more difficult.

Anyway, look in IP->Addresses and check what's on uplink intefaces (internet connections). If it's 10.x.x.x, 192.168.x.x, 172.16-31.x.x or 100.64-127.x.x, it's not public.

Next, it can't hurt to share your config. I think I have an idea what should be there, but who knows, life is full of surprises. You can do:
/export hide-sensitive file=myconfig
And then paste the content of resulting myconfig.rsc here in code tags. The hide-sensitive option will automatically skip stuff like passwords. In case you do have public addresses, you may want to not share them with whole world, so you would have to hide them manually. They will be in exported config only if they are static. Don't just replace everything with x.x.x.x or something, it needs to remain clear what's where, so if you'd have e.g. 159.148.147.205, change it to x.x.147.205 consistently in all places. And same for the rest, we need to be able to tell one address from another. Don't touch non-public addresses (see above), they are not unique, so not sensitive.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
erlinden
Member Candidate
Member Candidate
Posts: 166
Joined: Wed Jun 12, 2013 1:59 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Aug 26, 2019 5:14 pm

Please connect your Xbox to the cable that connects your house (and currently your TP-Link). Do the problems still occur?

Besides, can you post a tracert forum.mikrotik.com (do you know how to use the command prompt and how to copy from it)?
 
User avatar
victorsoares
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Mon Aug 26, 2019 7:55 pm

Well, from my experience the only sure way to get videogames to work without any NAT problems is using IPv6 or giving the client a valid and public IP address. My guess is that whoever designed this network used NAT to distribute the connections but forgot that the connections also arrive there on a CGNAT. Call the company that did the service and tell them to check for double NAT on your network. Maybe a call to your ISP`s can solve the issue too, but they will need to work together with the people that did the internal network.
Victor I live near Ubatuba...

can you send me your email so we can talk?

thanks
Sure thing, my e-mail is victorsoares@ultrasolucoes.com
MTCNA MTCRE
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Tue Aug 27, 2019 4:35 am

@erlinden, the Xbox says that I'm not connected to internet. No IP given. Nothing.

Here's the result from prompt:

1 2 ms 2 ms 51 ms 192.168.0.1
2 3 ms 3 ms 3 ms 10.5.0.1
3 5 ms 3 ms 3 ms 192.168.3.1
4 5 ms 5 ms 4 ms gateway-myauth.persisinternet.com.br [xx.xx.109.1]
5 8 ms 24 ms 12 ms core06-cus-apu-to-vl-410.persistelecom.com.br [xx.xx.62.254]
6 8 ms 9 ms 23 ms core02-ara-at-re1-407.persisinternet.com.br [xx.xx.56.89]
7 8 ms 5 ms 6 ms acesso-56-85.persisinternet.com.br [xx.xx.56.85]
8 9 ms 7 ms 11 ms core02-ara-at-re1-406.persisinternet.com.br [xx.xx.56.81]
9 11 ms 12 ms 28 ms border02-ldb-dc-vl-536.persistelecom.com.br [xx.xx.63.185]
10 * * * Esgotado o tempo limite do pedido.
11 31 ms 20 ms 21 ms ae24-190g.scr4.gru1.gblx.net [xx.xx.100.1]
12 * * * Esgotado o tempo limite do pedido.
13 126 ms 124 ms 123 ms ae1-300g.ar5.mia1.gblx.net [xx.xx.94.249]
14 * * * Esgotado o tempo limite do pedido.
15 245 ms 246 ms 245 ms ae-125-3515.bar1.helsinki1.level3.net [xx.xx.203.26]
16 724 ms 402 ms * xx.xx.123.22
17 407 ms 371 ms 397 ms xx.xx.223.130
18 * * * Esgotado o tempo limite do pedido.
19 * * * Esgotado o tempo limite do pedido.
20 * * * Esgotado o tempo limite do pedido.
21 385 ms 371 ms 370 ms xx.xx.147.205

** insert the "xx" ok


@sob I know what is a public/private IP, I don't know HOW to see that on mikrotik, sorry.

On IP/addresses I got:

ether 1 192.168.1.100/24 and 192.168.1.0
ether 2 192.168.2.100/24 and 192.168.2.0
ether 3 192.168.4.100/24 and 192.168.4.0
ether 4 192.168.3.101/24 and 192.168.3.0

ether 5 is 10.5.0.0

mine is 10.5.0.234

Here is the "myconfig" file...

# aug/26/2019 22:15:29 by RouterOS 6.36.1
# software id = 8AZ2-KDTR
#
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=PPPoE ranges=10.5.0.2-10.5.0.254
/ppp profile
add change-tcp-mss=yes comment="Toda banda" local-address=10.5.0.1 name=FULL \
remote-address=PPPoE use-upnp=yes
add change-tcp-mss=no comment=5mb local-address=10.5.0.1 name="5 MEGA" \
only-one=yes rate-limit=5100k/5100k remote-address=PPPoE
add change-tcp-mss=no comment=10Mb local-address=10.5.0.1 name="10 MEGA" \
only-one=yes rate-limit=10100k/10100k remote-address=PPPoE
add comment="20 mb" local-address=10.5.0.1 name="20 MEGA" rate-limit=\
20000K/20000K remote-address=PPPoE use-upnp=yes
/interface pppoe-server server
add authentication=pap,chap disabled=no interface=ether5 keepalive-timeout=30 \
max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=Server
/ip address
add address=10.5.0.1/24 interface=ether5 network=10.5.0.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether1
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether2
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether3
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether4
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=drop chain=input dst-port=53 protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=route_1 passthrough=no per-connection-classifier=\
both-addresses:4/0
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=route_2 passthrough=no per-connection-classifier=\
both-addresses:4/1
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=route_3 passthrough=no per-connection-classifier=\
both-addresses:4/2
add action=mark-routing chain=prerouting dst-address-type=!local \
new-routing-mark=route_4 passthrough=no per-connection-classifier=\
both-addresses:4/3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether4
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=route_1
add check-gateway=ping distance=2 gateway=192.168.2.1 routing-mark=route_2
add check-gateway=ping distance=3 gateway=192.168.3.1 routing-mark=route_3
add check-gateway=ping distance=4 gateway=192.168.4.1 routing-mark=route_4
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1
add check-gateway=ping distance=3 gateway=192.168.3.1
add check-gateway=ping distance=4 gateway=192.168.4.1
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=ether2 type=external
add interface=ether3 type=external
add interface=ether4 type=external
add interface=ether5 type=internal
/ppp secret
add name=teste profile=FULL service=pppoe
*** list of users...
add name=rodrigo profile="20 MEGA" service=pppoe
/system clock
set time-zone-name=America/Sao_Paulo
/system routerboard settings
set memory-frequency=1200DDR protected-routerboot=disabled
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Mon Sep 02, 2019 7:35 pm

@erlinder
@sob

any ideas?

thanks
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT problems - Xbox One and Nintendo Switch

Tue Sep 03, 2019 3:39 am

Sorry, I sometimes put some topics aside, to have a better look when I have more time, but sometimes it happens that they get lost among other browser tabs.

I see two possible problems:

1) Too many NATs. You have at least three and no easy way to get rid of them. With some luck, the one at ISP may be NAT 1:1 (less bad), but it's not guaranteed. You could get rid of one from where TP-Link is, but it may not be possible with TP-Link and PPPoE, because it's simple home router and they usually have only few predefined modes and no advanced config is possible. Before you start playing with that, try to connect your gaming device directly to RB. Add another subnet to free port, enable DHCP server on it, connect the device there and test if works better.

2) PCC (load balancing). I don't know how much these devices try to punch holes through NAT and make direct connections, but it they do, PCC can be a problem, because connections to different devices can use different uplinks. So start with this, because it's easy to test. Add new rule:
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-type=!local new-routing-mark=route_1 passthrough=no src-address=10.5.0.X
where 10.5.0.X is your TP-Link's WAN address, and move it before existing rules. It will make all connections from your network use only single uplink. And see if it helps.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
anav
Forum Guru
Forum Guru
Posts: 2940
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: NAT problems - Xbox One and Nintendo Switch

Tue Sep 03, 2019 11:01 pm

One thing to consider has anyone on the forums actually stated they have a working LIVE XBOX or NINTENDO with MIKROTIK??? By that I mean interactive gaming. I use NINTENDO myself for games and there is another user of XBOX in the house. That person can also play games. These are purchased games with no live interaction - playing against others.
I have never tried interactive gaming with my NINTENDO but the XBOX user couldn't get it to work when attempted. I tried separate VLANS and many other tricks and never got his XBOX to work in live gaming scenario. So unless someone here can prove they have successfully implemented XBOX or NINTENDO connectivity for interactive gaming, the OP may have a point which has nothing to do with TP link etc.............. but points to some NAT peculiarity with MT products........... nothing surprises me anymore!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT problems - Xbox One and Nintendo Switch

Tue Sep 03, 2019 11:30 pm

VLANs by themselves won't help you, the problem is incoming traffic and NAT. In ideal world, each device would have own public address and they would be able to connect to each other directly. But there are not enough public IPv4 addresses for everyone, you need to hide multiple devices behind one common address, that's what NAT does. But it ruins incoming connections, because each internal device is no longer directly addressable.

There are some ways how to get around that (search for "NAT punching"), but those are all hacks with no guarantees. The only reliable way is port forwarding, where ports are really open for anyone. I don't know if any of those gaming devices support some kind of static config, I'd expect that most people would be too lazy to configure it. So your best chance is working UPnP where devices can open ports automatically. But for that to work, you need public address directly on your router, i.e. only one NAT. If you have double, triple, ..., you'd need some UPnP proxy on each router, but it's definitely not common thing.

Then there's IPv6 with enough public addresses for everyone, it should be the best solution. But for some reason people seem to put much more effort into NAT traversal (which is dead end), instead of adopting real solution.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1364
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Tue Sep 03, 2019 11:34 pm

My son plays xbox with other players on www, only have Mikrotik in my house :-)

The OPs problem is all the NATs along the path
MTCNA, MTCTCE, MTCRE & MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2940
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: NAT problems - Xbox One and Nintendo Switch

Wed Sep 04, 2019 5:34 am

My son plays xbox with other players on www, only have Mikrotik in my house :-)

The OPs problem is all the NATs along the path
Can you post your settings for xbox as I cannot get my guest to play games against others over the internet :-(
Also can you list which games specifically work?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
RodrigoBrito
just joined
Topic Author
Posts: 16
Joined: Sat Feb 09, 2019 3:33 pm

Re: NAT problems - Xbox One and Nintendo Switch

Thu Sep 05, 2019 6:34 am

@sob tryed the config, but had no sucess...

It looks like this

# Action Chain Src. Address Dst. Address Protocol Src. Port Dst. Port Any. Port In. Interface Out. Interface Bytes Packets
- D 0 change MSS forward 6 (tcp) all ppp 0 B 0
- D 0 change MSS forward 6 (tcp) all ppp 306.5 MiB 5 391 646
-D 1 mark routing prerouting 10.5.0.234 178.9 KiB 1 055
-D 2 mark routing prerouting 58.4 GiB 370 988 753
-D 3 mark routing prerouting 72.6 GiB 420 297 717
-D 4 mark routing prerouting 87.5 GiB 414 299 216
-D 5 mark routing prerouting 61.7 GiB 422 708 090

But it DOES change something...

1. Xbox says that my NAT is "not available" (xbox.com/xboxone/Teredo). When I run the NAT test, it says that I can't get an IP Teredo, or something

2. On my TP-Link, under the Status/WAN, the DNS server now says 10.5.0.1 xx.xx.58.254 (before was 10.5.0.1 and 192.168.3.0 or something)

3. On Nintendo Swith the traversal NAT stays.

thanks again
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1364
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Thu Sep 05, 2019 6:34 pm

My son plays xbox with other players on www, only have Mikrotik in my house :-)

The OPs problem is all the NATs along the path
Can you post your settings for xbox as I cannot get my guest to play games against others over the internet :-(
Also can you list which games specifically work?

Have nothing special in my FW rules that has not been mentioned / discussed here ad nauseam, but must come with a warning, I make use of UPnP.
My son has not yet had any issues with any of his games, i.e. Minecraft, Battle Field 4, Call of Duty, etc
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward comment="Allow Established / Related" connection-state=established,related,untracked
add action=accept chain=forward comment="Allow New connections from LAN" connection-state=new in-interface-list=Trusted
add action=accept chain=forward comment="Allow if Destination NAT Rule" connection-nat-state=dstnat in-interface-list=WAN
add action=drop chain=forward comment="Default Drop" in-interface-list=WAN
MTCNA, MTCTCE, MTCRE & MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2940
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: NAT problems - Xbox One and Nintendo Switch

Fri Sep 06, 2019 11:32 pm

So upnp is enabled on the router?? (wondering as you have no special fw rules for it)
Can you post your UPNP settings........ there seems to be interfaces and type that are configurable.
Assuming on first page you select enabled vice show dummy rule
(how do you narrow it down and what is minimum required).
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1364
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: NAT problems - Xbox One and Nintendo Switch

Sat Sep 07, 2019 12:05 am

Not at laptop now, but the interfaces are just which is internal and which is external, i.e. In my case, PPPoE interface is external and bridge is internal

UPnP will dynamically create the relevant NAT rules, hence the warning, internal devices can open network access to the outside world
MTCNA, MTCTCE, MTCRE & MTCINE
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT problems - Xbox One and Nintendo Switch

Sat Sep 07, 2019 1:22 am

@RodrigoBrito: I'm affraid there's no easy solution for you. It's probably the "too many NATs" problem. For best chance for success, you'd have to change a lot. You'd need to convince ISP to deliver public addresses directly to your main router. Then you'd probably have to get rid of TP-Links and replace them by something else, because I doubt that you can configure them without NAT while still keeping PPPoE for authentication. Even if that was possible, or if you'd set authentication aside for the moment and configured TP-Links as simple ethernet routers (that could be supported), having user devices in different network would prevent them from using UPnP (which is the best chance to get things working), unless there would be some UPnP proxy on TP-Link (I don't know how much common is that; RouterOS doesn't have it). You could probably come up with some other way (instead of PPPoE) how to isolate users' networks (again not so much likely with TP-Links), make some tunnels to main router and bridge them with users' networks, so they would be directly connected subnets to main router and devices would be able to use UPnP and everything should work. Only it would be security disaster, because there's no access control in MikroTik's UPnP server (*), so anyone would be able to open ports to anyone else's devices.

(*) Before @anav asks, it's not problem if you have only your own LAN with trusted devices.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 23 guests