Forum Discussion
double nat on console home internet
I’m on an Xbox series x wired directly to the modem. My download speed is fine but I can’t get my NAT type from strict to open. The Xbox says this is because of double nat. Is there any way I can get rid of the double nat?
- Dbro8423Newbie Caller
JayBo wrote:
My NAT type is always moderate. No matter what and I am for sure double NAT’d. But everything works for me. I’m plugged Ethernet into my Linksys which is hooked to the Nokia trash can router
Is the speeds slower when connecting to another modem/router and using that router also are you using the arch modem
- JayBoNewbie Caller
My NAT type is always moderate. No matter what and I am for sure double NAT’d. But everything works for me. I’m plugged Ethernet into my Linksys which is hooked to the Nokia trash can router
- Dbro8423Newbie Caller
Can some one please enlighten me on this double nat type bs please tell me they will fix this soon on the new 5g arch modem
- djb14336Bandwidth Buddy
Run a scan for ports that are supposed to be open.
BY DESIGN their XLAT464 approach BREAKS this functionality.
https://datatracker.ietf.org/doc/html/rfc6877
From the introduction:
This document describes an IPv4-over-IPv6 solution as one of the techniques for IPv4 service extension and encouragement of IPv6 deployment. 464XLAT is not a one-for-one replacement of full IPv4 functionality. The 464XLAT architecture only supports IPv4 in the client-server model, where the server has a global IPv4 address. This means it is not fit for IPv4 peer-to-peer communication or inbound IPv4 connections. 464XLAT builds on IPv6 transport and includes full any-to-any IPv6 communication.
So long as an application in question is reliant on unsolicited inbound v4 connections, their dual stack solution BREAKS THEM BY DESIGN, because they have yet to take proper measures to guard against it.
For example, I just set things up locally... even dropped some security to allow pings and whatnot, and this is the result I got testing to the first one of the UPnP requested ports for my PS4:
Port 9308 does not appear to be open.
Even connecting the PS4 directly via ethernet fails.
When running through my router, nothing registers as an attempt being made. Not even a basic ping attempt registers.
TMO's topology clamps down on things before the packets reach this layer.
My PS4 THINKS I am on NAT-2, because UPnP is negotiating the rule to open the port... but when something tries to actually get through directly on that port, it fails. Because their topology does not support such inbound communication.
Only ways known so far to get around this is via a separate tunnel that allows such p2p traffic (like a GVPN and such), actual functional v6 delegation instead of relying on v4, or for the application in question to instead use a stateful v4 connection type like the typical more dedicated TCP server connections.
But the more direct UDP and other P2P models a lot of games have started integrating (and that consoles actually use in the background), it breaks certain functionality.
- dispatcher21Network Novice
Yeah, whatever. I have 1609 and I have an open NAT and all chat functions work properly. Does it matter how the firmware fixed it? Nope, just that it works.
- djb14336Bandwidth Buddy
dispatcher21 wrote:
What firmware are you running on your can? I have 1609 and have open NAT with my xbox.
Misleading status. UPnP may be negotiating the forwarding rules so the console "thinks" you have open NAT... but as mentioned earlier, the XLAT464/CGNAT approach breaks the ability to forward ports from the internet to your local network... by design. It was well documented in the RFC on it like a decade ago.
The same thing happens with PS4 when you set up a router in front of their modem--it negotiates and opens ports locally on your router and appears legit and all... but the higher TMO layers muck things up when the game NEEDS the UDP packets forwarded properly.
Because there is no initial outbound stateful inspection/logging that unsolicited inbound traffic gets filtered/blocked at the upper layers.
In the past some routers were found to track outbound UDP to get around some things in a way to bypass the need for port forwarding to some degree (like we saw back in the day with the Destiny franchise on some WRT routers)... but highly doubt that will work here (there Nokia device appears very limited feature wise).
Regardless of how our/their routers/modems function though, it still gets broken at a higher layer.
Again, because of how their XLAT464/CGNAT style setup works (or should I say, DOESN'T work).
- dispatcher21Network Novice
What firmware are you running on your can? I have 1609 and have open NAT with my xbox.
- wolver1n3Roaming Rookie
I am a network engineer and I am not dealing with this double NAT baby back BS.
I’ll be back once they get their act together, maybe.It’s BS needs to advertise as a hotspot not home internet we don’t get proper access to hardware nor a public IP, it’s definitely not “home internet”. I hope they realize there is a great number of people working from home and online gaming from home too, if I have to pay for extra services (VPN/NGROK) to get basic functionality working I may as well stay with cox and pay for simplicity, a public IP and somewhat decent access to the hardware. speeds can be at time better than Cox but I don’t just do internet browsing and they are not stable by any means.
I would use this only if you don't work from home, do not game online and or if you have no other option, lol.
Was going to do some xbox gaming this holiday, guess whos double NAT’ed at the ISP level…
What F’ing a joke this was, it was a good 2 days I guess.
I guess cox is till going to get my $.I have VPN and I can get my xbox online but that kills my speed so.. May as well go back to Cox for now,
I hate cox but this is just worse service at better prices at best. At least until they give us access to basic hardware settings with a public IP that IS NOT DOUBLE FREAKING NAT’ed.
- djb14336Bandwidth Buddy
Unfortunately, the fix is not just something as simple as a firmware update to their modem/router.
The core problem lies in their network topology on the other side of the modems. Basically, an infrastructure design issue that needs to be reworked first. They have large banks of v4 addresses, but for whatever reasons they will not assign those to us on a 1-1 basis like they do with the likes of Spectrum or ATT... instead they are used more like a VPN, potentially sharing one address with multiple clients (like a CGNAT setup).
As mentioned earlier: XLAT464. This is what they implemented to deal with mixed IPv4/v6 through the IPv6 portions of their network. As mentioned in the RFC on this like a decade ago, this core design breaks unsolicited inbound traffic that would require port forwarding to work.
There are some potential work arounds they could put in place, but it would require considerable resources and partial redesign of their networking strategies to make it work how we would need it.
Some have mitigated issues with their own VPN's, but YMMV... it would need to properly support P2P traffic, and in the case of game consoles would need to be running on a router as well.
- RrichiezNewbie Caller
This is really getting on my nerves tmobil should send an update or something i cant do anything. I really need to get this doubble nat thing resold. Any luch out there? Any one complaining to tmobile?
Related Content
- 2 years ago
- 5 months ago
- 3 years ago
- 3 years ago