Jump to content
Dante Unbound: Known Issues ×
Dante Unbound: Share Bug Reports and Feedback Here! ×

Strict Nat

[DE]Glen

By [DE]Glen,
in Multiplayer

 Share

Recommended Posts

11.11.11

11.11.11

Posted
Posted

er, suppose we don't use a router? Cuz the internet i use is wi-fi borrowed from someone else, so i wouldn't even know where to begin aha...

 

That wi-fi you're accessing, is coming in all likelyhood from a wireless router. If you had access to that router, which it dosn't sound like you do - then you'd be able to try and attempt forwarding ports, or setting up a static IP for your computer - to try and solve an NAT issues you might be having.

Link to comment
Share on other sites
Varonth

Varonth

Posted
Posted

So I have the same problem with the Strict Nat message.

I also have quite some knowledge about network technology, programming in general, reading and analysing log files etc. (computer science student)

 

So first thought was, take a look at the .log files.

First thought when I opened EE.log -> Wow, what a nice looking .log file, with so many useful informations for all needs. And easy searchable aswell.

You guys have a really nice logging system there.

 

So here are the important parts of the .log file.

0.486 Net [Info]: UPnP disabled.2.452 Net [Info]: UDP socket created: localhost:3960 [private address: 192.168.2.2:3960]2.452 Net [Info]: Listening: localhost:39602.475 Net [Info]: UDP socket created: localhost:3962 [private address: 192.168.2.2:3962]2.475 Net [Info]: Created virtual connection for: 127.0.0.1:39602.648 Net [Info]: Created virtual connection for: 127.0.0.1:39624.112 Net [Info]: GameRulesImpl - changing state from SS_INVALID to SS_WAITING_TO_START4.115 Net [Info]: Replication manager disabled.41.550 Net [Info]: Name lookup: nrs.playwarframe.com 64.140.115.25141.678 Net [Info]: Name lookup: nrs2.playwarframe.com 64.140.116.22841.684 Net [Info]: IRC out: NICK Varonth41.745 Net [Info]: MatchingService::AggregateSessions41.815 Net [Info]: Name lookup: irc.playwarframe.com 96.47.186.23341.840 Net [Info]: NAT bound for client to 92.77.100.77:396341.842 Net [Info]: Completed 0 / 5 punch-throughs41.843 Net [Info]: NAT bound for server to 92.77.100.77:396141.858 Net [Info]: Pinging 64.140.115.251:396041.858 Net [Info]: Pinging 64.140.116.228:396041.991 Net [Info]: Test reply from 64.140.115.251:3960 (133ms), public address 92.77.100.77:396341.991 Net [Info]: Test reply from 64.140.116.228:3960 (132ms), public address 92.77.100.77:396441.992 Net [Info]: Network analysis complete. 2 of 2 hosts contacted.41.992 Net [Warning]: Strict NAT detected!

 

So those four lines

41.840 Net [Info]: NAT bound for client to 92.77.100.77:396341.843 Net [Info]: NAT bound for server to 92.77.100.77:396141.991 Net [Info]: Test reply from 64.140.115.251:3960 (133ms), public address 92.77.100.77:396341.991 Net [Info]: Test reply from 64.140.116.228:3960 (132ms), public address 92.77.100.77:3964

 

These are kinda weird.

 

Next step in trying to resolve the problem, was forwarding more ports, than the 3960 and 3962 ports.

So I forwared the portrange 3960-4000.

 

Same issue.

So in order to check if any incoming UDP packet on 3960 and 3962 can actually arrive, I closed the Warframe client and quickly wrote 2 small java programs.

UDPListener and UDPSender.

UDPListener creates 2 UDP sockets one bound on port 3960 and one on 3962. UDPSender sends 2 Datagrams containing 12 random bytes to me on those two ports.

So I gave that UDPSender program to another person, and told him to run it.

Results:

Got the Datagrams as expected.

 

These test let me assume that the problem is not on my side in terms of ports not forwared correctly etc.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

Same issue.

So in order to check if any incoming UDP packet on 3960 and 3962 can actually arrive, I closed the Warframe client and quickly wrote 2 small java programs.

UDPListener and UDPSender.

UDPListener creates 2 UDP sockets one bound on port 3960 and one on 3962. UDPSender sends 2 Datagrams containing 12 random bytes to me on those two ports.

So I gave that UDPSender program to another person, and told him to run it.

Results:

Got the Datagrams as expected.

 

These test let me assume that the problem is not on my side in terms of ports not forwared correctly etc.

 

 

This is basically what myself and a friend did using PortForward.com's utility. It couldn't find anything to suggest that our machines weren't able to communicate on those ports. So there's definatley something fishy going on. 

Link to comment
Share on other sites
se05239

se05239

Posted
Posted (edited)

My Strict NAT mysteriously disappeared one morning, by the way. I didn't do anything on my part, but I am relieved that its finaly gone. So much time wasted with port forwarding and system changing. None of that crap worked anyways. 

 

They don't want to admit it, but the Strict NAT issue is probably more on DE's part than our.

Edited by se05239
Link to comment
Share on other sites
Lexarc

Lexarc

Posted
Posted

i have this awesomely weird problem.... i would have the usual strict nat and firewall bullcrap problem but when i leave my pc on and not shut it down and just basicly keeping it connected to the net, after about like a few hours to a day, i would be able to see people in my friend list and join peoples games and i can even host... the weird thing here is , it feels like i have to wait for a certain amount of time from the moment i first connect to the internet before i can do these things, its like a warm up or something...... weird...

Link to comment
Share on other sites
Varonth

Varonth

Posted
Posted

So I opened a support ticket today, which gave me a bit more insight about the problem, and have a temporary solution for myself which might work for others aswell. I say temporary because it opens quite a few possible security holes.

 

So the problem is, that my router assigns a new public port to each new host I am connecting to, instead of reusing the same UDP port.

 

---

 

A bit of network technology explanation, skip if you don't care:

The UDP protocol is a connectionless protocol unlike TCP (the two most common protocols for the transport layer). Easy spoken, when you send a UDP packet you give it the destination and throw it into the internet. You will not know if it will actually arrive on the otherside, unless there is an application which sends you a response. It is fast though, and you can use the same port for incoming traffic from multiple sources (the source address and port are also written into the UDP packet).

TCP works differently as it is a connection based protocol. When an application wants to talks to another application via TCP it first has to establish a connection. When doing this, the operating system (Windows in this case) binds a new TCP socket on a so called ephemeral port (mostly in the higher 40000-60000 range). The port it is connecting to is a TCP socket especially made to establish these connections (listener sockets).

Whenever they do this, the router also knows that a new TCP connection was established.

A common case would be surfing in the internet via HTTP.

HTTP uses TCP port 80, but you probably never forwarded that port, yet you can surf just fine. That is because you don't have to accept incoming connections on port 80 (unless you are running your own webserver). When you connect your computer and the webserver establish a TCP connection, and after that the webserver will send you data to lets say port 50000.

Now a router can connect multiple devices to the internet, although it just has one internetconnection. This is where NAT comes into play. When you send a packet the router translates it into another one by modifying the IP address. Instead of your LAN address like 192.168.0.2 it changes it to your WAN address (your Internet IP). And it also keeps track which LAN client uses which ports when they start a connection so that it relays packets send to the WAN port over to your PC by modifying it back to the LAN port. So when your computer establishes a new connection the router does alot of stuff so that your computer can do this, while another computer can do something similar aswell.

If two computer try to use the same port, the NAT can actually assign a different public port and map it in a way, that it know that 50001 is actually 50000 on computer 2.

This works fine, aslong as you are establishing connections. But in P2P games like Warframe, over players might try to join you, so they are trying to connect and you are actually the one who has to accept new connections. Since your router cannot know by default that a new, incoming connection should be relayed to your computer it will just block/drop those. You then have to setup portforwarding rules, which will tell the router:

Incoming traffic from that port should go to this computer on this port.

Now my router, and probably others aswell, will for no really good reason I can think of, also assign a new public port to new UDP hosts instead of reusing the one we actually want to use. That is the reason why the .log file showed some new public ports. The warframe NAT check will then get a UDP datagram which includes your IP address and a wrong public port. It will respond to that public port, but no application on your side is going to answer to that port.

From that point your connection will be flagged with that strict NAT. If you try to connect to someone without strict NAT it will work fine. You connect to them, they get your public port and everything goes fine, but the servers cannot matchmake you with just strict NAT players, as it cannot tell anyone which port can be used to connect.

So how did I bypass this. Well my router supports DMZ which basically puts the computer before the NAT basically giving your computer the unfiltered incoming traffic from the internet. This of course opens alot of possible security holes, but might be the only solution if you cannot afford a new router. A working firewall is a must have in that case.

 

---

 

The fix for me was to put my computer into my router's DMZ. This isn't the most recommended thing to do, and you should not do that unless you know for sure that your computer has a working firewall.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

So I opened a support ticket today, which gave me a bit more insight about the problem, and have a temporary solution for myself which might work for others aswell. I say temporary because it opens quite a few possible security holes.

 

So the problem is, that my router assigns a new public port to each new host I am connecting to, instead of reusing the same UDP port.

 

The fix for me was to put my computer into my router's DMZ. This isn't the most recommended thing to do, and you should not do that unless you know for sure that your computer has a working firewall.

 

Thanks for adding some technical definition for those trying to resolve this issue. 

 

I honestly hadn't considered that it might be the simple nature of UDP that might have been causing my issues. Though I then have to question why DE is using UDP and not TCP.  

 

Either way I'll try setting up a DMZ tonight and see if that helps at all. 

Link to comment
Share on other sites
Varonth

Varonth

Posted
Posted

Thanks for adding some technical definition for those trying to resolve this issue. 

 

I honestly hadn't considered that it might be the simple nature of UDP that might have been causing my issues. Though I then have to question why DE is using UDP and not TCP.  

 

Either way I'll try setting up a DMZ tonight and see if that helps at all. 

 

A UDP datagram is faster than a TCP packet. It is also smaller (much less header) which can become significant amount of additional data if you send alot small user data.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

A UDP datagram is faster than a TCP packet. It is also smaller (much less header) which can become significant amount of additional data if you send alot small user data.

 

Makes sense, yet it clearly has drawbacks if it requires the host and client's network to be operating in a DMZ. 

Link to comment
Share on other sites
Lexarc

Lexarc

Posted
Posted

Online games use UDP because TCP requires too much authentication and acknowledgement. Imagine sending packet from A to B and B must reply to A to confirm receiving the packet before A can send another packet. If B does not reply, A must resend the packets until B acknwoledges it. That is why we prefer UDP which just sends the packet into the net and ignore whatever becomes of it, that is why u see mobs flying or teleporting here and there because the in between packets are lost during transmission but the game still works because it makes makes the best out of the received UDP packets.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

Online games use UDP because TCP requires too much authentication and acknowledgement. Imagine sending packet from A to B and B must reply to A to confirm receiving the packet before A can send another packet. If B does not reply, A must resend the packets until B acknwoledges it. That is why we prefer UDP which just sends the packet into the net and ignore whatever becomes of it, that is why u see mobs flying or teleporting here and there because the in between packets are lost during transmission but the game still works because it makes makes the best out of the received UDP packets.

 

Question then.

 

If "online games" prefer to use UDP - why am I only having NAT issues with Warframe? And not the whole host of other multiplayer titles I play. 

Link to comment
Share on other sites
Varonth

Varonth

Posted
Posted

Question then.

 

If "online games" prefer to use UDP - why am I only having NAT issues with Warframe? And not the whole host of other multiplayer titles I play. 

 

Because you have to accept incoming UDP connections.

As you can see above in my EE.log, when the client checks if the NAT is configured correctly, it will send a UDP datagram to the warframe servers from that port. In my case that should be 3960 & 3962. My router decides to use a new public port for each host, so instead of 3960 and 3962 the router assigns 3961 and 3963. The DE server then get a UDP datagram from my WAN address and on 3961 and 3963, and they will reply to those ports, which are just open for that host. Someone else trying to connect to you cannot use those 2 ports.

 

In other games, which aren't P2P you will never have to accept datagrams from unknown sources.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

Because you have to accept incoming UDP connections.

As you can see above in my EE.log, when the client checks if the NAT is configured correctly, it will send a UDP datagram to the warframe servers from that port. In my case that should be 3960 & 3962. My router decides to use a new public port for each host, so instead of 3960 and 3962 the router assigns 3961 and 3963. The DE server then get a UDP datagram from my WAN address and on 3961 and 3963, and they will reply to those ports, which are just open for that host. Someone else trying to connect to you cannot use those 2 ports.

 

In other games, which aren't P2P you will never have to accept datagrams from unknown sources.

 

My UDP ports in those ranges are open. 

Link to comment
Share on other sites
Varonth

Varonth

Posted
Posted

My UDP ports in those ranges are open. 

 

Yes, so are mine. But my router uses a different public port for each new host I am communicating with, even for UDP communication.

The Warframe Server will then get a connection from my WAN IP and Port 3961, when the router should actually reuse 3960 for each communication, with multiple hosts.

It tries to respond to 3961 then, and that is the moment things start to fail.

 

For me it is a problem with a badly written Firmware of my (quite old) router.

It can be, that your problem is different, but that seems to be the problem for me. That's why I am now using my DMZ.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

Yes, so are mine. But my router uses a different public port for each new host I am communicating with, even for UDP communication.

The Warframe Server will then get a connection from my WAN IP and Port 3961, when the router should actually reuse 3960 for each communication, with multiple hosts.

It tries to respond to 3961 then, and that is the moment things start to fail.

 

 

Yes I understood that, and I'm glad you've found a solution. 

 

My contention is that we the players shouldn't have to be jumping through this many hoops. As a seller of a product DE should make it as easy as possible for us to enjoy said product. And sticking with the current system, or at least, not attempting to find possible solutions, seems very irresponsible and ultimatley, counter productive, of them. 

Link to comment
Share on other sites
Tulzscha

Tulzscha

Posted
Posted

My contention is that we the players shouldn't have to be jumping through this many hoops. As a seller of a product DE should make it as easy as possible for us to enjoy said product. And sticking with the current system, or at least, not attempting to find possible solutions, seems very irresponsible and ultimatley, counter productive, of them. 

 

tumblr_mi1mc5jkQd1rqfhi2o1_500.gif

Link to comment
Share on other sites
se05239

se05239

Posted
Posted

DE_Glen kinda avoid me and my "please focus on fixing Strict NAT" message I sent him. He wrote;

"Would you believe that even Microsoft Xbox Live has Strict NAT problems? google it. "

Then he stopped responding.

Link to comment
Share on other sites
11.11.11

11.11.11

Posted
Posted

DE_Glen kinda avoid me and my "please focus on fixing Strict NAT" message I sent him. He wrote;

"Would you believe that even Microsoft Xbox Live has Strict NAT problems? google it. "

Then he stopped responding.

 

LoL great.

 

Dear Glen. Would you beleive most gamers hate Xbox Live? Google it.

 

Regards, 11. 

Link to comment
Share on other sites
Sorez

Sorez

Posted
Posted

DE, please, you care about your players and your game, yet you ignore the majority of the ones with this problem.

 

Please DE, find a solution for this. I opened all the ports, set my ip to static, everything. Still get the error.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...