Jump to content

Recommended Posts

On 2013-03-14 at 3:52 PM, [DE]Glen said:

In those reply packets the server tells the game what *external* ports were used (ie: what your router mapped the outgoing data to be from).

We can't assume we can send to 3962 on your router (because it might have mapped your data out some other port if 3962 was already used) so we look at where the packet came from and use that for the reply-to-address.

If the test packets went *out* different ports it's called Strict NAT because it means each remote peer must reply to a different address.

The problem is that if server A thinks it has to talk to you your router on port 1234 to reach you and server B thinks it has to use port 5678 we have no idea what to tell another player to use when they need to send you packets.

what the hek are you talking about???
the entire purpose of NAT is to rewire outgoing connections to arbitrary ports in order to map replies to the right local host. you can not use that port to establish incoming connections.
and the entire purpose of port forwarding is to accept incoming connections for a local host, where only the local host / admin knows that port number, and that port number can not be inferred by outgoing connections.


On 2013-03-24 at 10:43 AM, polarity said:

In addition to that, you're telling people to forward ports, but have failed to mention anything about DHCP / 'Obtain an IP address automatically'. Port forwarding is going to fail unless the IP address that it is to is static. If the router assigns the player's PC a different IP address next time they turn on their computer, then they're going to have the same problem all over again, unless they change the port forwarding to the new IP.

fortunately most consumer grade routers identify LAN hosts by their MAC, and some don't even allow you to directly specify an ip address.


On 2013-04-17 at 4:05 PM, [DE]Steve said:

The truth is, we don't have a publisher, so we have p2p as the only financially feasible way for us to launch this game and launch it globally. So far our stats say its ~7% on strict NAT and I agree with those posting here... that number is too damn high!

I am not making excuses, but certainly we are not alone in having complexity to resolve these issues: https://support.leagueoflegends.com/entries/20133372-Port-Forwarding

yes i agree 7% is way to high, because it should be 0 cases, because what you depict as "Strict-NAT" is bugged networking code.
and no, LoL has not the same problems as you guys, they have too many servers where replication and configuration becomes increasingly difficult.
WF is the only big game which uses p2p. everyone else either hosts their own servers and gives their players just a client (LoL, StarCraft), or they host relay servers to keep track of the state of the game server and connect clients (ME3).
sometimes, game devs build dedicated servers, we can host on our linux boxes. but that only works for games which do not have ingame shops (Factorio).
multiplayer based indie games commonly use a lobby system, where one player hosts a game and other can connect to.
oh, and by the way: Warframe uses a Lobby system, not p2p. p2p would eliminate host migrations, because everyone would be server and client at the same time. but host migrations are proof that WF is not p2p.

On 2014-06-14 at 9:38 PM, xethier said:

might be time to think about a newer/better router.

no, since their inception all internet access routers can NAT and port forward. the only legitimate reason to buy a new router is when your model has critical security flaws, which can not be fixed, or you get an ISP upgrade and your router is too slow to utilize the full capabilities of your internet access.


On 2015-03-19 at 2:06 PM, Juniperus said:




I don't really know what to do more T^T

after two years this is still a thing.
i am sorry mate, there is nothing you can do, except to wait for DE to fix their game client.


On 2016-10-03 at 3:44 PM, Seruai said:

How many years has it been, and all DE has done is make fixes to make suffering host migration not as bad? Why not just..oh, i dunno...FIX THE ACTUAL PROBLEM? Seriously. Sitting here in 2016, no strict nat, ports open, allowed through firewall, and yet I still can't connect to other players, but I can host fine, which would be fine if I ever got host. I've sent in a ticket. No help. Had a guide try to help, all 3 days of endless ideas didn't help. He said he'd contact some of the team, but they're conviently "out of office." This "issue" is really just...ruining the experience. 

Just.....get some dedicated game servers, DE. Really.

Sincerely, a dissapointed tenno. 

there is no way they can host their own game servers. their network code is a convoluted mess, which uses up an ungodly amount of network bandwidth.
at the moment we can only hope WF becomes someday a true p2p game where host migrations are eliminated.


seriously DE? after seven years you still struggle to understand ip basics? i shudder at the thought what will happen to WF, when IPv4 gets laid off and IPv6 becomes the standard.
if your bases already need some serious fixing, i wonder what else is broken.

  • Like 1
Link to post
Share on other sites

i have shown this thread to an actual Network Technician.
that took a while but once he stopped laughing, he explained to me that:
- "Strict-NAT" is a bogus term he never heard about.
- DEs explanations have enough truth in them to make 'em seem legitimate, but ultimately "that is not how NAT works".
- being able to connect to each other can be attributed to crappy and insecure routers, and "pure luck".

after a quick google search showing DE is not the only one suffering from this strict nat problem, he concludes: that there is someone selling non-functional networking code to game developers.

my advice for DE: check your contracts to see if you can prosecute that scammer. and fix that code asap.

Edited by SunBlade_ger
  • Like 1
Link to post
Share on other sites
  • 2 weeks later...
  • 6 months later...
  • 2 weeks later...

What does one do if they have Double NAT?
I have fought with my ISP for months, and it's to no avail.

And it also looks like practically every other ISP in my city are using CGNATs because they're short of IPv4 addresses in my country (India)
And don't want to move over to IPv6. So they NAT one public IP among multiple homes, and then within those homes, wifi routers Double NAT those private IPs further into more private IPs.

This makes my entire game experience awful. Most trading and squad-joining is an absolute pain. When I host, I can only imagine the pain it is for others.

I fail to connect to public squads, half the time.

I 100% fail to connect/host for my friends in the same city, on the same ISP, since after all...they're behind ANOTHER Double NAT. 

I hope there is a solution, but all my googling and haggling with my ISP has led me nowhere...

Link to post
Share on other sites
  • 4 months later...

My situation is as follows:

I use pfsense as a firewall which is connected to my vpn provider, all traffic goes through vpn, no exceptions. 
I have requested 2 ports from my vpn provider, those ports are not 4950 and 4955 since i can only request random ports.
i created two rules each from 495x to random port. 
basically i did this https://forums.warframe.com/topic/1195761-bug-matchmaking-nat-and-general-networking-bug-with-a-possible-workaround/?do=findComment&comment=11608874
additionally my pc has kaspersky installed which brings its own software firewall. There i have allowed 4950 and 4955

If i now use iperf to listen to 4950 (or 4955, i tested both) and use https://canyouseeme.org/ (for that i had to temporarily allow TCP) it says 


Success: I can see your service on publicVPNIP on port (Requested port)


Then i tested iperf (both UDP and TCP) from my phone (over mobile data, not wifi ofc) that works, so i'd guess those ports are open and my machine reachable, but warframe still says nat strict, anything i can do? 


i have set kaspersky fw to log everything that comes in through 4950 & 4955. When i connect to iperf (from phone and mobile data) i see the log entires. but starting warframe and going to cetus does not create any log entries. 

Also i don't really have noticeable issues. I just was host in an eidolon hunt, and except for the occasional "session unavaliable" and the "strict nat" message it just seems to work. 

Edited by UmbraAtrox
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...