Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 21
Registered: ‎02-03-2014

uPnP for Multiple Xbox Ones (upnp and upnp2)

I have been working for hours trying to get multiple Xboxes working on my network. I've found some information, but I'm not sure how to determine why my EdgeMAX Lite isn't implementing uPnP properly.

 

The process using uPnP is supposed to go like this:

 

Xbox #1 boots up, finds the uPnP server, and sets udp/3074 to forward to itself. The router does this.

Xbox #2 boots up, finds the uPnP server, and sets udp/3074 to forward to itself. The router responds with an error prompting Xbox#2 to use udp/3075 instead which it does.

 

Using "set service upnp listen-on eth1 outbound-interface eth0" I get a situation where the uPnP server has two entries in its NAT table, but they are identical in forwarding udp/3074 to their respective Xboxes.

 

Using "set service upnp2 listen-on eth1" and "set service upnp2 wan eth0" gets me to a situation where each successive Xbox uPnP update overwrites the previous one.

 

I've read several threads on here (as well as many other sites), and from what I've seen this should work. It's just not working for me though.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

In v1.5.0 we added a 2nd upnp implementatiion that seems to work better with multiple xboxes.  Try:

configure
set service upnp2 listen-on eth1
set service upnp2 wan eth0
commit
save
exit

 

EdgeMAX Router Software Development
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

II really appreciate your reply, but from my post:

 

Using "set service upnp2 listen-on eth1" and "set service upnp2 wan eth0" gets me to a situation where each successive Xbox uPnP update overwrites the previous one.

 

 

---------------

 

I tried what you wrote, and I'm still getting errors. uPnP is working, but only one port forward will work at a time. Xbox #1 starts up and sets the port to forward just find. Xbox #2 starts up correctly, but when it sets the port to forward it overwrites the line from Xbox #1.

 

 

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

Are you using both upnp implementations - that probably going to cause a mess.  I know we have had people says that multiple xboxes work with upnp2.  So have added an ACL to reserve port 3074 such as:

ubnt@wlb# show service upnp2 
 acl {
     rule 10 {
         action deny
         description "Block usage of port 3074"
         external-port 3074
         local-port 0-65535
         subnet 192.168.1.0/24
     }
 }
 listen-on switch0
 nat-pmp disable
 secure-mode disable
 wan eth0

 

EdgeMAX Router Software Development
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)


UBNT-stig wrote:

Are you using both upnp implementations - that probably going to cause a mess.  I know we have had people says that multiple xboxes work with upnp2.  So have added an ACL to reserve port 3074 such as:

ubnt@wlb# show service upnp2 
 acl {
     rule 10 {
         action deny
         description "Block usage of port 3074"
         external-port 3074
         local-port 0-65535
         subnet 192.168.1.0/24
     }
 }
 listen-on switch0
 nat-pmp disable
 secure-mode disable
 wan eth0

 


No, I'm trying those independently. I delete one before I try the other.

 

Why would I want to block usage of udp/3074 if the Xboxes use that?

What does "secure-mode disable" do?

Why do I want to disable nat-pmp?


Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

@ConnorM didn't you get multiple xboxes working with upnp2 ?  Maybe you could share your upnp2 config.

EdgeMAX Router Software Development
Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

i did have this working and i have the config saved for my router but i lost everything in a housefire about a month ago now. dave taht said he was gonna send me a spare unit he had around so i could do some testing on codel with this ftth connection i have now but i am still waiting.

if my memory serves me correctly you just need an ACL to deny port 3074, any xbox will then get a dif port and they will all get open nat, tested and working with 3 xbox's

T1200 - ERX - UAP - R7000 - WEB6000Q
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

Were those all Xbox Ones, or do you have 360s in the mix?

 

Why am I denying udp/3074?

 

Thanks for the reply.

Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

all 360s working wired and wiress im 99% sure same applies for xb1

T1200 - ERX - UAP - R7000 - WEB6000Q
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

Also, that sucks about the house fire. I hope everyone is ok and you have good insurance. I meant to say that in the last post, but I'm getting too excited about finally getting this to work to think straight.

Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

well u dont have to deny 3074 lol, i actually did it because thats the port people would ddos me on, miniupnpd should simply just do it job and work with multiple actually... have u made sure the regular upnp is disabled?

T1200 - ERX - UAP - R7000 - WEB6000Q
Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

[ Edited ]

everyone is ok but no insurance Man Sad

i lost a 5,000+$ music studio

T1200 - ERX - UAP - R7000 - WEB6000Q
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)


ConnorM wrote:

everyone is ok but no insurance Man Sad

i lost a 5,000+$ music studio


Ouch, so sorry.  Cryin

EdgeMAX Router Software Development
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)


ConnorM wrote:

well u dont have to deny 3074 lol, i actually did it because thats the port people would ddos me on, miniupnpd should simply just do it job and work with multiple actually... have u made sure the regular upnp is disabled?


So denying udp/3074 just forces every Xbox to use a different port than the default? That way you can avoid people poking around the Internet trying to break in. Makes sense. Appreciate the help, I'm trying it now.

 

Were they all Xbox Ones, or a mix of 360s and Ones?

Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

all 360's, should work for ones aswell

T1200 - ERX - UAP - R7000 - WEB6000Q
Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

[ Edited ]

http://community.ubnt.com/t5/EdgeMAX-Beta/miniupnpd-working-good-with-2-xbox-now-some-questions/m-p/...

everything is working great for me. i got my acl setup to block 3074 and it works perfect


admin@ERL# show service upnp2
 acl {
     rule 1 {
         action deny
         external-port 3074
         local-port 0-65535
         subnet 192.168.1.1/24
     }
 }
 listen-on eth0
 nat-pmp enable
 secure-mode enable
 wan eth1
[edit]
admin@ERL#




Chain MINIUPNPD (1 references)
target     prot opt source               destination
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:16917 to:192.168.1.101:16917 - xbox 360
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:19059 to:192.168.1.102:19059 - xbox 360
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:31643 to:192.168.1.119:31643 - xbox 360
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:38702 to:192.168.1.112:38702 - iPhone Skype
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38702 to:192.168.1.112:38702
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:39445 to:192.168.1.116:39445 - iPhone Skype
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:39445 to:192.168.1.116:39445
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:64422 to:192.168.1.127:64422 - Macbook Skype
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:64422 to:192.168.1.127:64422
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:17148 to:192.168.1.117:17148 - Macbook Skype
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:17148 to:192.168.1.117:17148

T1200 - ERX - UAP - R7000 - WEB6000Q
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

Thanks for the update. What command did you use to show just the MINIUPNPD chain?

 

That link gave me an Access Denied error.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

show upnp2 rules

EdgeMAX Router Software Development
New Member
Posts: 21
Registered: ‎02-03-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

That's much easier than the extensive iptables command I was using. Thanks.

New Member
Posts: 13
Registered: ‎09-12-2014

Re: uPnP for Multiple Xbox Ones (upnp and upnp2)

[ Edited ]

I am having issues with multiple xboxes. (XB360)  

I am on 1.60 Alpha-3

I have enabled upnp2, and am using the block 3074 rule as mentioned in a previous post - and I have been able to get two to connect at a time - but I own 4.

When I try to connect the third xbox, the entire system breaks - and then no xboxes can connect unless I reboot the ERL.

Ive tried clearing the upnp config, etc - no good. The xboxes then give "ICMP error" until the ERL is rebooted. Once back on, I can connect two before it breaks again. 

When only the two are connected, if I turn them (the xboxes) off then back on - they cannot connect to live, with a "reboot your router" error. 

Any suggestions?

 

UPDATE:

 

Added this to my firewall - this should fix the ICMP issue. But I am still having the issue with being unable to connect to live on two or more xboxes. 

 

set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'action' 'accept'
set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'description' 'ICMP 50/m'
set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'limit' 'burst' '1'
set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'limit' 'rate' '50/minute'
set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'log' 'enable'
set 'firewall' 'name' 'WAN_LOCAL' 'rule' '5' 'protocol' 'icmp'

 

UPDATE 2:

After adding the ICMP firewall rules, two xboxes can now reliably connect to live. I can reboot them and they still connect fine. The third xbox fails with UPNP error, the last fails with ICMP error. If I turn the two that work off, and try the other two - they still fail, same error on each. 

All four xboxes seem to be getting their own port assignment, so upnp2 is working properly - I think.

What the heck is going on?!

 

UPDATE 3: 

Rebooted the router, One xbox conencted fine, the other gives ICMP error, the third gives XBL error. Back to square one...

 

UPDATE 4:

Disabled upnp completely. One xbox signed in, the others don't, I'm beginning to wonder if the issue is not related to upnp. No more ICMP errors when upnp is off - just fail to sign into live.

 

UPDATE 5:

Enabled upnp2 - didnt do the block 3074 rule. All the xboxes sign in, but I see that they are all overwriting the UPNP rule for forwarding 3074. Instead of multiple entries for xboxes in my upnp routing list, I only have one - and the forwared IP keeps changing to one of the 4 xboxes. I assume this will prevent multiplayer games from working - but they all sign in with no issue, which is exactly what I want. I use the xboxes as wmc extenders and only need to be signed in to live so WMC can use the decoder pack for certain video files. 

 

UPDATE 6:

The xboxes no longer sign in properly anymore, its back to 2 at a time. Also, Its been a while, nobody has a solution?

 

UPDATE 7:

I assigned the xboxes static addresses, disabled UPNP for those addresses, and manually forwarded 3074 to each xbox. The GUI let me forward the same port to different IP's. On testing, all xboxes connected to live successfully. Everything was working great for a while, then suddenly one of the xboxes dropped the conenction and now cannot reconnect. Restarting everything didnt fix the issue. 

 

UPDATE 8:

Apparantly there is an xbox live service disruption that is active, so perhaps my manual forwarding thing still works, and this is an unrelated issue.  

 

If anyone is curious, this is my iptable output for the xboxes

 

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3074 to:192.168.1.46                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3074 to:192.168.1.46                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:88 to:192.168.1.46                                                                        
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 to:192.168.1.46                                                                        
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 to:192.168.1.46                                                                        
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3074 to:192.168.1.47                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3074 to:192.168.1.47                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:88 to:192.168.1.47                                                                        
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 to:192.168.1.47                                                                        
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 to:192.168.1.47                                                                        
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3074 to:192.168.1.48                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3074 to:192.168.1.48                                                                      
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:88 to:192.168.1.48
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 to:192.168.1.48
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 to:192.168.1.48

 I'm just suprised that this worked, and that I could forward the port to multiple IP addresses.

Reply