Just want an answer? Visit my NAT and DirectX FAQ.
Many DSL and Cable modems, and Internet Routers use NAT or Network Address Translation. In Addition certain software also uses NAT, typically Internet Connection Sharing (ICS) and proxy servers use NAT. For more information on NAT see the How Stuff Works article on How Network Address Translation Works.
This is a double edged sword. NAT allows one or more computers on a LAN to share a single IP address. Only the router's (or proxy server's) IP address is visible on the Internet; the private IP addresses of each machine is hidden from the Internet providing primitive yet effective protection from hackers. However, it can also cause problems when trying to play on-line multi-player games (and some other applications).
A lot of games are designed to use a peer-to-peer configuration and not peer-to-server. NATs were designed around peer-to-server communications. For example Diablo II's Realm games on Battle.net work fine from behind a NAT. Try and host your own game and it will not work without first forwarding the proper ports.
The reason for the failure is that unrequested packets that reach the NAT device will simply be dropped. This adds some security as only traffic that is requested is forwarded. However many multiplayer games and DirectPlay send packets unrequested.
I have been working on an automatic method to determine if your machine uses Network Address Translation. Through clever use of PHP and a Java Applet, I will attempt to ascertain if your machine is behind a NAT. If you have any doubts use the method below.
Point your browser at whatismyip.com or use my version. Take note of the IP address, this is your public IP address. Now, if you are using a Windows box:
| Win 95/98/ME | Win NT/2K/XP |
|
|
If the two are the same you do not use NAT. If they are different there is a Network Address Translation between you and the Internet. The first address is your public IP address and the second is private IP address. A private IP address should be in one of the reserved IP address ranges: 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255. Per RFC 1918. You will need to know both of these to properly forward your ports.
This will allow one computer behind the NAT to play an Internet game. It is not possible to use more than one computer behind the NAT using this method.
To allow you to play these games you will need to forward the ports used by the game to the correct destination. I have an example of how configure a Netgear RT314 and a Cisco 678.
While I don't have any others to test myself, I do try and keep up with which routers/modems can be configure to work with online games. Try my other NAT page for more information.
Since the list of ports is growing rapidly, I've recently begun a separate page for the list of ports.
Some NAT devices have an option to place a particular in the DMZ outside the protection of NAT. Basically, the machine in the DMZ becomes the destination for all unrequested packets.
This method is dangerous; there is no longer any firewall protection for the machine in the DMZ. All ports are open! Avoid this solution if at all possible.
I intend to add more information about other methods of getting around NATs.
You got one machine working from behind the NAT and now you ask, "How do I get more than one PC behind a NAT to play in the same game."
DXport is a tool to overcome the limitaion of only one PC behind a NAT[.]
To allow multiple players behind a single NAT to play multiplayer games, that use DirectX, is a program called DXport. This little program forces each client computer to use a subset of the DirectX ports with each subset corresponding to a different computer. So you will have to change your router's port forwarding assignments to get it to work properly. Also, this program will only help if you are able to play with one computer behind your NAT currently; if you can't you need to use some of the other tips I've already covered.
I finally setup and test DXport with 2 computers behind the NAT. I was able to play an Internet Game with the brother in California and my wife sitting next to me. Because, I'm so sure that this will be helpful to many, I have even started a DXport page.
Back before Microsoft introduced DirectPlay and the Zone, a lot of games were designed for a LAN environment only. Kali was a IPX emulator program which simulated an IPX network over the Internet. Kali only uses one port per client machine; eight players, eight ports. Using Kali may allow you to play a LAN game over the Internet.
Kali used to be shareware, I paid my $$ way back in 1996 (serial# 66015) and never regretted it. Now you can get a serial number for free. Jay Cotton, the original programmer, is busy trying to keep everything up and running and no longer provides technical support. You can find the Kali Discussion boards at I-LAN Game, Kali's new host.
Unfortunately, it appears as the Netgear router may not compatible with Kali, although it does have support for NAT. I will have to investigate further.
Make sure you apply Microsoft's UPnP security patch before enabling UPnP. Also, firewalling (blocking) ports 1900 and 5000 would be a good idea.
Microsoft ICS for Me and XP will work with DirectX 8 to allow NAT transversal.
Several hardware router manufacturers are beginning to offer UPnP compliant routers that when properly configured under a supporting OS (Windows Me and XP), will allow NAT transversal.
If you create a VPN then you should be able to play fine. Disadvantages are cost of the VPN, VPN may not work behind NAT, no public lobby.
