Some Online Services Are Not Compatible with iptables NAT
Hello there,
I work for an ISP and our CGN (Carrier Grade NAT) device suddenly stopped working. As a temporary solution, I used a high-spec Linux box with IP forwarding enabled and iptables to do the CGN. I knew that iptables is not a good option for CGN (at least when it and the kernel are not tuned properly) and I knew that some online services and applications would break (if no workarounds are in place for them), but for my surprise I was quite impressed with the performance. Everything looks fine and around 4 Gbps of traffic is being NATed properly.
However, we got a lot of complaints that Playstation and Xbox online gaming does not work. I tried to find something online but what I was able to understand is online gaming requires open NAT and it does not work with other types of NAT (Classified by Microsoft), which are moderate and strict.
Now, does anyone of you guys please have any idea about how to make the NAT done by iptables an open NAT? I believe there should be some open TCP ports, this is what I understood on the non-technical web pages talking about online gaming but I don't know how that should be done as I believe there should be an active NAT translation for a port on the client side to be accessible.
I appreciate your help!
Thanks!
Firas
|