Strict NAT even after Port Forwarding

[MainGoldDragon]

Spoiler

First of all, this is my home's wired setup (to avoid in confusion in the future)

The only thing that matters are the first 2 routers and my PC. My routers are ZyXEL VMG1312-B10D and ZTE ZXHN H168N.

On my PC, I open Xbox Networking settings and it tells me I have Strict NAT. Obviously, the way to fix that is by forwarding the ports. So I did that, but still is strict. Then I realized I can try testing if my ports are open. So I tried some only port testers and they all say my ports are closed. I even download (using free trial) Port Forward from Network Utilities to test my ports and they're still closed.

Because I was not sure if I did the port forwarding right, I made several entries for the WAN Interface part. My ZYXEL router has 4 different options for WAN Interface (Default, WWAN, ADSL_internet and VDSL_internet) and there are 9 ports I want to forward so I have a total of 36 entries on the list for port forwarding. And because I heard that having two routers connected to each other like that can cause issues with port forwarding, I put the same configuration on my ZTE too. With the only difference being that it has 2 options under WAN Connection (ADSL_internet and VDSL_internet) so it has 18 total entries.

Other things to note:

• I am pretty sure I've made my ZTE as a "dumb extension", or at least tried to. But could use a refresher to make sure I have it like that.
• I have a static local IP for my PC, which is the Server IP Address I put for the Port Forwarding (I set it up on both routers, same IP,)
• I turned off Firewall on my ZYXEL (it calls it IPv4 Firewall and IPv6 Firewall) and I set ZTE's to Low (apparently I can't disable it)
• DMZ, I put my PC's local IP on both routers
• The routers have a thing called Port Triggering, which I thought was just an easier setup that does the same, so I tried it.... and nothing changed.
• I have absolutely no idea what ALG and no-one has mentioned it from what I searched, but my ZYXEL has more than half of them enabled and my ZTE has all of them enabled. Also they are not all the same name and each router has unique ones.
• Oh also I called my ISP to help me forward my ports and I think the best translation is that they can't intervene with my router so they can't help me in any way. They just told me that their website has a guide for port forwarding (it's trash and doesn't say anything special I couldn't figure out on my own and doesn't explain everything) and that I can bring my own technician if I want help... Like, what the actual ?

I think that's all for now. Please help me. I have no idea what to do at this point.

 

 

 

TL;DR

Forwarded the Ports I was told to Forward, NAT is still Strict. I am pretty sure I did it correctly, but I can absolutely use some help to see if I actually did it correctly.

[Donut417]

8 hours ago, MainGoldDragon said:

Please help me. I have no idea what to do at this point.

Multiple routers in series cause issues if not setup correctly. You need to verify that your ZTE router is in AP mode, ie NAT, Firewall and DHCP need to be disabled. That right there could be your issue. 

[MainGoldDragon]

7 hours ago, Donut417 said:

Multiple routers in series cause issues if not setup correctly. You need to verify that your ZTE router is in AP mode, ie NAT, Firewall and DHCP need to be disabled. That right there could be your issue. 

My ZTE doesn't have a dedicated AP Mode, but

• The Firewall Level is set to Low since it doesnt let me turn it off completely
• under Local Network > LAN > DHCP SERVER, the DCHP Server it Off. I noticed it has a section called Port Control-DHCP. I don't know if they're related to anything we're trying to do
  Spoiler

  

• As for NAT, there is no option to turn that off. I have never seen NAT being mentioned Anywhere on ZTE's page or in any of the manuals I tried to find.

[MainGoldDragon]

12 hours ago, Donut417 said:

Multiple routers in series cause issues if not setup correctly. You need to verify that your ZTE router is in AP mode, ie NAT, Firewall and DHCP need to be disabled. That right there could be your issue. 

You know what actually? Since the cable that goes from my ZYXEL to my ZTE is long enough, I turned off my ZTE and plugged my PC directly to my ZYXEL. Guess what changed... Absolutely nothing. Still have strict NAT and all my ports appear closed. So the 2nd router is not the problem.

[Donut417]

1 hour ago, MainGoldDragon said:

You know what actually? Since the cable that goes from my ZYXEL to my ZTE is long enough, I turned off my ZTE and plugged my PC directly to my ZYXEL. Guess what changed... Absolutely nothing. Still have strict NAT and all my ports appear closed. So the 2nd router is not the problem.

The second router could still cause a problem. Also when you check your ports they will only be open if the software that requires the ports is running. Now if the software is running and you still have issues, it means something is not configured correctly. The problem is the interface for port forwarding is not standardized, so every manufacturer does it there own way. I believe D Link for example used to put port forwarding in a menu called virtual servers. 
 

Can you post a screenshot of where you entered that info at? 

[Lurick]

It's possible you're behind CG-NAT as well. On the main router connected to your ISP's line check your public IP address and then google "what is my ipv4 address" if those two don't match OR your router says your public IP address is in the range of 100.64.x.x to 100.127.x.x then you're behind CG-NAT

[MainGoldDragon]

3 hours ago, Donut417 said:

The second router could still cause a problem. Also when you check your ports they will only be open if the software that requires the ports is running. Now if the software is running and you still have issues, it means something is not configured correctly. The problem is the interface for port forwarding is not standardized, so every manufacturer does it there own way. I believe D Link for example used to put port forwarding in a menu called virtual servers. 
 

Can you post a screenshot of where you entered that info at? 

I fail to understand how the 2nd router could cause a problem when it's disconnected from the network (and even turned off). I don't just simply test the ports, I think I mentioned I use Port Forward from Network Utilities too and when I tried to test some of the ports there, it says it can't test them because they're already in use or something. And I can Absolutely post as many screenshots as you want (I just don't want to be overwhelming)

Here is the location of Port Forwarding

Spoiler

And here is how it looks like while trying to add an entry

Spoiler

 

[MainGoldDragon]

4 hours ago, Lurick said:

It's possible you're behind CG-NAT as well. On the main router connected to your ISP's line check your public IP address and then google "what is my ipv4 address" if those two don't match OR your router says your public IP address is in the range of 100.64.x.x to 100.127.x.x then you're behind CG-NAT

Oh that's a good one. I've literally never hard of CG-NAT before,,, no matter how long I was searching for this problem.... And that may be it tbh. Because it say my IP 100.74.x.x but my actual IP is not that. I think I remember reading about people telling OP to buy an IP off of their ISP. Is that what I'll have to do too ? Like, How bad is CG-NAT? Like, currently there are certain games where I literally can not play online At All (I thought it was because "Teredo was unable to qualify"). Would That get fixed?

Forgot to mention that on my router's page, where it says my IP is 100.74.x.x, it has a button to "Disconnect" which I can only assume it gives me a new IP, but I've refrained from pushing it yet.

Edited November 21, 2022 by MainGoldDragon
more info

[Donut417]

2 hours ago, MainGoldDragon said:

fail to understand how the 2nd router could cause a problem when it's disconnected from the network

What I was saying is it could cause an issue if you hook it back up. Because if you cant turn off NAT and the Firewall then, that could cause issues. 

 

2 hours ago, MainGoldDragon said:

And here is how it looks like while trying to add an entry

Never seen translation port. Looking at my router it just asks for the private IP, Private Port, Public Port and Protocol. 

 

2 hours ago, MainGoldDragon said:

Like, How bad is CG-NAT?

You wont be able to port forward UNLESS your ISP does it on their end. 

 

2 hours ago, MainGoldDragon said:

s that what I'll have to do too ?

Thats if your ISP allows that, we ran out of IPv4 addresses. ISP's are implementing CGNAT as a stop gap measure while dragging ass on getting IPv6 pushed out 100%.

[MainGoldDragon]

24 minutes ago, Donut417 said:

What I was saying is it could cause an issue if you hook it back up. Because if you cant turn off NAT and the Firewall then, that could cause issues. 

Oh I see. I was confused because I tested with the 2nd router and nothing changed... at all.

24 minutes ago, Donut417 said:

Never seen translation port. Looking at my router it just asks for the private IP, Private Port, Public Port and Protocol. 

When I type in the Start Port it autofills the same thing to the Translation Start Port. Same thing with End Port. My ZTE router kinda does the same but it calls them WAN Port Range (the ones I fill) and LAN Host Port Range (the ones that auto fill). And the second text area for LAN Host Port Range is locked and I can't type it. There was a port I needed to open that was 3000-3010 and that part needed to have a range of 10 ports.... so I assume it has something to do with that.

24 minutes ago, Donut417 said:

You wont be able to port forward UNLESS your ISP does it on their end. 

Oh. My. God. When I called them they said they can't help me with port forwarding since they couldn't access my router or something and that they could only point me to their website that has a guide on how to port forward..... I have to probably call again at some point and hope I get a better representative. Maybe someone that can connect me to a technician.

24 minutes ago, Donut417 said:

Thats if your ISP allows that, we ran out of IPv4 addresses. ISP's are implementing CGNAT as a stop gap measure while dragging ass on getting IPv6 pushed out 100%.

Oh right. I see now why they're doing it this way. I assume these NAT issues are only going to be getting worse and worse so maybe the starting question should be "can you check if you have CG-NAT?". My ISPcontract is ending in May or something (which is a long time, but not in the grand scheme of thing), so maybe then I'll tell them I'm looking for an ISP that allows me to get my own IP or something and actually try to find one. We don't have A LOT of ISP options, but we do have a couple.

[MainGoldDragon]

So. My main issue with this was that I could not connect online to certain games. I FINALLY managed to fix it by installing a free VPN (in this case ProtonVPN) and it Finally let me play those games online. My issue it technically not fixed, but this was a Good temporary workaround.