R3 DumaOS 4 - Achieving Open NAT for P2P Hosting (GTA Online)

[ifell]

I am trying to achieve an Open NAT in GTA Online (PC) to host lobbies for achievements. Despite a perfect setup, the game consistently reports Moderate NAT.
 

 Netduma R3 Firmware: v4.0.540

Connection: Direct NBN Fiber (FTTP) to NTD (No ISP modem/Bridge mode issues)
Ports: All Rockstar-required ports (6672, 61455-61458 UDP, etc.) are manually forwarded. UPnP is disabled to avoid conflicts.

I cannot find a toggle for 'NAT Filtering: Open' or 'Endpoint Independent Mapping' in the DumaOS 4 interface. It appears the R3 is performing Symmetric or Address-Restricted NAT by default, which is preventing me from being the primary session host.

[Netduma Fraser]

You can enable UPnP, although you're correct it would avoid conflicts by keeping it disabled its quite unlikely to happen and I've never seen it cause any issues with both enabled and it may help you in this scenario. With that and the required ports it's unlikely you would actually have a moderate NAT even if its reporting it - have you actually hosted and had issues with people joining to check if it is moderate? If people can join then you will be open.

Short of putting the PC in the DMZ which is a security no-go there aren't any other settings you could adjust to get an Open NAT. Do make sure to disable the Geo-Filter though as that could cause issues with people joining.

[ifell]

i would to Feature Request an Addition of "Full Cone NAT" / "NAT Filtering: Open" Toggle

The Problem is
Currently, the Netduma R3 (DumaOS 4) lacks an explicit "NAT Filtering: Open/Secure" toggle. While the R3 supports PCP and UPnP, these protocols often result in a "Moderate" NAT type on PC for games with Peer-to-Peer (P2P) architectures, most notably Grand Theft Auto V.

Symmetric vs. Full Cone NAT: By default, the R3 appears to use "Restricted" or "Symmetric" NAT filtering. While this is secure, it is incompatible with many P2P matchmaking systems. Even when ports (like UDP 6672) are opened via PCP, the NAT remains "Moderate" because the router only allows incoming traffic from the specific IP/Port that the PC first contacted.

The "Full Cone" Requirement: For an "Open" NAT in GTA V, the router must support Full Cone NAT (Endpoint Independent Mapping). This allows any external host to send packets to the internal PC via the mapped port, regardless of whether the PC has messaged them first.

Regional Necessity (Australia/Oceania): For players in Australia, the player pool is smaller. A "Moderate" NAT limits the number of successful P2P handshakes, leading to much smaller or empty lobbies, "Timed Out" errors, and increased latency. when playing with some other friends i previously had no issues with, since i had a router that allowed me to set Nat filter to open.  An "Open" NAT is not just a label; it is a requirement for stable connectivity in isolated regions.

The Solution here is
I am requesting the addition of a "NAT Filtering" toggle in the WAN settings (similar to those found on Netgear, ASUS, and TP-Link hardware) that allows users to switch from "Secured" to "Open".

because DMZ is not an answer:
Using the DMZ is a "sledgehammer" approach that exposes the entire device to the internet. A "Full Cone NAT" or "Open Filtering" option provides the same connectivity benefits for gaming while maintaining a higher level of security by only affecting how active port mappings are handled.

so for goodness sakes add this feature, it would actually help MANY people out with the multitude of complaints about Nat type open and especially for an issue like one console having open Nat and the other 2 having moderate or strict

[Netduma Fraser]

I'll pass the request onto the team but I cannot guarantee if/when it may be implemented. Did you enable UPnP again along with your port forwards? It could be a misreading so have you actually tried to host and had issues with people connecting?

[ifell]

i've had lots of disconnects happen, and by comparison this didn't happen with i had a xr 1000 with nat filtering open, and my friends didn't disconnect or lag out, but with this R3... not having nat filtering open is seriously causing headaches after headaches, can't stress that enough

 

[Netduma Fraser]

Okay but if they can actually connect to you in the first place then it's nothing to do with NAT, otherwise they wouldn't be able to join you. The disconnects, is it you primarily disconnecting or them disconnecting from you? Can you provide the logs when it happens please? Did you also disable the Geo-Filter when you're hosting?

[ifell]

Well, my friends can’t always connect, and they don’t have the spare time to troubleshoot these issues with me. The only practical way to diagnose the problem is by asking what NAT type they have—one usually has Moderate, while the other sometimes gets Strict. They’re not tech-savvy, so there’s only so much they can realistically do on their end.

Because of these ongoing NAT-related issues, I end up having to reboot everything before even starting a gaming session. For example, when we play Call of Duty: Black Ops II, UPnP doesn’t provide an Open NAT, so I’m forced to manually forward UDP port 3074 just to make it work properly.

I’ve also tried manually forwarding the same style of ports for Grand Theft Auto Online, yet I still end up with Moderate NAT. This creates a major issue, especially for jobs or heists that already struggle with low player counts. It results in significantly longer wait times because I’m dealing with both a smaller pool of available players and the added restriction of Moderate NAT limiting who I can actually connect with.

I should also mention that I never use the Geo-Filter feature, so this isn’t being caused by any location-based filtering or connection restrictions on my side. These problems are happening under normal router usage.

Unfortunately, I can’t really provide logs at this point. I’ve already updated the Netduma R3 to the latest beta firmware and even factory reset it out of frustration, but the situation remains unchanged.

Since there’s no difference in Grand Theft Auto Online whether I use UPnP or manual port forwarding, I’ve now deleted all custom rules and gone back to letting UPnP handle everything. However, the game clearly seems to require Full Cone NAT to achieve an Open NAT type. I know this because when I previously used a NETGEAR Nighthawk XR1000 and had the same problems, enabling the Open NAT filter resolved everything immediately.

At this point, I really believe the Netduma team should seriously consider adding proper Full Cone NAT / NAT filtering options to the R3, because for gaming-focused hardware, these connection issues are causing far more trouble than they should.

[Netduma Fraser]

I can certainly request it but I can't guarantee it would be implemented or if so within a timeframe you'd like. Just in the meantime could you do this test please just so we can rule it out? https://support.netduma.com/docs/dumaos-3/open-nat/#cg-nat do it direct from your modem, not from the R3

[ifell]

Thanks for the suggestion, I understand why you’d want the direct-to-modem test done to fully rule out CGNAT.

However, based on my current setup, the Netduma R3 is acting as the main router and is directly connected to the internet (no double NAT). and i'm getting 1 hop as it all is currently configured since it's my public static ipv4 i've covered it up of course 

It reports the same public IPv4 on the WAN as external checks and consistently shows a single hop, which strongly indicates there’s no CGNAT involved. As an additional note, I have a static public IPv4 assigned with my internet plan.

I do have plans this weekend (running heists in Grand Theft Auto Online), and I also need to keep the internet running for other people in the household. Because of that, I won’t be able to disconnect everything and run the direct modem test immediately. I’m happy to carry that out as soon as I can after the weekend.

[Netduma Fraser]

Okay thanks, that's fine just wanted to be sure, you don't need to do that now. I don't think you mentioned it but ensure you've set your PC with a static/reserved IP just in case your IP is changing in which case the port forwards may become invalid.

[ifell]

Yes, my PC already has a reserved/static local IP assigned, so it isn’t changing and the port forwarding rules remain valid for Call of Duty: Black Ops II, tested and confirmed.

I’ve also verified my pc firewall configuration, including allowing Edge Traversal and ensuring the correct rules are in place for both Grand Theft Auto Online and Call of Duty: Black Ops II.

I’ve tested both manual port forwarding and UPnP under this setup with reboots to ensure rules are in place after any changes. In Grand Theft Auto Online I consistently get Moderate NAT, even when using manual port forwarding. In contrast, in Call of Duty: Black Ops II the NAT type is inconsistent without port forwarding, but becomes Open when port forwarding is applied.

Given that CGNAT and local IP changes are now ruled out, and considering the testing already done, it still seems like this may come down to how NAT is being handled on the router itself.

[Netduma Fraser]

Are you playing via Steam, if so could you add these ports also and check again?

TCP/UDP: 27015, 27031-27036

Also supposedly they may require TCP 80/443 which wouldn't usually be needed but may be worth a try. 

I get your reasoning and it does make sense however we've never had it where a game fails to get an Open NAT when all the correct procedures are followed so it may require more investigation, I can see if the team can test the game next week.

[ifell]

I am currently troubleshooting NAT type issues. My setup is as follows:

Rule 1: 3074 UDP

Rule 2: 4380 UDP

Rule 3: 3478–3480 TCP & UDP

Rule 4: 3658 UDP

Rule 5: 6672 UDP

Rule 6: 27000–27036 TCP & UDP

Rule 7: 443 TCP

Rule 8: 80 TCP

Additional information:

My ISP is not blocking any ports

There is no CGNAT and no double NAT (direct internet connection, single hop traceroute)

UPnP is disabled for testing purposes and will be enabled after this post since the outcome didn't change 

All ports are manually forwarded as listed above

Despite this configuration, NAT type remains Moderate for gta but black ops 2 and black ops 3 are open

[Netduma Fraser]

Could you check if you're having the connectivity issues though still as it is possible its a misreading given the Open NAT on CoD.

[ifell]

I understand it could potentially be a misreading, however it’s quite difficult to reliably verify that in practice. There isn’t really a consistent way for me to confirm whether I’m interacting with players who have a Strict NAT, especially in public sessions.

Ideally, the most accurate way to test this would be under controlled conditions—such as having a player with a known Strict NAT attempt to join a hosted job/heist while my setup is reporting Moderate NAT in Grand Theft Auto Online.

From my perspective, the concern is less about what the NAT label reports and more about real-world compatibility. In lower-population activities, having a confirmed Open NAT is important to ensure the widest possible connectivity with other players in peer-to-peer sessions.

Given the current behavior, it’s difficult to determine whether this is purely a visual misreport or if it’s actually impacting connectivity without more controlled testing.


For a controlled test scenario, it would also be important that the player with Moderate NAT is the host. In Grand Theft Auto Online, this would require enabling “Remain as host after next job” on the voting screen, and setting matchmaking to “Closed” before sending invites. This ensures the host is fixed, allowing a consistent test of whether a player with Strict NAT can successfully join.

If the Moderate NAT reading is purely a misreport and is effectively behaving as Open, then a player with Strict NAT should be able to join the session under those controlled conditions. If they’re unable to join, that would suggest the NAT type is impacting connectivity rather than just being a visual misread.

[Netduma Fraser]

You don't need the AI responses I understand the wider picture. You said you had friends that were joining and were having issues so if you get them to connect now do they get the same issues?

[ifell]

Well,  players and sometimes friends end up leaving in groups sometimes. so we have to rejoin one another ( i tested in friends and public lobbies )
and here's what happens( it happens occasionally 

There is desync. Sometimes players can’t control vehicles. they get into a car/bike but when they press W (or left trigger / R2), the car doesn’t move. Steering also doesn't do anything. I’ve experienced this too

Search times for players to join my hosted jobs/heists can take a long while. invites are accepted, but players remain stuck on joining for a long time or never fully enter the session and eventually abruptly disappear 

When matchmaking is set to open and automatic invites are enabled, there can still be a long delay before players actually appear in the session after accepting. In some cases, they briefly show as joining but it's like they time out or it's rejected

I tested UPnP, portforward, and DMZ, didn't really give open Nat either

Recently, after completing a race mode and returning to freemode, I was placed into a fresh empty public lobby. Only a small number of players around 4 joined over time, and the session never had more players join. players also left after a while, and the lobby remained low population throughout till it was just me

[Netduma Fraser]

Those sound more like general network issues rather than specifically NAT. What speeds do you pay for/expect and how have you set Congestion Control/SmartBOOST set?

[ifell]

paying for 1000/400mbps      getting 937Mbps Download  398 Mbps Upload

and QoS was set to always, ping optimizer is set to 93% both download and upload with speedtest results of 2ms idle 3ms download 2ms upload with the household streaming movies/tv shows

smart boost has it gaming at 1000 priority and thats it

i'm currently testing with it off to see if QoS may be affecting things, but it seems as regardless of it being on or off i'm still having that issue were trying to drive a car/bike it's not moving when holding W/R2/left trigger

i've even tried disabling all DPI in advanced settings so the router isn't touching anything at all so i'll check jobs and races and how things react on the job hosting screen and what happens after

 

[Netduma Fraser]

That does all sound fine, do prioritize your device also just in case the hosting part isn't getting covered by gaming

[ifell]

i've got my pc in smart boost, there's still issues with lag 

set as gaming
gta online
pc is in smartboost and set as 5.0x

getting in vehicles can still act up and not let anybody drive for an extended amount of time as i previously said posted about

some NPC's have a small chance to insta kill players is another noticeable issue during gameplay

some players desync then teleport into vehicles

[Netduma Fraser]

Presumably you yourself don't have these issues when hosting? I'm not sure how NPCs instakilling could be network related unless its delayed and then a torrent of bullets come out instantly? If you host but then don't move or do anything at all while the others play do they still get the issues?

[ifell]

given the nature of gta online it's hard to know who the host actually is, the game doesn't out right tell you unless somebody has a mod menu, and the game selects a host on it's own

when it's just two players, one of my friends and i, there's a very small chance of the game not allowing us to drive our cars until we respawn them or wait for the game to allow us to, this is abnormal, could it be caused by the way QoS handles how it queues UDP traffic? 
 

[Netduma Fraser]

It's very unlikely to be honest - you said you tried it with QoS off before, did you disable this from the SmartBOOST menu? It should have rendered the SmartBOOST and Congestion Control sections inoperable. If not please try it doing that as it's the proper way to disable it. You can also disable DPI & BI in Settings > Troubleshooting > Advanced

[Krush]

Je pense que c'est sans doute lié au géofiltre, peut être, il a tendance à limiter la NAT si il est mal managé !