| browse: mobile | android | pc hardware | firefox | fun | music | .

Tuesday, December 01, 2009

Modern Warfare 2 NAT strict or open

It's hard to believe how much crap is posted these days, when it comes to Modern Warfare's NAT status > strict / open.
and nope - I wouldn't turn on my router's UPnP function. Why?

To solve the MW2 issue you need to do three things only:
(described for PC but i guess it basically works for xbox and PS3 too)
  1. make sure your router ALWAYS assigns the same tcp-ip address to your computer, open your PC's command prompt and type: ipconfig /all  - the physical address is the mac address you'll need for this step - log into your router and look for "reservation" now reserve the address for your PC. (or assign addresses to all your home devices manually)

  2. in your router, look for something called Port Forwarding, then add an entry (aka add a custom service) with the following value: Forward UDP / port 28960 / "to your PC's tcp-ip address"

  3. make sure your firewall isn't blocking the incoming traffic to your application or game. Check this in the firewall advanced dialog > inbound rules
et voilĂ  - done!

In my case I had to go through an unusual extra step. My Netgear router has an additional security feature called "NAT Filtering" > I had to change it from 'secured' to 'open' to allow things to work.
BTW if you're not happy with the given default port 28960 you may use any other available port for the PC version of MW2. In Steam right click on the game, select properties, select Launch Options. Then enter  +set net_port 61499 to tell MW2 to listen on port 61499 for incoming connections. This is helpful when your sister or brother want to host their own game within the same family network.

Short explanation
Actually you might go nuts configuring your devices! Ask your befriended computer wiz to help you with above's steps, the pro knows immediately what to do. Keep your router password and your admin account handy before he arrives at your home.

Why do you have to go through all this?
These days almost all broadband connections make use of a router. With its default setting internet works fine, but you won't be able to host services like webservers or games etc. Generally that's a good thing because it keeps your comp environment a bit safer from outside attacks. But it usually prevents you from hosting a game.

Your ISP lends you 1 TCP-IP address every time you connect to the internet, the router grabs this address. Let's call this address "A"

But "A" isn't the address of your PC! Your PC uses an internal TCP-IP address, let's call it "Q". All network traffic from and to the internet is always addressed to "A" the internet doesn't know about the existence of "Q" (Q belongs to a address range that won't work within the internet itself).

To make everything work, routers use the technology called NAT Network Address Translation, where the router changes and forwards the tcp-ip packets to the correct client "Q"

However there's a problem. NAT will only forward packets to "Q" if "Q" has previously requested those packets! But when you host a server software like uTorrent, Apache, World in Conflict or Modern Warfare 2 no packets have previously been requested. "Q" just sits there and waits for the incoming networking packets.

The solution is simple yet hard to make it work, if you don't know much about computers. Tell your router to forward the important packets (that initialize the connection process) to your PC. In short: Router "A" forward all incoming packets on UDP port 28960 to the Modern Warfare 2 PC "Q" - and in this process don't let the PC's firewall stand in your way.

Now you have a lead why people in the comp biz earn a lot money. Everyday they work with above's topics combined: NAT, ports, udp, tcp-ip, dhcp, private address range, fw rules, wpa2,  etc. And hey, those are the easy parts of the whole trade.


  1. This doesn't work.

  2. but it did for most of us - basically most PC guides say the same. Here's another example:

  3. I recently purchased a new router that didn't have all the options necessary for properly forwarding the ports. I did notice that reassigning my ip (most are the standard to After my internet rebooted on this new channel (yes, I do type that into the url to get into my router now) I found that mw2 had an open Nat. I also noticed that my computer auto-swapped my old 'beginning IP' adress up to however my ending address did not change.