Well, I think we can safely say that UPnP is not fully supported in the 20.19.8 firmware.  I worked with Verizon to try to get multiple Xboxes on the same router, but no go. They ended up sending me a new router, to replace my MI424WR Rev E.  Well, maybe not a "new" router.  Seems they recycled an Actiontec MI424WR Rev F.  And, I was under the impression it would have the 10.20.7.5 firmware loaded.  Instead it came with 20.19.8. 

Anyway, I configured the wireless and UPnP on the replacement router (Rev F).  I also removed all of the pre-set port forward rules.  Rebooted the router.  Started both Xboxes, formed a party, but as-soon-as we started a match, one of us would get kicked out.

Again, this use to work with the 20.10.7.5 firmware on my Rev E router.  I am really disapointed that the "replacement" router came loaded with 20.19.8.  I am thinking of having them switch the internet to ethernet and using a router of my choice.  Don't see any other way.  Oh well. 

It seems to be working now!.  We had two Xboxes hooked up to the same router, playing in a party and in the same matches (COD Black Ops).  We were able to play in multiple matches all night long, with Open NATs.  I cannot call it permanently fixed until this works for a few days without any issues. I will update either way.  We will try again tonight to see if it was a fluke or not.

Now, having said that, I am not sure what actually "may" have fixed it.  My guess? I think it was a combination of resetting my router to factory default (getting rid of any screwy settings I might have had) and releasing my WAN IP.

Details of what occurred....

1) We had too much trouble with the (used) Rev F  (20.19.8 firmware) "replacement" router Verizon sent us.  Far too much lag and according to the signal indicators (on our PC's) a really weak signal.  Much weaker than our old Rev E.  Looked at the router's settings to try to resolve the lag (ex: MTU), but all looked fine.  Signal remained weaker.

2) Released the WAN IP in the Rev F and boxed it up and put our old Rev E (with 20.19.8 firmware) back. 

3) I had reset the router to factory default and entered our WiFi settings prior to getting the replacement router.  Still, I reviewed the settings of my Rev E (UPnP enabled, all default port forwarding rules remained in place) just to be sure.  I did enable Enable "Automatic Cleanup of Old Unused UPnP Services" and selected Apply (in the UPnP screen).

5) Signal strength (again according to PC indicators) was back to full strength.  I ran the Xbox live connection test from my Xbox and it reported Open Nat.  Formed a party and joined matches all night long.  We did NOT run the same test on the other Xbox, but on the Match page in COD Black Ops, it says "Nat Type: Open" for both Xboxes.

Two things worth mentioning...

a)  With the successful party/match playing, we ran the Microsoft connection test (URL mentioned in earlier posts) and UPnP was not supported.  So, either we still do not have full UPnP support or the test is irrelevant.  Or, both. 

b) I turned on the option to show blocked traffic in the security log and I did see a couple of entries indicating inbound traffic for 3074 being blocked with a comment of "Blocked by default policy on clink1".  I could not find a mapping for "clink1", but I googled it and it seems to be the coax connection.  So, I may still have an issue, but at this time I am still trying to find out what the issue is and what I need to do to resolve it.

We tried again tonight.  We were able to form a party, but when we tried to enter the same match, one of us was put into a different match.  However, we were able join the session of the other.  So, we were still in a party as far as voice was concerned and we could play in the same match, but we were NOT paired up to play on the same team.  So, in the same party for voice, but not in the same game party, if that make sense.

With the Blocked Traffic option enabled in the security log, I am seeing, over-and-over again the message essentially saying Inbound Traffic   Blocked - Default policy for port UDP 3074 on clink1.  I am a little confused, the port forwarding rules have UDP/TCP any --> 3074.  Is there some other entry/setting I need to do in order to prevent the blocking of inbound UDP 3074?  Aside from lowering the overall Firewall setting to Low (currently at Medium), which I do not want to do.

#1 So, let me get this straight..

If you put the firewall on the Low settng, it would work?

#2

---

@JayTee wrote:

Aside from lowering the overall Firewall setting to Low (currently at Medium), which I do not want to do.

---

Why not?

#3 In the router where you can adjust the firewall level, is there a Custom Button OR Custom Link?

dslr -  Let me see if I can answer your questions...

Regarding #1:

The short answer is, Yes,  if I set the FIrewall to Low we can connect multiple Xboxes to the router, party up and play in the same matches.  Everything works great.

Regarding #2:

I don't want to lower my firewall settings if I don't have too.  This use to work with the Medium (typical) setting and I would like to keep it that way.  No other reason than to have that bit of extra protection. 

Regarding #3:

There is no  Custom Button nor Custom Link in the Firewall page.  Simply radio dials to select either High, Medium or Low.

This thread is getting really long, so let me see if I can save some folks some time and collect all the info into this post….

The Problem:

I need to be able to connect multiple Xboxes to the same router (wirelessly) and to be able to play online (all with open Nat), in the same party, on the same team and in the same match of a game.

My Setup:

• VZ Service:  FiOS Internet + Telephone + TV
• Router:  Actiontec MI424WR-Gen2 Rev E
• Router Firmware:  20.19.8
• WAN connection method:  Broadband Connection (Coax)

My Router's Configuration:

The following describes what I did to reset my router to factory defaults and to configure what I have now:

• Saved my current configuration to a file and store that file somewhere safe.
• Released WAN IP lease.
• Unplugged power to Router and plugged it back in (to get a new WAN IP lease)
• Reset to Factory Default (Using reset button on router's case)
• Configured WiFi (WPA-TKIP)
• Enabled UPnP (actually it was enabled by default)
• Enabled "Automatic Cleanup of Old Unused UPnP Services" (put check in box) and selected Apply (Main screen -> Advanced -> Universal Plug and Play)
• Clicked on the "Advanced" link at the bottom of the Port Forwarding Rules page (Main screen -> Advanced -> Port Forwarding Rules) to activate the long list of rules (including Xbox).
• Rebooted router

IMPORTANT:  It seems necessary to reboot the router after making certain configuration changes.  I did some very simple testing making certain configuration changes and reviewing the Security log both before and after rebooting the router and playing online.  This was true for changes made to Port Forwarding Rules and for the overall settings on the General Firewall page (Low, Medium or High).  You don’t have to reboot after each individual change, but once you've completed all of your changes you should reboot the router.

Port Forwarding Rules’ impact on UPnP:

The following is an excerpt from Port Forwarding Rules section of the router's User Manual...

"...Additionally, clicking Advanced on the bottom of the “Port Forwarding Rules” screen reveals a list of preconfigured protocols that can be activated with a single click. ...". 

It seems you need to do this in order to activate these port rules.  Only those port rules displayed will be active.  And it is under Advanced that the port rules for various online games including Xbox Live are defined. 

It also seems that you need these “Advanced” port forwarding rules for UPnP to work, on this router anyway.  We ran a couple of tests.  We reconfigured the Port Forwarding Rules and the Firewall settings, rebooted the router each time and tried to play both Xboxes, online,  in a party, paired up (always on the same team) and in the same match.  Here are the tests and the results:

Test 1:  Enable UPnP + Port Forwarding Rules set to Basic + Firewall set to Low:

Able to party up (voice)?  Yes

Able to play in same match? No

Able to pair-up in match? No

Test 2:  Enable UPnP + Port Forwarding Rules set to Advanced + Firewall set to Low:

Able to party up (voice)?  Yes

Able to play in same match? Yes

Able to pair-up in match? Yes

Test 3:  Enable UPnP + Port Forwarding Rules set to Advanced + Firewall set to Medium:

Able to party up (voice)?  Yes

Able to play in match? No

Able to pair-up in match? No

Summary:

So, I am able to get multiple Xboxes online with open NAT and party-up and play on the same team in the same match of a game (see Test 2 above). But, it requires that I lower my Firewall setting, on the router, to “Low” (Minimum).  However, this setting “Permits full access from Internet to local network; all connection attempts are permitted.”

And, I am not willing to minimize my firewall, just to be able to play online.  There must be some other setting I am missing.

I did notice during Test 3 (Enable UPnP + Port Forwarding Rules set to Advanced + Firewall set to Medium) there were a lot of messages (too many to count) indicating Inbound Traffic from several different IP addresses on port 3074 to a single IP address being blocked, per default policy on the coax connection (clink1).  The following are some examples (I replaced the IP numbers with letters):

Inbound Traffic Blocked – Default policy UDP aaa.aaa.aaa.aaa:3074->xxx.xxx.xxx.xxx:3074 on clink1

Inbound Traffic Blocked – Default policy UDP bbb.bbb.bbb.bbb:3074-> xxx.xxx.xxx.xxx:3074 on clink1

Inbound Traffic Blocked – Default policy UDP ccc.ccc.ccc.ccc:3074-> xxx.xxx.xxx.xxx:3074 on clink1

I can just clarify something here about the Firewall. The descrition is a bit misleading, since reducing the firewall still does not get around the concept of what a NAT does. Sure, while the Firewall will block requests incoming and perhaps outgoing based on data type and port, as far as incoming data goes, if it makes it past the Firewall it would still have to make it past NAT. Without the NAT appliance (The ActionTec) knowing which network address the data needs to go to, the data is essentially dropped and ignored by the router. Port Forwarding both manually and through UPnP is what tells the NAT to send data to specific places, along with outbound/keep-alive entires in the NAT Table. You'd have a problem with your network being accessible if the devices all held Public, Internet-routable IP addresses, but since they hold Class C, Non-routable IP addresses, they are stuck behind a NAT that has to determine where data flows to. Since the router holds your public IP address and not a device in your home, the router wouldn't know what to do with the data and would ignore the inbound traffic.

Granted, the firewall does do it's job in certain situations that a NAT would not cover bases on, which includes port scans and DoS/flood attacks/Multicast traffic, so in that case you could consider writing up a custom Firewall configuration to use that would allow the traffic you want to come in (eg: Xbox Live and game-related traffic) without sending everything to a NAT to determine what should happen with data.

Smith - Thank you for the information.  I am learning as I go along, and with help from folks like you. 

I do have a question regarding something you said...

"...you could consider writing up a custom Firewall configuration to use that would allow the traffic you want to come in..."

Isn't this being done via the Port Forwarding Rules?  Or, are there additional settings/features I should be taking advantage of, with respect to this router/firmware?

Some of it is done through Port Forwarding. The rest is by setting up a configuration file for the Firewall so it does what you want it to do without harming your legitamite traffic. The pre-defined rules the router comes with are seen when you toggle the different settings (Low, Medium, High, Off) and based on the rules, determines if it will do things such as obey the Port Forwarding rules.

I don't have enough experience with the Verizon firmware to know how the Custom Configuration section works, as I use an MI424WR with DD-WRT loaded onto it (with iptables as a firewall configurable extensively via a Bash Shell). But if custom rules can be created for it that mirror the Medium security options but still allow Xbox Traffic to flow without an issue, that would be what you'd want. Otherwise, the Low Security option is honestly the best bet for you. Don't really need anything more unless you're looking to start blocking services.