Background important!

NAT is the ability for your router to handle internet traffic and send it to the correct computer in your network. It is also a very important security layer between you and the internet. It ensures that people from the outside cannot access your computer without your permission.

However, NAT itself does not have the ability to accept incoming connections, which is something you will need for MW3. For this we have two solutions, UPnP and port forwarding. Port forwarding redirects incoming connections to the computer in the network that needs it. Yes, it's pretty close to NAT, but NAT itself focuses on outgoing connections. The big problem with port forwarding is that it brings the security issues back: your computer is vulnerable again, because you are forwarding the incoming connections that would have been blocked by your router. That's why we have UPnP. UPnP is an extension to port forwarding so that your computer can tell the router when to forward and when to stop forwarding. It ensures that the port forwarding is stopped when the application no longer needs it, allowing other applications to use it from other computers. UPnP also makes it easier for people to connect their applications and games to the web, since the game can setup the port forwarding automatically.

Why do I need NAT in MW3? Summary: you don't.

MW3 uses a modern peer-to-peer system (P2P) that replaces the old style dedicated server model. The theory sounds good, instead of having dedicated servers all the way on the other side of the country you can have them in your own village, reducing the time it takes for the information to travel. The best host is picked by a simple algorithm where all players in the match determine the latency between them and all other players. This information is then shared with everyone and that way the best host is picked: the player with the lowest latency.

Now how is NAT important for this? The hosting player has to be able to receive all those incoming connections. You cannot host a match without being able to accept other players, since it would mean that you are on your own. Changing your NAT type from strict to open will allow you to be host. It will not improve your latencies and it will not help with other issues. If you have a very bad internet connection, please don't open your NAT. You will end up worsening the gameplay instead of improving it.

Troubleshooting Did you read the background? Please do. Even if it's only the bold parts.

Your first step to try should always be getting UPnP to work. It's far more secure and definitely makes it easier to play games in the future.

First, make sure that UPnP is turned on on your router. Navigate to the webpage of your router and look for the option. I recommend that you enable UPnP but disable extended security, since that will normally only cause extra latencies.

Continue by downloading a little tool from the internet that tests your UPnP status: www.junegillespie.plus.com/UPnPTest.exe. This tool will diagnose some things on your computer and router related to UPnP. Please complete the following checklist:

If after following all these steps your NAT type is still strict, it's safe to assume that something else is going wrong. I'd recommend trying to play the game without the router connected (direct cable between the modem and the computer). If the NAT type is still strict even after you got a direct connection between the modem and the computer, contact your Internet Service Provider.

If having a direct connection did help your NAT type but the UPnP guide did not, then you will have to go back to traditional port forwarding. Go into the manual of your router or go to portforward.com and follow the steps to forward port 3074. Whatever it is people tell you, don't forward anything else than port 3074! They are wrong and it will only expose your computer to more security risks than port forwarding already does.

There's no real definition of what a moderate NAT is. It generally means that the port was forwarded (via UPnP or manually) but not all connections are allowed to go through. There can be quite a few explanations for this so I'll go through the three most common ones.

  1. Router firewalls. It may surprise you but your computer is not the only device with a firewall. A lot of modern devices have firewalls, but not all of them are as advanced as the one you know as a firewall. Your router will probably be filtering some traffic that look like attacks on it. However, your router may be stupid enough to think that MW3 is an attack. Try going into the settings of your router and look for "intrusion detection", "anti-attack software" or just firewall. There are a lot of names for what's usually the same function. If this did not solve your NAT issue, turn it back on!
  2. Computer firewalls. This is very unlikely, but your own computer could be filtering the traffic! Turn off all firewalls and test it. Make sure to turn them back on when you're done testing!
  3. Bad routers. Not all routers are advanced enough to completely integrate UPnP. Some routers only integrate a small part of it and end up causing issues like a moderate NAT rather than simply keeping it strict. Try connecting your computer's cable directly to the modem. Together with router firewalls this causes almost all "moderate NAT" issues. If this helped, get a new router. If your router is also a modem, contact your ISP.

If none of the above helped, something else is going on. I strongly recommend contacting your Internet Service Provider — they have a responsibility to you to help you with issues like this. It'll probably take a bit longer but it's pretty much all you can do.

It's known to happen. The online services are a cloud service that's often called IWNet. As far as I know they are spread over multiple countries to optimize network latencies. These services operate on port 3074, but there is no need to forward it! As pointed out before, forwarding is only for incoming connections and this connection is outgoing.

In my research on the MW3 protocols I have noticed that the game client is sending a lot of information to these services. They seem to include data like custom classes, ranks and leaderboards, making them necessary to launch the game.

One of the things that might cause this is that you may have a firewall on your computer and accidentally blocked access. Try disabling the firewalls. If you have the default Windows Firewall I recommend against disabling it — try allowing MW3 access again.

If it's not the firewall there's obviously something else blocking outgoing connections. Many universities and other educational places (or maybe even at work?) block unknown ports, and 3074 is probably one of them. Try asking your system administrator to allow games.

Another thing that could possibly go wrong is the so-called DNS. The game has to be able to resolve the primary game servers, mw3-pc-auth.prod.demonware.net, mw3-pc-lobby.prod.demonware.net, mw3-stun.us.demonware.net and mw3-stun.eu.demonware.net.

If these domain names are successfully resolved, the game will want to connect to the auth server (TCP port 3074, yet again no need to forward). This is a very short conversation that only takes a few milliseconds. Once this is done it will connect to pw3-pc-lobby.prod.demonware.net where it seems to download your rank information and classes.

The game will then want to retrieve your public IP address. It will do this by sending yet another packet to a server which will reply with your external IP address. This is needed for online gaming. The game will then ask the server for the next server's address. Once your computer has an answer to this it will continue to the main menu.

To summarize: make sure you're not behind any kind of firewall and ensure that your connection can handle it.

The above isn't actually a solution, it's a description of what happens. I'm still working with some people to resolve this issue. Someone has mentioned that the issue can be resolved by changing "r_multiGpu" from 1 to 0 in config_mp.cfg, but this was probably just a random person saying something random. Do tell me if it works though.