• Your first DNS entry in your TCP/IP settings must be your Primary Domain Controller. If you only have one domain control, your secondary DNS server should be blank!! By including DNS servers from outside of your domain, it is extremely possible that your computers will fail to register with Active Directory's DNS. Initially, a secondary outside DNS server will not cause an issue. However, this will cause you major network resource problems down the road. If you did not have the correct DNS settings, restart your computer after making the change. This will ensure you are registered with DNS. If you use DHCP on your network, please update your DHCP server to give out the correct DNS information to your clients!
• On your Primary Domain Controller, your primary DNS setting must be 127.0.0.1 (alternatively, it can be the actual IP address of itself). The only time you have a secondary DNS server is if you have more than one server running Active Directory, otherwise it should be blank. Place ISP provided DNS IP addresses in your actual Administrative Tools: DNS snap-in, otherwise all computers on your network will only resolve local addresses.
• You need to be able to ping the name of your Primary Domain Controller. If you ping SERVER1 and do not get a result, first try to ping the IP Address manually (i.e. ping 192.168.1.10). This will help narrow down your point of failure. Are you even able to get onto the Internet? Unless you are doing some weird VPN or building-to-building configuration, make sure your netmask, network, and gateway are the same as on the server.
• Try disabling the firewalls on both the server and the client computer. While on XP machines this can be done by killing the service, I have seen Server 2008 and Windows 7 machines completely lose network access when the Windows Firewall Service was shutdown. To prevent this from happening, use the Windows Firewall with Advanced Security window to manually turn off your firewall instead of killing the service.
• When joining a domain, you can enter just the domain name (i.e. "contoso") or you can enter the Fully Qualified Domain Name (FQDN) "contoso.local". Sometimes a computer will not let you join unless you use the FQDN, but other times it fails until you drop off the ".local". Make sure to try it both ways.
• It's not a bad idea to install all of the Microsoft Updates on the server as well as on the client computers, including any optional group policy client side updates.
• If all else fails, sometimes the File and Printer Sharing protocol, located in the Network Adapter settings for your Primary Domain Controller, must be uninstalled and then reinstalled. This is done by unchecking it in the properties of your "Local Area Connection", restarting your server and then rechecking it again. I have only had to do this one time in my entire career.
• If you do not see an option to join a domain, you are most likely running a Home version of Windows. You need to have Windows XP Professional, Windows Vista Business, Windows Vista Ultimate, Windows 7 Professional or Windows 7 Ultimate in order to connect to a domain.

If you encounter any errors or problems that this guide was unable to resolve, please post your error message below. One of the techs here will be more than happy to give you some pointers and help you resolve your issue.

This method seems like it would streamline online gaming. In a way, it does. However, if you are in the unfortunate majority that have "Strict NAT", you will be relying on other players for a decent, lag free and stable connection. When I get a chance to play, I am on for maybe an hour or two at most. When I was "Strict NAT", I would usually spend around 25 minutes of my gaming experience getting booted off games because the host left or due to excessive lag.

When the host leaves and nobody else can accept incoming connections, the lobby closes. But if you have "Open NAT" and the host leaves the lobby, the game is migrated to you. The result could not be better, hours of gameplay without downtime or disconnects.

When you load the game, the left hand collumn will display your current NAT restrictions. If yours says "Open" then your router is properly configured and allowing incoming connections. There is nothing you could benefit by reading this guide, except gain a bit of knowledge about networking and routers. Unfortunately, most players are greeted instead with a red "Strict" notice. Below this notice is a link to Infinity Ward's NAT page. The page is extremely vauge, stating that your router must support UPnP and to "visit your router manufacturer's website."

If you have enabled UPnP on your router - great. But that's not what I'm going to show you how to do. Before we begin, you first have to understand how your local network is setup. If you are like me, you already have ports forwarded to your main workstation and understand how this works. But for everyone else who has never had to do this, any device attached to your network (i.e. your computer) can be configured as either DHCP or a static IP address. Typically, computers are configured as DHCP. This sevice allows your computer to automatically receive an IP address when you plug into the network, which means no configuration is required. Unfortunately, when your IP address is automatically configured by DHCP it can change without warning. In order to follow my guide to setup your game for "Open NAT", your IP address cannot change or you will one day turn on your computer to find that you are now in "Strict" mode again.

To resolve this issue, go to the Run Dialog (Start+R), type `cmd` and press enter to open the Windows console. When it appears, use the `ipconfig /all` command to see your network information. Write this information down for later. Now, open your web browser and type in the information listed next to "Default Gateway". This is typically 192.168.1.1 for linksys routers. Do not be alarmed if your gateway is a completely different address, not all routers are created equal.

The website that appears is actually the configuration page for your router. If you have never been here before, the default password is probably "admin". For a full list of default router passwords, please visit this site. If all else fails and you cannot get into your router, try using the pinhole size reset button located on the physical box itself, which will reset it to the default password. If you are at work, your network administrator probably has a more complicated setup and you will need his help. Wait, why are you gaming at work?

Navigate through this site and look for information regarding the DHCP server. There will be an entry known as the DHCP range. Most routers have range of 100 through 200. This means that if your router address is 192.168.1.1, then the router will automatically assign network devices addresses between 192.168.1.100 and 192.168.1.200. Write that information down in case we need it later. While you are in the DHCP section of the router configuration, see if there is an option for a "Static Lease". A static lease lets you lock the DHCP setting for a particular device, preventing the address from ever changing. If you can find this option, set it for the device that currently has your IP address (which you should have written down when you ran ipconfig moments ago.)

If you cannot find that option, don't bother wasting too much time on it. Instead, look at the DHCP range and pick an address OUTSIDE of the range. (Do not pick the address of the router or anything above 254 as they will not work.) For instance, if your range is 192.168.1.100-192.168.1.200 with a router address if 192.168.1.1, you can pick anything from 192.168.1.2-192.168.1.99 and 192.168.1.201-192.168.254. I will pick the number 27 because 1.27 is my birthday. Write that number down on a piece of paper and minimize the router web configuration.

Open the Run Dialog (Start+R), type `ncpa.cpl` and press enter. This will open your Windows network adapter settings. Right click on your "Local Area Connection" that is currently connected and select "Properties". If you are using a wireless connection, first run ethernet to your computer. Tip: if you are on Windows Vista/7, disable the checkbox next to IPv6 unless you absolutely know you use it. Click on your TCP/IP settings for IPv4 and then press the "Properties" button located to the lower right.

Change the top radio button to "Use the following IP address:" and enter in the address you decided upon earlier. I decided upon 192.168.1.27. The rest of this information can be safely carried over from your hand written copy of ipconfig. The only thing that you may leave blank is the very last entry for an alternative/secondary DNS server. When you have finished, hit OK a few times and those windows will close. Don't be scared if it hangs for a second, your network stack is adjusting itself.

Back to the router web configuration - find a section in the menu referring to "Port Forwarding", "Application and Gaming", or "Services" (this will vary depending on your router). A table with a bunch of fields will appear. Enter your IP address into the field for the destination address, which is usually the first field. Your IP address is either the static address we just set, or the DHCP address you locked if your router offered that type of configuration. The two other fields that need filled in are the packet type and port range fields. The type of packet is UDP and the port is 28960. If your router has a checkbox for "Enable", you will have to check that as well. Save the changes!

Back on your computer you will need to configure your local firewall as well. Because you are using a router as your gateway firewall, you can safely turn off your Windows firewall. For Windows XP users, go to the Run Dialog (Start+R), type `services.msc` and press enter. Scroll down to the Windows Firewall Service and select it. Right click and select "Properties". First, press the "Stop" button. Then, select the Startup Type drop down and go to "Disabled". Press OK and close the Windows Services screen. For Windows Vista/7 users, click the Start button and just start typing `firewall`. The first result that appears will be the Windows Firewall, click it. Go through the options and disable the firewall completely.

As long as you are not running some type of additional firewall such as Norton Internet Security, you should now be ready to game online uninterrupted. Enjoy.

Geek tip: If you are using a home brew linux router for your network, like the one in this guide, you will need to use iptables to configure port forwarding for Modern Warfare 2. Here is the correct iptables syntax to get you gaming, assuming that 192.168.1.27 is the address of your computer and eth0 is your WAN address: iptables -t nat -I PREROUTING -p udp --dport 28960 -i eth0 -j DNAT --to 192.168.1.27