For a new problem, you really need a new thread. The config in this thread has been working for many of us for years. If it doesn't work for you, then it's something new, a game-specific issue, or unrelated to this thread in some other way.
regardless of what i do, following the whole steps mentioned here:
upnp does not seem to allow the packets, you can see the packet answers always to be blocked in the system-logs :-(
i use 2.0-RC2 (i386) built on Sun May 15 20:43:07 EDT 2011
now i defined NAT by hand and it works…
but why not upnp ?
i used the following upnp rule: allow 1-65535 xxx.xxx.xxx.xxx/32 1-65535
anyone any ideas ?
i even created a pass-rule for the upne ports from lan-network to lan-address as stated in http://forum.pfsense.org/index.php/topic,33024.0.html
but it still does not work, there are simply no mapping in the upnp status...
@radarg ok it looks like all the UPNP is working I see the rules pop up. Why would the second xbox try to talk to the same port at the first one? I thought that once the second xbox made contact with the server it would use a different port. Am I wrong?
Thanks for the help but no luck. Ill just give up on the box preforming a port forward. I'm moving soon but wanted to get some better game performance without all the packet losses. I will be thrilled to have a better ISP provider than the local one here or the other terrible option of Spectrum.
Nope, we 'play' pfSense.
And you're the first one using the word 'HiRez' on this forum.
pfSense it's a firewall that assures that there are no holes. Nobody want holes in a wall. If there were, there is no meaning of putting up the wall in the first place.
pfSense can let you make 'holes', to devices that run programs on your LAN. It seems to me that Smite Hires doesn't have any public documentation - otherwise you were reading that doc instead of asking here , and do what they were asking you to do, like NATting a port(s) to the PC that runs the game.
By default : do nothing.
This looks like some great points about the game. I love all Battlefields and the multiplayer is the best you can get for any shooting game. I don't think that Call of Duty can really be compared to it! The only Battlefield I have found really hard and challenging to play was battlefield 5 as the difficulty bar was raised way too much. I'm a bit ashamed to admit it, but sometimes I have to use bf5 hacks in order to be able to stay competitive. Of course I don't use them on online multiplayers.
This might help others with multiple xbox's behind the same public IP. I'm specifically talking about Halo 5, but it could pertain to other games as well....
For anyone else that is still having a problem, I have a potential solution that allows multiple XBOX's connected behind a single Internet IP address achieve an open NAT on XBOX Live, and work with Halo 5.
I use OPNsense as my firewall, but the same steps will work on PFSense or any other firewall that allows you to configure inbound port forwarding and outbound PAT (port address translation).
I noticed that most posts that include a "fix" for the XBOX Live Open NAT issue will tell you to configure an outbound NAT rule for the XBOX and choose the option "Static Port". This will help you achieve Xbox Live Open NAT, but it's like using a bazooka to kill a mosquito. All traffic from the XBOX will preserve the original source port no matter what which doesn't work well with Halo 5 and multiple XBOX's.
XBOX traffic uses a lot of multicast and UDP packets. By looking at the traffic, I discovered that certain UDP/TCP packets will use the XBOX configured port as the source port of the packets. I also discovered that when a Halo 5 match starts, both of the XBOX's in my house were creating a UDP connection to the exact same host using the exact same source port and destination port combination at the exact same time. This is a HUGE problem if all packets are being statically translated, because the firewall won't know how to properly create a stateful connection for both XBOX's. The only way around this is to let the firewall dynamically remap the source port of the outbound traffic to ensure a unique UDP connection in the stateful database for the appropriate XBOX.
Long story short, IMO you need two things to get an open NAT in XBOX Live and for Halo 5 to work:
Configure each XBOX to use a unique static IP address and a unique static port. It's in the network settings area of your XBOX and very easy to do. You can use 3074 for one of the XBOX's if you want to, but I recommend using something in the 50,000 range. It's probably a safer bet and I didn't look at the traffic for an XBOX configured with 3074. Create a TCP/UDP port forwarding rule on your firewall for each XBOX's static IP address and its associated static port. You could use UPnP, but either way you're doing the same thing. Each XBOX will get its own unique port and a hole in the firewall to allow internet hosts to originate TCP and UDP traffic to that port. I prefer not to use UPnP because of security concerns.
Configure a manual outbound NAT rule matching only UDP traffic for each XBOX using the corresponding static port as the source port and choosing the "Static Port" option. What you're doing here is telling the firewall do not dynamically PAT (port address translate) packets from my XBOX if they are UDP packets and the source port of the packet matches the static port you configured in the XBOX. For everything else, go ahead and dynamically translate the source port to ensure a unique connection in the stateful database of the firewall. By doing this, when Halo 5 starts those packets that are going to the same destination using the same source port and destination port combinations will get a remapped source port in the firewall database and therefore the return traffic will route back to the correct XBOX.
I hope this helps someone else that like me is trying to get to SR152 and also has a wingman in the same house with them.
I updated to 2.5.0 a few days ago, hoping the changes to UPnP would solve some of these issues. However, COD MW3 still won't work using UPnP. I guess it comes down to the way the game and perhaps the Demonware servers uses the ports, so port forwarding is still a must.
Playing with only one PC in the house, I can get along with just port forwarding 3074 to that PC. But for two PC's using MW3, the solution suggested in this thread (with remapping to 3075 for one PC) is the one that works for me.
However, I do have Default deny enabled for UPnP, with the gaming PCs listed as ACL entries.
The PC having 3074 forwarded gets Open NAT, and the other one gets Moderate. I have tried adding a third PC using port 3076 in the same manner but that results in Strict NAT on that PC (which can be ok provided that player connects with others on Open NAT).
2020-12-31 13_31_22-pfSense.lan - Firewall_ Rules_ VLN30_IOT and 3 more pages - Personal - Microsoft.png
I've had to allow uPnP (ports 5351, 1900 and 2189 to the firewall) and IGMP (to 18.104.22.168) to make this work, since my Xbox resides on my IoT VLAN which has limited access.
Following the manual on https://www.amixa.com/blog/2020/04/02/how-to-get-open-nat-with-xbox-or-xbox-one-and-pfsense-firewall/ and adding these rules now NAT is detected as open by the Xbox.
Yep, and Windows 10 as well, though you need to run a netsh command in Windows to get Teredo to use a specific port. But it does work. :) I'm up to a gaming laptop, gaming desktop, Xbox One X, and Xbox One, all with open NAT in the Xbox Live network test.
Though the Xbox One gets kicked to the curb next week. 🙂
I woke up this morning. Looked at the outbound port mapping again. I just realized, there is an "Auto created dynamic port mapping rule for my LAN to WAN".
I moved the static port mapping above the auto created one. and it is NOW Working.
Ok, you are not going to believe this, but I fixed it. Found a random post on the internet suggesting to disable all lan cards not being used. I diabled my hyperv nic and all others not in use and it worked perfectly.
Can I ask why you are going to let them connect directly, and not just have your servers listed in the Steam Client? I run Ark boxes as well, and all mine are listed in the Steam client for them to use. This is how the game is designed to run, and is probably why you are seeing this problem.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.