Building my own router.

GeorgePatches

@Master-Henry said in Building my own router.:

I do not want UPNP on.

Any particular reason? It would make life easier for you.

@Master-Henry said in Building my own router.:

How do I port forward?

Step 1, you need to setup your xbox with a static IP. So either manually set that on the xbox or assign it a static lease in pfsense.

Step 2 to X, follow theses instructions. Assigning port forwards

Master Henry

@GeorgePatches

Hey George, sorry for the late response. Been playing around with my pfsense router.

Xbox NAT is still strict if I forward all the required ports by Microsoft/Xbox. For one of my PC programs, I port forward a port and it opened up.

Do I need to enable UPNP? I know that there is a deny tick box. On my consumer routers, I disable UPNP because of security reasons/concerns and for gaming NAT. I would get moderate/strict NAT.

Is there another way?

stephenw10

You might need a static outbound NAT rule for the xbox to prevent it changing the source port.

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#nat-staticport

JonathanLee

@stephenw10 I went this route for games it works amazingly well, I also have it running on a different subnet and interface so my NAS and secure VPN side doesn’t see or touch the gaming guest network. Great guide

Master Henry

@stephenw10 said in Building my own router.:

You might need a static outbound NAT rule for the xbox to prevent it changing the source port.

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#nat-staticport

@stephenw10 I believe I did it right, but my NAT is still strict. I also added my xbox via DHCP leases and set up a static IP. Are there any other ways without using UPNP?

stephenw10

How did you do it? You have screenshots?

Master Henry

@stephenw10

stephenw10

The source address there should be the static IP address reservation for the xbox in the LAN subnet. That should be in the private LAN subnet and as such there is no need to obscure it.

The translation address needs to be the WAN address not LAN.

Master Henry

@stephenw10

The Source IP address is my Xbox. I switched to WAN instead of LAN for translation and it's still strict after restarting my Xbox. I haven't rebooted my router.

stephenw10

With the rule as it was set I'm surprised the xbox could connect out at all. Try clearing the states.