Building my own router.

GeorgePatches · Jun 27, 2024, 2:50 PM

@Master-Henry said in Building my own router.:

I do not want UPNP on.

Any particular reason? It would make life easier for you.

@Master-Henry said in Building my own router.:

How do I port forward?

Step 1, you need to setup your xbox with a static IP. So either manually set that on the xbox or assign it a static lease in pfsense.

Step 2 to X, follow theses instructions. Assigning port forwards

Master Henry · Jun 28, 2024, 12:22 PM

@GeorgePatches

Hey George, sorry for the late response. Been playing around with my pfsense router.

Xbox NAT is still strict if I forward all the required ports by Microsoft/Xbox. For one of my PC programs, I port forward a port and it opened up.

Do I need to enable UPNP? I know that there is a deny tick box. On my consumer routers, I disable UPNP because of security reasons/concerns and for gaming NAT. I would get moderate/strict NAT.

Is there another way?

stephenw10 · Jun 29, 2024, 4:25 AM

You might need a static outbound NAT rule for the xbox to prevent it changing the source port.

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#nat-staticport

JonathanLee · Jun 29, 2024, 4:25 AM

@stephenw10 I went this route for games it works amazingly well, I also have it running on a different subnet and interface so my NAS and secure VPN side doesn’t see or touch the gaming guest network. Great guide

Master Henry · Jun 29, 2024, 8:18 PM

@stephenw10 said in Building my own router.:

You might need a static outbound NAT rule for the xbox to prevent it changing the source port.

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#nat-staticport

@stephenw10 I believe I did it right, but my NAT is still strict. I also added my xbox via DHCP leases and set up a static IP. Are there any other ways without using UPNP?

stephenw10 · Jun 29, 2024, 8:30 PM

How did you do it? You have screenshots?

Master Henry · Jun 30, 2024, 12:24 PM

@stephenw10 🔒 Log in to view 🔒 Log in to view

stephenw10 · Jun 30, 2024, 2:35 PM

The source address there should be the static IP address reservation for the xbox in the LAN subnet. That should be in the private LAN subnet and as such there is no need to obscure it.

The translation address needs to be the WAN address not LAN.

Master Henry · Jun 30, 2024, 2:43 PM

@stephenw10

The Source IP address is my Xbox. I switched to WAN instead of LAN for translation and it's still strict after restarting my Xbox. I haven't rebooted my router.

stephenw10 · Jun 30, 2024, 3:12 PM

With the rule as it was set I'm surprised the xbox could connect out at all. Try clearing the states.