Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP Failing to Generate Rules

    Gaming
    3
    3
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zcallen1
      last edited by

      A bit of background:
      This initially started with me wanting to make sure both my Xbox and my PC playing an Xbox Anywhere Game could play at different times without me having to constantly change the source IP. They don't even need to be playing at the same time.

      I made the move to PFsense when I wanted to set up a home lab. I've had to use PFsense in courses as well so I generally know my way around it. I found numerous guides using UPnP that will allow for multiple devices to access Xbox Live services.

      I've spent the better part of a week trying to get UPnP to work. The most confusing thing to me is not that the end result isn't quite what I want...I'm not even getting that far. it's that UPnP doesn't even seem to be recognizing ANY requests.

      If I check Status > UPnP & NAT-PMP I never see any requests there.

      Eventually I gave up and decided to forward the necessary ports to my Xbox alone to figure it out later. However, that gives an open NAT, but I'm not able to start multiplayer lobbies.

      The final straw that I couldn't just wait until some later date is that when trying to use EA's Origin for Battlefront 2 (It was on sale)...nothing works either. I can download a game, but I can't see friends and the game launches as Offline. In this same instance I tried forwarding all the ports manually.

      So now the setup:
      PFsense 2.4.3-Release-p1

      I have 4 interfaces:
      WAN:

      • re0 onboard RealTEK NIC

      Homelab VLANs:

      • em1.4 LAN
      • em1.5
      • em1.20

      HomeNetwork:

      • em0

      My setup is a bit spaghetti now as I have worked through different suggestions, but I have completely redone and reinstalled PFSense once. I did the basic config and then without doing anything else, set up PFsense UPnP according to a guide. This still did not work.

      I have also done Wireshark captures to see what was going on. As far as I can tell devices are using the multicast addresses to send out SSDP requests on UDP port 1900.

      The miniupnpd says it's listening for requests on 5351 if I have NAT-PMP on, but only 2189 if I turn it off.

      I used Automatic Outbound NAT and configured all interfaces VLANs, and networks. Then after configuring all networks I switched to manual outbound NAT generation. I have static ports checked. I've used Aliases, and direct IPs as well.

      Here are my outbound NAT Mappings(The XboxLive Alias is just my xbox and PC IP 192.168.16.10 and .40): Outbound Mappings

      I then created two Aliases for all Xbox TCP ports and another for all Xbox Live UDP ports. I have switched it to just 192.168.16.40 for now, but it was originally an alias for both hosts:
      Home Firewall Rules

      The multicast addresses and UPnP 1900 were tried after finding someone's post who was also having issues.

      1 Reply Last reply Reply Quote 0
      • H
        Hakon74
        last edited by

        I had the same problem as you.
        In may setup I have a cisco managed switch. In the cisco switch I enabled multicast and on the pfsense LAN created allow rule for ICMP and IGMP.
        It seems to have fixed the upnp issue.

        1 Reply Last reply Reply Quote 0
        • W
          WaxBear_79
          last edited by

          If anyone should stumble across this post, check out my reply https://forum.netgate.com/post/954396
          Opening port 1900 isn't enough, you'll also need to open up 2189 and 5351 for uPnP to work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.