HOWTO: XBOX One and Open NAT

iculookn

I just updated my system to a new XG-7100, so time for an update with latest 2.4.4 screenshots, plus I have taken into consideration everyone's comments and updates.

so main changes needed are

1. Use Hybrid Outbound NAT instead of Manual
2. Check Default Deny under UPnP to only have the XBOX use UPnP.
3. Closed up the ports opened with the ACL to "allow 1024-65535 XboxIP/32 1024-65535"

The last 2 changes are just to make it more secure, so the original settings should still work.

NogBadTheBad

@iculookn said in HOWTO: XBOX One and Open NAT:

so main changes needed are

Use Hybrid Outbound NAT instead of Manual
Check Default Deny under UPnP to only have the XBOX use UPnP.
Closed up the ports opened with the ACL to "allow 1024-65535 XboxIP/32 1024-65535"

The last 2 changes are just to make it more secure, so the original settings should still wor

There's no need for IPv4+IPv6 in your outbound NAT entry, just use IPv4.

thunderman

Hello,

I did a full howto for Xbox One without UPnP/DMZ.

Topic : https://forum.netgate.com/topic/144291/howto-multiples-xbox-play-together-without-upnp-dmz
Howto : pdf : https://forum.netgate.com/assets/uploads/files/1560932072924-pfsense_multiples_xboxone_v0.1.zip

Nyarlathotep

@iculookn

Add a "deny" rule to the top of the UPnP rules to block port 3074; doing so will force the consoles to use different ports for Xbox Live. Here are my rules:

Here is what happens when port 3074 is blocked:

Those are the same rules I used with a UniFi USG Pro, and they also work well with pfSense (both Xbox Ones show "Open NAT").

mike3y

I know this is a stale topic, but I've followed this. Both appear to only show Open NAT within games.

I'm not able to join two consoles to the same GTA 5 session.

Any advice?

rajeshh

@thunderman
Thank you for your guide. I tried following many of the other usual guides that involve uPnP and yours is the simplest of all.

sikita

Hi, just for those who is looking for solution of OPEN NAT in pfSense 2.4.5 and could not get it working with private IP on WAN (192.168..., 10.10..., 172.16...) using UPNP. You are behind second NAT of your internet provider and you have to add this line to /var/etc/miniupnpd.conf with your public IP:

ext_ip=XXX.XXX.XXX.XXX (<=write your public IP here)

setting manual PORT in console advanced network settings and opening that port in NAT is also recommended.

LakeWorthB

I am trying to set this up, but am failing on the uPnP step. On the xbox I get "uPnP not succesfull" any ideas? I don't see where in the logs it would log communications for uPnP

LakeWorthB

@LakeWorthB So I fixed the uPnP issue, as I had to override WAN address. But still in Moderate NAT type. One thing I notice is in the uPnP status, I only get one port 3074 for the xbox series s. Shouldn't I see all the various ports?

WaxBear_79

I've had to allow uPnP (ports 5351, 1900 and 2189 to the firewall) and IGMP (to 224.0.0.2) to make this work, since my Xbox resides on my IoT VLAN which has limited access.

Following the manual on https://www.amixa.com/blog/2020/04/02/how-to-get-open-nat-with-xbox-or-xbox-one-and-pfsense-firewall/ and adding these rules now NAT is detected as open by the Xbox.