XboxOne UPNP Open NAT, No Static IP or Firewall Rules.



  • Simply Follw this Doc https://doc.pfsense.org/index.php/Static_Port and set the "Static Port" option for each network you have an Xbox on using UPNP.

    The issue is pfSense randomizes source port by default in the NAT.

    Simply disabling that allows the Xbox an Open NAT using only UPNP.

    No Static IP needed for the Xbox, no extra firewall rules, nothing, just UPNP enabled and that option checked. This should allow 1 or 50 Xbox Ones on the same LAN with no special settings for each. I only have one so I cant 100% confirm that but maybe someone with more then one can.



  • I actually found the opposite to be true in practice. When I used UPNP and randomized outbound ports, my xboxs reported a moderate nat, but were able to play together in multiplayer games.

    When enabling static nat, one xbox was able to join multiplayer games (with open nat) while the other 3 could not. I suspect that the xboxs are accessing static ports that are not reported to UPNP, and therefore all of the packets for that port are being routed back to a single box. With the random source port nat, the router was able to assign a different port for each xbox so the return packets were able to reach the correct xbox.

    I'm not sure if there is a way to tell pfSense to only randomize packets that have the same port, but different lan addresses. If that would even solve the issue here.



  • @arsenic32:

    I actually found the opposite to be true in practice. When I used UPNP and randomized outbound ports, my xboxs reported a moderate nat, but were able to play together in multiplayer games.

    When enabling static nat, one xbox was able to join multiplayer games (with open nat) while the other 3 could not. I suspect that the xboxs are accessing static ports that are not reported to UPNP, and therefore all of the packets for that port are being routed back to a single box. With the random source port nat, the router was able to assign a different port for each xbox so the return packets were able to reach the correct xbox.

    I'm not sure if there is a way to tell pfSense to only randomize packets that have the same port, but different lan addresses. If that would even solve the issue here.

    Right.  The order of setup should be UPNP by itself.

    If that doesn't work then port foward/nat forward.

    I'm sure one setup doesn't work for everything.