Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Xbox One (incl. S and X) - Howto for Open NAT

    Scheduled Pinned Locked Moved
    Gaming
    3
    5
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MikeV7896M
      MikeV7896
      last edited by

      I don't easily see a definitive Howto for how to get Open NAT on the Xbox One, and I've done this on both my Xbox One and Xbox One X, even simultaneously, and have no problems with both getting open NAT for Xbox Live, so I wanted to share my settings. I'm running pfSense 2.4.2 now, though I was running 2.4.1 when I set it all up. I'm not using UPnP at all, so there's no risk to network security for other devices or programs that could open ports using that. It's possible that UPnP could actually interfere with the settings I provide below, so if you have issues, try disabling UPnP first.

      Here's how I did it…

      1. First, set a static IP address or DHCP reservation for the console, whatever you prefer. If you have multiple consoles, see the note below on grouping multiple consoles together with neighboring IP addresses to simplify the Outbound NAT rule.

      2. Verify the port number in the Xbox network settings. If you have multiple consoles, go into the advanced settings and manually choose a high port number. Each console will need to use a different port number for this to work.

      3. Create the port forward(s) in the Firewall > NAT > Port Forward. TCP/UDP, port number, and forward to the IP address you assigned to the console. Reload the filter when done.

      4. Go to the Outbound NAT settings. Set to Hybrid. This will allow you to create your manual rule for the Xbox, but allow everything else to still operate using automatic rules. Save. If you are using manual Outbound NAT for other reasons, then you can likely keep it manual and just create the appropriate rule for the Xbox IP address(es).

      5. Add a new Outbound mapping. Specify the IP Address of your console as the source and 32 for the mask for a single console. If you have multiple consoles, see the note below for a change to the IP address and netmask settings. In the translation section, check the box for Static Port.  Save this rule. Reload the filter again.

      You're done. Go back to your console, make sure the IP address is set properly if you're using a DHCP reservation, and if all is good, you should have Open NAT, at least for Xbox Live services. It's possible that other games may need other ports open too, but at a minimum, this should meet the core requirements for Xbox Live.

      ** For multiple consoles **
      If you have multiple consoles, use neighboring IP addresses that are within a smaller network range. By doing this, in the Outbound NAT rule, you can specify the netmask that corresponds to the size of your smaller address block. In the future, you can add more consoles just by adding a port forward (and DHCP reservation, if you're using that method). If you need to increase the size of the "network" to accommodate more consoles, just change the netmask in the outbound NAT rule.

      If you really want to, you could just simply create multiple Outbound NAT rules, one for each console… but I prefer the idea of having all my consoles grouped together with neighboring IP addresses, just for the purpose of network management.

      Example scenario...
      Xbox One: x.x.x.161, port 55123
      Xbox One X: x.x.x.162, port 56124
      Created two port forwards, one for each console
      Set Outbound NAT to Hybrid
      Created manual Outbound NAT rule, x.x.x.160/29 (allows use of addresses from x.x.x.161-166), checked static port setting

      If I need to add more consoles in the future (I doubt I ever will, but just to entertain the idea), I can change the /29 to /28 and go from 161 to 174 in IP addresses for consoles.

      IMG_1154.JPG
      IMG_1154.JPG_thumb

      The S in IOT stands for Security

      G 1 Reply Last reply Reply Quote 1
      • W
        Wayne.C1972
        last edited by

        Does this work for both consoles playing the same game at the same time? (ie. Rainbow Six Siege, The division, For Honor, COD MW remastered….)

        2.3.4-RELEASE-p1 (amd64)
        built on Fri Jul 14 14:52:43 CDT 2017
        FreeBSD 10.3-RELEASE-p19
        Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
        4 CPUs: 1 package(s) x 4 core(s)
        8GB Ram
        Watchguard XTM 5 series firewall

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          If the game uses Xbox Live for everything on the network side, then I would think it would work.

          If the game uses its own servers, a different port number that you can't change (to make each console use a unique port), or requires UPnP, then obviously my solution would not work.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • G
            GamaTech @MikeV7896
            last edited by

            @virgiliomi Thanks! This still works on current Xbox consoles and latest version of PfSense 👍🏼

            1 Reply Last reply Reply Quote 0
            • MikeV7896M
              MikeV7896
              last edited by

              Yep, and Windows 10 as well, though you need to run a netsh command in Windows to get Teredo to use a specific port. But it does work. :) I'm up to a gaming laptop, gaming desktop, Xbox One X, and Xbox One, all with open NAT in the Xbox Live network test.

              Though the Xbox One gets kicked to the curb next week. 🙂

              The S in IOT stands for Security

              1 Reply Last reply Reply Quote 0
              • First post
                Last post