HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
-
UPnP Method
1. Create a DHCP reservation for your Xbox MAC adress, I used 192.168.1.90 for mine. (see dhcp_reserv.png)
2. Enable UPnP service for the interface where your Xbox is connected. (see services_upnp.png)
3. OPTIONAL, enable the "By default deny access to UPnP?" checkbox and add the following user specified permission "allow 88-65535 192.168.1.90/32 88-65535". That will disable UPnP except for your Xbox. (see services_upnp.png)
4. In Firewall: NAT: Outbound, select the "Manual Outbound NAT rule generation" and add a mapping like this "WAN 192.168.1.90/32 * * * * * YES" (see firewall_nat_outbound.png)
I have no additional port forwarding in my NAT rules.
I hope I make myself clear!
-
What worked for me was adding a rule for multicast traffic, after adding that the xbox will automatically add a port forward through upnp wherever it lives. That worked for me atleast.
The default LAN subnet will not match the multicast traffic and thus block it.
Add these 2 allow rules on the LAN interface.
- LAN net * 224.0.0.0/8 * * none Allow Multicast
- LAN net * 239.0.0.0/30 * * none Allow Multicast
This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP
-
This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP
That sounds like a good idea, though it might be best if there were a checkbox option on Advanced Options to automatically add multicast rules when multicast-dependent services are enabled, then UPnP, Avahi, etc could set an internal flag somehow to trigger these rules.
-
That sounds very good too me, because i have a similar issue with the Messenger (Windows and some Macs) on a hotel network, serving at least 60 rooms. Just enabling UPnP didn't solve the issue alone, so i will add the provided information manually in my NAT to see if it's running.
Thank you so far…
-
I guess "enable multicast" is enabled in the background now? I got upnp to work once and only once. Now its fubar and nothing has changed on the firewall or network.
-
i tried to use the same method with utorrent but without the manual NAT rules.
and it works fine. -
Your static NAT outbound mappings don't look right.
Ideally, rather than having a source of 192.168.1.0/24, use 192.168.1.55/32 (where .55 is the static IP of your Xbox).
Otherwise, ANYTHING that has a destination port of 88 or 3074 will always be static NAT'ed, which you might not want if you have a non-Xbox client using those ports.
-
I guess "enable multicast" is enabled in the background now? I got upnp to work once and only once. Now its fubar and nothing has changed on the firewall or network.
Is this the case? I've been having trouble getting a bunch of Xboxes on my network all connecting at the same time. I'm wondering if this could be the issue. I'm running the latest stable version of PfSense. I've enabled upnp (and logging for it) and see the Xboxes getting the ports via upnp. I went to Firewall -> Nat and made outbound Nat use a static port, but people are still having issues. Am I missing something?
-
This is all well and good for one gaming machine or computer, but I'm using pfSense on a motel network where multiple machines and ports are used and we can't be adding exceptions all the time–especially since I'm the only computer literate person here!
After upgrading from 1.2.3 to 2.0beta4, a guests Xbox360 stopped working. uPnP did nothing. Someone elsewhere mentioned that pfSense does port randomization by default and that it can break stuff. After seeing the official docs on the subject, I simply turned it off for the whole network:
Go to Firewall>NAT>Outbound and select manual (AON)
Then click on the default WAN rule, scroll down, and select "Static port", then saveEverything will now work by magic, though obviously you lose that bit of security; then again, though, this IS a public network, so...
Mike
-
Neither method works here on 1.2.3
It's pretty funny that one can find posts that describe 10 different ways "that work".
I wish one of them worked for me.
-
Neither method works here on 1.2.3
It's pretty funny that one can find posts that describe 10 different ways "that work".
You should try to change the outbound NAT settings instead of using UPnP.
In the pfSense interface, go to Firewall - NAT - Outbound. Change Automatic to Manual. Then, create or modify the default mapping so that static port is checked.
It should look like:
WAN 192.168.100.0/24 * * * * * YES
Once saved, you should be able to connect to Xbox Live with a moderate NAT type instead of strict. This is typical of connections with a firewall.
Further, you can port forward UDP 88 and TCP/UDP 3074 to your Xbox if you wish to have more accessibility.
(Confirmed with pfSense 1.2.3 running nanobsd on an Alix 2c board)
-
I tested UPnP since some people are having trouble. I got it working just fine, and now have an open NAT connection to Xbox Live.
I pretty much did the same thing that BerSerK posted above, but limited the outbound ports for UPnP to the Xbox Live ports.
Step 1
Set Xbox to static IP (or assign a static through DHCP).Step 2
Services -> UPnP
Checked to enable UPnP
Set to LAN Int
Checked to enable "By default deny access to UPnP"
Set following permissions:
allow 88 x.x.x.x 88
allow 3074 x.x.x.x 3074
(x.x.x.x is static IP of Xbox)Step 3
Firewall -> NAT -> Outbound
Change from Automatic to Manual, then press save.
A rule will be automatically created. Edit it and check "static port," then save and apply.Step 4
Test Xbox live and confirm UPnP is working by checking the following:
Status -> UPnPNote: If you have an Open NAT type, but cannot locate lobbies, the problem is most likely that you did not complete step 3. Go back and try again.
-
Works for only 1 xbox, not multiple.
-
I have just committed a fix that automatically creates multicast filter rules on 2.0 so that the 360 can communicate with the miniupnpd deamon.
This thread is full of #fail with conflicting or downright wrong advice. I'm amazed in a sort of way.
-
Hi everyone,
I tell you even trying all the recommendations indicate, and yet I still have the problem, the Xbox tells me I have a strict NAT.
I updated my version of pfSense from 1.2.3 to 2.0 on 11 March.
Now I work in Multiplayer games without problems, but the message still appears. Someone comes up with some other option?Greetings and thank you very much.
-
This thread is full of #fail with conflicting or downright wrong advice. I'm amazed in a sort of way.
If this howto is outdated or wrong please tell us how to correct it or simply remove the sticky or delete the thread.
-
Yes please. Grace us humble pfsense newbies with the knowledge on how to correctly set this up!
This worked for me in UPnP:
allow 88 x.x.x.x 88
allow 3074 x.x.x.x 3074
(x.x.x.x is static IP of Xbox)With no manual outbound rule generation.
…but I should not have to use UPnP. ::)
Now I have everything set up to NAT ports 80, 88, 53, & 3074; firewall rules; static ports through manual outbound, and XBOX NAT type is still "moderate."Edit: I will gladly provide any details about my configuration in order to assist in finding a proper method to configure this.
-
with upnp enabled the xbox will request a port forward and succeed. It works fine for my xbox 360 at home. I don't get NAT type strict.
The missing multicast traffic rule prevented the xbox 360 from succeeding to add a port forward mapping.
-
with upnp enabled the xbox will request a port forward and succeed. It works fine for my xbox 360 at home. I don't get NAT type strict.
The missing multicast traffic rule prevented the xbox 360 from succeeding to add a port forward mapping.
Thank YOU VERY MUCH. Ive been trying to figure what was the issue.
Any idea when it will go into effect? I just got a second xbox that will be permanent on my network and its not working. One will fail the other one will Open.
Both of them use to be Open / Moderate. But now its Open / Incorrect MTU.
Both are port forward to 80/88/3074/53.
-
with upnp enabled the xbox will request a port forward and succeed. It works fine for my xbox 360 at home. I don't get NAT type strict.
The missing multicast traffic rule prevented the xbox 360 from succeeding to add a port forward mapping.
So has this missing multicast traffic rule been put into play?
I completely erased everything to do with port forwarding, rules etc. First 360 went open, next one had no connection.
