How to allow a clients xbox access to new through pfSense?
I have a WISP, clients connect to our router via antennas, in Wireless ISP mode..
I have a client with an Xbox that is unable to get it to connect cause of some NAT error.. how can i allow this to access the net? Their setup at home is through an AP with dhcp on their lan, thein antenna to connect to us is plugged into the WAN port of their AP.
II have a client with an Xbox that is unable to get it to connect cause of some NAT error.. how can i allow this to access the net?
Its pretty hard to answer without more specific information about the "NAT error". Is there anything relevant in the firewall logs? Can the user complete the sentence When I do … I see ... but I expected to see ..."
Does doing some variation produce a different result or different error report, for example using the IP address instead of the hostname?
I don't have an Xbox on my network nor have I ever used one but…
Doesn't the xbox expect to be able to use upnp?
I'll have to find out some more info from the client, as i have no idea.. never used an xbox in my life.
He told me a bunch of TCP and UDP ports that apparently need to be opened, and that when he set it up that it gave him an error about the NAT and that the ports needed to be opened. Will have to go there and see for myself to know exactly what the error is.
There is also this:
Forwarding all those ports seems a bit extreme. What if you have more than one xbox behind a router?
UPNP should solve a lot of this.
Edit: There's a howto: http://forum.pfsense.org/index.php/topic,13887.0.html
Thanks for that Steve.. i am not sure what upnp is if i was to do that, would it work if say other clients have xboxes also?
With upnp the xbox, or any other client, requests a port to be forwarded and the router will automatically setup the appropriate port forwarding and firewall rules. If another xbox requests the same ports the router can tell it that port is already in use and the xbox can switch to another port.
I've not tried upnp on pfSense so I can't give you any details.
There are various opinions as to the security implications of upnp. ;)
Thanks again Steve I have just enabled upno and will get the client to test if he can connect now, and then see from there. Are you saying that it is not a good idea to have upnp enabled?
Are you saying that it is not a good idea to have upnp enabled?
I would say, not if you don't need it. You seem to have a clear need for it though. Just be aware that it effectively allows any client behind your firewall to open ports and setup port forwards. Since you are a WISP this is perhaps more of a risk than for other users who can control what is behind their firewall.