Xbox on the network



  • when connected with xbox, i see that my NAT Type is Strict (in red, so that cant be good).

    what ports/rules to i need to create in pfSense to change the NAT Type?

    should upnp be enabled?  i believe it is disabled in pfSense by default.

    thanks.



  • xbox support says to turn on upnp, so i guess i will start with that.

    Solution 2: Turn on UPnP on your network hardware

    Universal Plug and Play (UPnP) is a standard that helps routers communicate effectively.

    If your router or gateway supports UPnP, make sure this setting is turned on. Refer to your hardware documentation for help turning on UPnP. Most hardware manufacturers have websites that include support information.

    If you change the UPnP setting on your network hardware, restart your hardware and test your Xbox LIVE connection.

    http://support.xbox.com/en-US/xbox-live/connecting/nat-type-strict#e9df07c84eec4d549a9a313c74efbaec



  • i enabled, upnp, but xbox still says i am strict.

    does pfsense need a hard reboot to confirm the changes are in fact working/in place?



  • can a mod move this, i just saw the gaming forum.

    :)



  • this worked, but i did not complete all the steps (i didnt assign a static IP to my xbox).

    i highlighted the steps i did in red.  also, i am running 2.0.1

    http://forum.pfsense.org/index.php/topic,43624.0.html

    I have searched and searched and every suggestion I have found failed in one way or another.

    This is what worked for me from a fresh install of Pfsense

    SETTING UP Pfsense for XBOX360 only 1 xbox is used.

    Step 1: Set up the xbox under DHCP Server to use a specific IP. I used 192.168.0.5

    Step 2:

    GOTO: Services: UPnP & NAT-PMP

    Only the changes from Default are listed below.

    Enable UPnP & NAT-PMP –- CHECKMARKED
    Allow UPnP Port Mapping --- CHECKMARKED
    Allow NAT-PMP Port Mapping –- CHECKMARKED
    Interfaces (generally LAN) –- LAN Selected
    By default deny access to UPnP & NAT-PMP? –- CHECKMARKED
    User specified permissions 1 --- allow 3074 192.168.0.5 3074

    Click on change

    Done fire up xbox and go on live.

    Nothing else was done or changed anywhere.

    Suggestions are Welcome



  • I have two xbox lives on my network, I have them set up with static DHCP and have them mapped through upnp and outbount NAT.  I don't get any problems with NAT or with online play, but the two machines can't join games with each other.  Whenever they try the joiner gets "The game session is no longer available."  Please Help, this has been a problem for some time.



  • Im no fanboy The console are as good as each other but i just prefer the xbox. I love them both i own them both x



  • @mosesjf:

    I have two xbox lives on my network, I have them set up with static DHCP and have them mapped through upnp and outbount NAT.  I don't get any problems with NAT or with online play, but the two machines can't join games with each other.  Whenever they try the joiner gets "The game session is no longer available."  Please Help, this has been a problem for some time.

    I had a similar problem to this, and I think it is caused by pfSense not having NAT reflection implemented for UPnP port forwards. My guess is that when the first Xbox tries to connect to the second in game it uses your external IP address, and because this isn't reflected back to the internal IP address in the network, the connection fails.

    The way I have gotten around this (which is not a perfect solution but works) is to set up a manual port forward to each Xbox which matches the UPnP port forward, and turn on NAT reflection for the manual port forward. It helps to also set up some UPnP reservations in the UPnP settings, otherwise the port will change and you'll need to edit the manual port forwards constantly.

    Post back here if this isn't making sense, and I could probably post some more detailed instructions.



  • Ok, first off, there is no need for manual port forwards.  You are all close, however you are forgetting to configure Outbound NAT specifically for the Xbox 360.  By default, outbound source ports are randomized by the firewall as a security feature.  Xbox Live does not seem to play nicely with this.  My guess is that the Xbox somehow encapsulates the packets and specifies a source port inside this encapsulation which is not adjusted by pfSense, therefore the return traffic hits a port thats not mapped.

    What does this mean?  You have two options.  One is to follow the instructions on the link below to change this behavior for all of your LAN.  The second is to enable Static Port for only the Xbox (or Xboxes).  Basically, enable Manual outbound NAT and create an entry for the Xbox.  To do this properly, your Xbox needs to maintain a static IP, so the best thing to do is create a static DHCP lease on the DHCP server page.  Then, create the static outbound NAT entry tied to that source IP.  If you only see the network option and not host in the drop down box, put your xboxes IP and select /32 which equates to a host entry.  When finished, it should look like the attached image.

    Those of you who created manual port forwards, if you want to use UPnP I suggest you clear out all the manual entries you created.

    Read more here.
    http://doc.pfsense.org/index.php/Static_Port

    ![Screen Shot 2012-05-08 at 4.49.03 PM.png](/public/imported_attachments/1/Screen Shot 2012-05-08 at 4.49.03 PM.png)
    ![Screen Shot 2012-05-08 at 4.49.03 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2012-05-08 at 4.49.03 PM.png_thumb)





  • tyyyyyyyyyyyyyyy



  • Try testing your connection on the xbox under settings, that should change your nat to open



  • Just to throw this out there. For xbox to easily have open NAT, it requires DHCP + uPNP.
    http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=393

    To secure your upnp, I would recommend checking the box next to "By default deny access to UPnP & NAT-PMP?"

    Then in your rule set next to "User specified permissions 1" set "allow 3074 xbox.ip.address 3074"

    Setting a static DHCP reservation in pfsense will not work in your main subnet.

    http://doc.pfsense.org/index.php/Why_can't_I_have_static_mappings_inside_my_DHCP_range%3F


Locked