XBOX 360 - What you really need to get it working - with no NAT warnings
-
I have followed all the threads and the stickied thread is accurate except for one thing. Port 88 needs to be TCP and UDP NOT UDP only, this change along with using UPNP as listed in the stickied thread fixed everything for me including allowing multiple xbox's to connect at the same time. Microsoft doesn't document that TCP is needed for 88, however the packet captures show it is being used by the xbox. I no longer get NAT warnings and can connect to all games/parties that I previously had issues with.
Hopefully this helps others.
-
I tried everything on this site to get a non strict/moderate NAT but nothing worked. So I just used a spare NIC I had and put the xbox on a DMZ, this worked and everything registers in uPnP just fine now.
-
All you should every have to do to get the Xbox to play nice with pfSense is enable UPnP, set a static DHCP lease for your Xbox, and adjust your outbound NAT to utilize static NAT entries for the IP of your Xbox.
If that doesn't work and you are using a managed switch, check if you have any security options enabled on it. I mention this because my ProCurve 1810's Auto DoS feature (what a name!) often caused havok with Xbox Live until I disabled it.
Port 88 is utilized by Kerberos, which can use either UDP or TCP. IIRC, it tries TCP first, although this is how Windows domain controllers utilize it, Xbox Live might be completely different.