Xbox 360-Open NAT but still blocking traffic?

  • This has been driving me insane so I'm hoping you guys can shed some light for me.  I couldn't find anyone else with this issue so I am sorry if I missed it somewhere.

    First off, my current setup is like this Modem > Asus RT-N66U ( > pfSense Wan( > pfSense LAN ( > gigabit switch > Xbox360( assigned via pfSense.  I realize that I shouldn't have the Asus in there but at the moment I can't do anything about it.  I did however setup my pfSense box as a DMZ ( so everything is coming to it.

    So right now I have upnp turned on with no user specified rules.  The Xbox and all of the games I have tried report open NAT and in the upnp status page it says: 'Xbox ( 3074 UDP' so upnp appears to be working.  This is where it gets weird though.  When I try to do a chat or party with a friend over live his IP pops up in my firewall log with port 3074 trying to get to pfSense box) on a random port which is blocked.  Since it is blocked the connection always fails.  As a matter of fact, if I join any gears of war online game I always get a few different IP's coming in on random ports trying to get to I haven't seen 60396 listed anywhere in reference to Xbox Live so I am not sure why it wants that port so much.  Also, I cant help but notice that the destination IP is always the pfSense WAN instead of my Xbox which I think is the problem.

    Short of putting another NIC card in my pfSense box and making my xbox a DMZ or forwarding every port to it I don't know what to do.  I'm thinking the Asus router is screwing everything up for me but I'm not 100% sure.  If you guys have anything I could try I would greatly appreciate it.

  • You should have the Asus behind your pfsense box in bridge mode and do NAT only on pfsense. Is there a reason you have it setup before pfsense?

  • Unfortunately its not my network to start switching around components around. The whole reason I set up a pfSense box was to play around with it and get familiar with it so when I get out of here and have my own house I am used to it.  I've already learned a ton and I am enjoying playing with around with it.

    Do you think the Asus router is what is causing the issues?  I know having double NAT is asking for problems so I wouldn't be surprised.  Im thinking I might just pop a spare NIC in and mess with having a DMZ just for fun. Like I said I'm open to any suggestions.

