Xbox 360 –> Change Strict NAT to Open NAT

  • Hello!

    I have been using PFSense for a couple years now and have enjoyed it as a home firewall solution.  I have been reading through your forums looking for some advice on how to setup the PFSense firewall to allow an open NAT to Xbox Live.  Although this is not extremely important for a lot of Xbox games, downloads, etc… It is pretty much required for Halo 3.

    Here is where I am at...

    I have just installed 1.2RC3.

    I have tried doing a static port forward, and yes... applied firewall rules, for ports 3074 UDP/TCP and port 88 UDP.  This was with no success.  Still Strict NAT.

    Turning on uPNP allows for an open NAT to Xbox Live.  This works well, and fixes my gaming issue.

    I am not a fan of uPNP, and ultimately would rather define something static to get my xbox 360 going, just with the necessary gaming port ranges.

    I do have an additional IP Address that could be used for a possible 1:1 NAT configuration.  It is a dynamic address so I do not know if this prohibits the ability to set a 1:1 NAT up.  Ultimately if I can do this with one address I would much rather as I am paying for the additional address, am no longer using it, and would like to...well...stop paying for it.

    Any and all help is greatly appreciated.  I hope that I am looking in the right place.  I wasn't sure if this would be considered a general configuration issue, or if it was particular to gaming.

    Peace... ;D

  • You can define rules who can access what on the upnp page.

    I think the easiest way would be to forbidd access to upnp for everyone except the xbox, and only allow the ports you know will be mapped.

    A dynamic address is a problem if you want to use a VIP (you can only define static IP's for VIP's).

    If you defined static mappings and still have problems, i think you probably didnt forward all the necessary ports.

  • I very much appreciate your feedback.

    I have defined the static maps as the forums have indicated from other members.  I did read something about setting up the advanced outbound NAT but I am unfamiliar with this option.

    If you can offer any advice as to setting up the static maps this would be optimal.

    Do you also know, or could provide a simple example on how to configure UPNP as you mentioned below?

    And if you celebrate….HAPPY TURKEY DAY!!!!


  • I assumed you already did set the advanced outbound NAT so that it does not scramble the sourceport.
    Do that first.
    In the gaming section are a lot of threads about xbox behind pfSense.
    I think it would be best if you read some of them since they have lot of troubleshooting in them.

  • I have ready most of the xbox 360 posts.

    but mostly appreciate your help.

    I have denied uPNP for all devices, and allowed the 360 w/ a custom port range of 88-3074 and I am in like Flynn.

    Thanks again for your guidance.  Now I just need some help w/ my FTP server post ;)

    It is the newest.


  • You can tighten up your UPnP rules some more by setting up an allow rule for port 88 and another allow rule for port 3074.  The UPnP Settings page allows for 4 user specified permissions and this way you're not allowing ports 89-3073.

  • Is there no way to create additional rules in case I add additional Upnp devices?


  • Hey I'm a total newb to this and im clueless when it comes to networking.  Does anyone feel like taking the time to explain to me the steps i need to do for changing my NAT from strict to open?  I have no idea how to change ports and everything on this computer(I have Vista…quite a pain).

  • Has anyone tried connecting the Xbox 360 to OPT1 and setting up a DMZ?

  • You need to enable the static port option in the advanced outbound nat options.

Log in to reply