Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Xbox Live - Strict NAT

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      charger767
      last edited by

      Hello,

      I have read several articles on these forums regarding a common issue with Internet connections and XBL but have not been able to find a solution.  I was hoping someone may be able to assist…

      My issue is that I just purchased an Xbox One but am showing "Strict" for the NAT type.  To solve this problem I have tried the following:
      -Enabled UPNP (ports 53-65535 for my statically assigned Xbox's IP)
      -Manually created NAT port forwarding rules
      -Set the Outbound rule creation to Manual

      None have seemed to help.  When I created the manual port forwarding rules and turned on UPNP I was able to get "Moderate" momentarily but even that has since ceased to work.  Also, I should note that when I set the Outbound NAT forwarding rules to Manual it seems to "kill" my internet for other devices so I have reverted that back to Automatic.

      Please let me know which information I need to post.  I will gladly provide screenshots of my configuration but at this point am not sure what else to try.  I have seen several different threads on here all with wildly different approaches...some of which worked for a few while others had to try different configurations.

      Any help would be greatly appreciated.  Just let me know where to start and what information to provide!

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • C
        charger767
        last edited by

        I just tried explicitly forwarding all ports for my xbox and turning on Upnp again and still shows strict….how is that possible?  Also, if i forward all ports isnt Upnp essentially moot at that point?

        To provide a little more information here I have pfsense running as my primary router which is plugged directly into my modem.  I have 2 other NIC's in my server running pfsense.  1 is attached to an AP for my wifi and another is for the LAN which is then connected to a switch and ultimately my xbox.  I have a few ports forwarded for things like my webserver and ssh etc but other than that I have a pretty standard home networking setup.

        Based on this article: https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live    I think I only need to forward a few ports.  I manually put each of those in but still have the same issue so I tried forwarding all ports and still nothing.    If someone responds willing to help I will post my ruleset screenshots in hopes that I may have just misconfigured something.

        Any help is greatly appreciated.  Thanks

        1 Reply Last reply Reply Quote 0
        • C
          charger767
          last edited by

          Figured it out…Hopefully this will assist someone in the future.

          First of all it seems to be important to restart any switches in between the xbox and pfsense.  I also restart pfsense after making changes to be safe.

          I had to enable UPNP, set it as static port, and use manual outbound NAT rules.  I have a separate NIC for my wifi so that is why I thought it was "killing"  my connection.  Therefore I had to add 2 entries (one for WIFI NIC, and one for LAN NIC).  The LAN rule HAS to be at the bottom!!

          I did NOT have to add any NAT/port forwarding rules, just had to create those 2 manual outbound rules and enable UPNP.

          This is my UPNP rule:  allow 53-65535 192.168.0.109 53-65535.  I left all the default config for UPNP except enabled the default deny checkbox.

          1 Reply Last reply Reply Quote 0
          • J
            jespejo
            last edited by

            For about a year was trying to figure this out. A whole slew of port alias', Nat rules and a bunch of reboots and retrys.  In the end it was 2 of the three you indicated, but the kicker was NAT:Outbound which you mentioned and got more details from this thread

            by boxsterguy
            https://www.reddit.com/r/PFSENSE/comments/6cip47/xbox_nat_is_strict/

            Thanks for starting point…

            I deleted all crap i did in the past, including port alias and nat rules pointing to the the xboxone.

            All i needed was the following on pfsense with Xbox totally shutdown

            1.create a DHCP Static IP for Xbox
            2.turn Upnp on with Default deny with one ACL allow 53-65535 172.16.x.x/32 53-65535
            3.Firewall>Nat>Outbound>Hybrid
            4.created a mapping: Interface WAN, source  Network/IP:32, Dest ANY, Under Translation ticked on Static Port and saved
            5.turn on Xboxone

            No rebooting of Pfsense or switches needed, which I read in other threads. No totally OPEN. Son is appreciative he can host a game.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.