Pfsense behind NAT router issue

Arisian

Hello everyone!

Hope all of you are having a wonderful Christmas break (if applicable).

I have a quick question, I hope, about open ports using pfsense and a router handling dhcp

The last 7 years I lived in communist China, using a pfsense box, and it was a wonderful experience because… well, China + firewall = necessary especially if you work in media, like I did.

I returned to the States, immediately dropped the firewall because I was too busy to build a box, and had a computer legitimately hacked and money was illegally transfer using a computer on my network - apparently(IE, FBI called, etc). All was well, but dammit all... it's time for pfsense again because calls from government agencies is the opposite of fun.

So, here's my setup. Using a Netgear AC 1900 router in front of my psense setup. WAN -> PFSEnse -> ROUTER.

Pfsense LAN setup - > 10.10.10.1
ROUTER DHCP POOL - > 11.11.11.1 - 254

Pfsense box is built on :
Intel(R) Pentium(R) 4 CPU 3.00GHz
2 CPUs: 1 package(s) x 1 core(s) x 2 HTT

General Settings:
passing all xbox live ports to the main LAN address on the router
passing all xbox live ports to the main LAN address of the xbox
Using pfblocker
Using Snort, but it's not working at the moment

xbox 1 is set up on a static ip of 11.11.11.19

I'm having my router handle DHCP because we have a central media server that we'll ripped all our DVD's onto in HD (Plex server) and the router is great about moving that kind of traffic over it, especially since the host and the client are wired connections.

Nonetheless, I'm having Xbox 1 NAT issues, that are caused by pfsense (removed the pfsense box, the router passes through ports correctly and NAT is open under that setup).

So, here are my questions:

1. All my NAT rules for passing correct Xbox Live Ports are not working
2. Should I have pfsense handle DHCP, I'd prefer for LAN traffic to JUST pass over the router in order to maximize speed + reduce firewall load? Is this correct thinking? I assume that if I starting using the pfsense box for dhcp, then all LAN data would then pass over it and my router.
3. I've read through every xbox live post available on the internet, and it seems to still be an issue

Anyways, feel free to treat me like a dummy because I'm not entirely sure if my logic is sound on this (though be nice!)

Cheers!
Brian
![Screen Shot 2014-12-24 at 12.47.15 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png)
![Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb)
![Screen Shot 2014-12-24 at 12.47.15 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png)
![Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb)
![Screen Shot 2014-12-24 at 12.47.15 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png)
![Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.47.15 PM.png_thumb)
![Screen Shot 2014-12-24 at 12.46.57 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.46.57 PM.png)
![Screen Shot 2014-12-24 at 12.46.06 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.46.06 PM.png)
![Screen Shot 2014-12-24 at 12.46.06 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.46.06 PM.png_thumb)
![Screen Shot 2014-12-24 at 12.46.12 PM.png](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.46.12 PM.png)
![Screen Shot 2014-12-24 at 12.46.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-12-24 at 12.46.12 PM.png_thumb)