NAT & uPnP Bug or Intended?
So I was finally able to find a configuration that works for multiple XBox Ones with open NAT.
Posted HOW-TO here: https://forum.pfsense.org/index.php?topic=103901.0
Anyway, in all this, I found either a bug or feature I haven't found a doc for.
When an XBox One requests a port via uPnP. It gets the port. Outbound NAT is static ports.
The typical port is XBox's Teredo tunnel, but it can't get a Teredo IP. (Through test multiplayer connection in xbox)
Limiting the port range via uPnP user specified permissions.
Setting a manual port forward to that range for that XBox.
What is expected:
When uPnP requests a port, an automatic (non visible) NAT rule is added for that port for it's session and works for any device.
What I've tested:
As far as I can tell, testing with uTorrent the uPnP and auto-NATs work, however, when it comes to XBox and it's teredo implementation, the auto-NAT seems to be failing. By adding the manual NAT to the teredo port range it gets, it becomes happy and lets traffic pass. Since uPnP port rules sit above firewall and NAT rules, I figured this would have been taken care of, but apparently, there is something just a little off somewhere. Either in pfSense's or XBox's implementation of uPnP.