The pfSense Store

Author Topic: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)  (Read 96216 times)

0 Members and 1 Guest are viewing this topic.

Offline BerSerK

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +2/-0
    • View Profile
Hi,

I've read a lot of threads about the xbox reporting a strict NAT and problems connecting to games on XBL but I didn't see any thread with all the info so here's what I did.

Port Forward Method

I have a basic pfSense router with 3 interfaces, LAN/WAN/DMZ, I have 1 Xbox 360 on my LAN.

1. I create a "XBOX360" aliases for the IP 192.168.1.90 that I configured on my Xbox 360.

2. We need the port forward port 88 UDP and port 3074 TCP/UDP from the WAN to the XBOX360.

3. My UPnP is OFF.

4. In NAT: Port Forward, add 2 rules (see nat_port_forward.png) ;
"WAN UDP 88 XBOX360 88"
"WAN TCP/UDP 3074 XBOX360 3074"

5. Verify that the rules have been auto added in Firewall: Rules. (see rules.png)

6. In Firewall: NAT: Outbound, select the "Manual Outbound NAT rule generation" and add 2 mappings like this (see firewall_nat_outbound.png) ;
"WAN 192.168.1.0/24 * * 88 * * YES"
"WAN 192.168.1.0/24 * * 3074 * * YES"

can anyone add to this or correct if I made mistakes...or I should use UPnP ?

From my understanding UPnP would be useful if one doesn't not want to configure the port forwarding or when you have multiple Xbox 360 on your LAN.

Thanks a lot.

This thread could become a sticky if the mods consider it complete.

« Last Edit: January 30, 2009, 04:27:34 am by GruensFroeschli »

Offline BerSerK

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +2/-0
    • View Profile
Xbox 360 upnp
« Reply #1 on: January 28, 2009, 11:58:49 am »
UPnP Method

1.  Create a DHCP reservation for your Xbox MAC adress, I used 192.168.1.90 for mine. (see dhcp_reserv.png)

2.  Enable UPnP service for the interface where your Xbox is connected. (see services_upnp.png)

3.  OPTIONAL, enable the "By default deny access to UPnP?" checkbox and add the following user specified permission "allow 88-65535 192.168.1.90/32 88-65535".  That will disable UPnP except for your Xbox. (see services_upnp.png)

4.  In Firewall: NAT: Outbound, select the "Manual Outbound NAT rule generation" and add a mapping like this "WAN 192.168.1.90/32 * * * * * YES" (see firewall_nat_outbound.png)

I have no additional port forwarding in my NAT rules.

I hope I make myself clear!
« Last Edit: January 29, 2009, 07:25:19 am by BerSerK »

Offline databeestje

  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +1/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #2 on: August 13, 2009, 02:27:37 pm »
What worked for me was adding a rule for multicast traffic, after adding that the xbox will automatically add a port forward through upnp wherever it lives. That worked for me atleast.

The default LAN subnet will not match the multicast traffic and thus block it.

Add these 2 allow rules on the LAN interface.

 *     LAN net     *     224.0.0.0/8     *     *     none           Allow Multicast
*    LAN net    *    239.0.0.0/30    *    *    none         Allow Multicast 

This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #3 on: August 18, 2009, 09:04:38 am »
This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP

That sounds like a good idea, though it might be best if there were a checkbox option on Advanced Options to automatically add multicast rules when multicast-dependent services are enabled, then UPnP, Avahi, etc could set an internal flag somehow to trigger these rules.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline SilentGreen

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #4 on: December 17, 2009, 11:11:43 am »
That sounds very good too me, because i have a similar issue with the Messenger (Windows and some Macs) on a hotel network, serving at least 60 rooms. Just enabling UPnP didn't solve the issue alone, so i will add the provided information manually in my NAT to see if it's running.

Thank you so far...

Offline lotacus

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #5 on: January 31, 2010, 09:29:48 am »
I guess "enable multicast" is enabled in the background now? I got upnp to work once and only once. Now its fubar and nothing has changed on the firewall or network.

Offline hack2003

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #6 on: July 02, 2010, 01:27:30 am »
i tried to use the same method with utorrent but without the manual NAT rules.
and it works fine.

Offline bradenmcg

  • Full Member
  • ***
  • Posts: 133
  • Karma: +0/-0
  • AS13697
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #7 on: July 28, 2010, 07:31:28 pm »
Your static NAT outbound mappings don't look right.

Ideally, rather than having a source of 192.168.1.0/24, use 192.168.1.55/32 (where .55 is the static IP of your Xbox).

Otherwise, ANYTHING that has a destination port of 88 or 3074 will always be static NAT'ed, which you might not want if you have a non-Xbox client using those ports.

Offline josephnexus

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #8 on: September 29, 2010, 12:49:21 am »
I guess "enable multicast" is enabled in the background now? I got upnp to work once and only once. Now its fubar and nothing has changed on the firewall or network.

Is this the case?  I've been having trouble getting a bunch of Xboxes on my network all connecting at the same time.  I'm wondering if this could be the issue.  I'm running the latest stable version of PfSense.  I've enabled upnp (and logging for it) and see the Xboxes getting the ports via upnp.  I went to Firewall -> Nat and made outbound Nat use a static port, but people are still having issues.  Am I missing something?

Offline storkus

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +1/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #9 on: December 06, 2010, 10:45:22 pm »
This is all well and good for one gaming machine or computer, but I'm using pfSense on a motel network where multiple machines and ports are used and we can't be adding exceptions all the time--especially since I'm the only computer literate person here!

After upgrading from 1.2.3 to 2.0beta4, a guests Xbox360 stopped working.  uPnP did nothing.  Someone elsewhere mentioned that pfSense does port randomization by default and that it can break stuff.  After seeing the official docs on the subject, I simply turned it off for the whole network:

Go to Firewall>NAT>Outbound and select manual (AON)
Then click on the default WAN rule, scroll down, and select "Static port", then save

Everything will now work by magic, though obviously you lose that bit of security; then again, though, this IS a public network, so...

Mike

Offline vronp

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #10 on: December 23, 2010, 09:36:09 pm »
Neither method works here on 1.2.3

It's pretty funny that one can find posts that describe 10 different ways "that work".

I wish one of them worked for me.

Offline lint

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #11 on: January 01, 2011, 08:20:47 pm »
Neither method works here on 1.2.3

It's pretty funny that one can find posts that describe 10 different ways "that work".

You should try to change the outbound NAT settings instead of using UPnP.

In the pfSense interface, go to Firewall - NAT - Outbound.  Change Automatic to Manual.  Then, create or modify the default mapping so that static port is checked.  

It should look like:

WAN 192.168.100.0/24 * * * * * YES

Once saved, you should be able to connect to Xbox Live with a moderate NAT type instead of strict.  This is typical of connections with a firewall.

Further, you can port forward UDP 88 and TCP/UDP 3074 to your Xbox if you wish to have more accessibility.  

(Confirmed with pfSense 1.2.3 running nanobsd on an Alix 2c board)
« Last Edit: January 01, 2011, 10:24:15 pm by lint »

Offline lint

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #12 on: January 22, 2011, 09:22:24 pm »
I tested UPnP since some people are having trouble.  I got it working just fine, and now have an open NAT connection to Xbox Live.

I pretty much did the same thing that BerSerK posted above, but limited the outbound ports for UPnP to the Xbox Live ports.

Step 1
Set Xbox to static IP (or assign a static through DHCP).

Step 2
Services -> UPnP
Checked to enable UPnP
Set to LAN Int
Checked to enable "By default deny access to UPnP"
Set following permissions:
allow 88 x.x.x.x 88
allow 3074 x.x.x.x 3074
(x.x.x.x is static IP of Xbox)

Step 3
Firewall -> NAT -> Outbound
Change from Automatic to Manual, then press save.
A rule will be automatically created.  Edit it and check "static port," then save and apply.

Step 4
Test Xbox live and confirm UPnP is working by checking the following:
Status -> UPnP

Note: If you have an Open NAT type, but cannot locate lobbies, the problem is most likely that you did not complete step 3.  Go back and try again.
« Last Edit: January 22, 2011, 10:11:37 pm by lint »

Offline Sikh

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #13 on: January 24, 2011, 10:43:07 pm »
Works for only 1 xbox, not multiple.

Offline databeestje

  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +1/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)
« Reply #14 on: March 09, 2011, 07:14:20 am »
I have just committed a fix that automatically creates multicast filter rules on 2.0 so that the 360 can communicate with the miniupnpd deamon.

This thread is full of #fail with conflicting or downright wrong advice. I'm amazed in a sort of way.