pfSense English Support > Gaming

HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)

(1/5) > >>

BerSerK:
Hi,

I've read a lot of threads about the xbox reporting a strict NAT and problems connecting to games on XBL but I didn't see any thread with all the info so here's what I did.

Port Forward Method

I have a basic pfSense router with 3 interfaces, LAN/WAN/DMZ, I have 1 Xbox 360 on my LAN.

1. I create a "XBOX360" aliases for the IP 192.168.1.90 that I configured on my Xbox 360.

2. We need the port forward port 88 UDP and port 3074 TCP/UDP from the WAN to the XBOX360.

3. My UPnP is OFF.

4. In NAT: Port Forward, add 2 rules (see nat_port_forward.png) ;
"WAN UDP 88 XBOX360 88"
"WAN TCP/UDP 3074 XBOX360 3074"

5. Verify that the rules have been auto added in Firewall: Rules. (see rules.png)

6. In Firewall: NAT: Outbound, select the "Manual Outbound NAT rule generation" and add 2 mappings like this (see firewall_nat_outbound.png) ;
"WAN 192.168.1.0/24 * * 88 * * YES"
"WAN 192.168.1.0/24 * * 3074 * * YES"

can anyone add to this or correct if I made mistakes...or I should use UPnP ?

From my understanding UPnP would be useful if one doesn't not want to configure the port forwarding or when you have multiple Xbox 360 on your LAN.

Thanks a lot.

This thread could become a sticky if the mods consider it complete.

BerSerK:
UPnP Method

1.  Create a DHCP reservation for your Xbox MAC adress, I used 192.168.1.90 for mine. (see dhcp_reserv.png)

2.  Enable UPnP service for the interface where your Xbox is connected. (see services_upnp.png)

3.  OPTIONAL, enable the "By default deny access to UPnP?" checkbox and add the following user specified permission "allow 88-65535 192.168.1.90/32 88-65535".  That will disable UPnP except for your Xbox. (see services_upnp.png)

4.  In Firewall: NAT: Outbound, select the "Manual Outbound NAT rule generation" and add a mapping like this "WAN 192.168.1.90/32 * * * * * YES" (see firewall_nat_outbound.png)

I have no additional port forwarding in my NAT rules.

I hope I make myself clear!

databeestje:
What worked for me was adding a rule for multicast traffic, after adding that the xbox will automatically add a port forward through upnp wherever it lives. That worked for me atleast.

The default LAN subnet will not match the multicast traffic and thus block it.

Add these 2 allow rules on the LAN interface.

 *     LAN net     *     224.0.0.0/8     *     *     none           Allow Multicast
*    LAN net    *    239.0.0.0/30    *    *    none         Allow Multicast 

This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP

jimp:

--- Quote from: databeestje on August 13, 2009, 02:27:37 pm ---This will make uPNP with a lot of devices work a lot better. I'll talk to the other devs if we should add this rule in the background when enabling uPNP

--- End quote ---

That sounds like a good idea, though it might be best if there were a checkbox option on Advanced Options to automatically add multicast rules when multicast-dependent services are enabled, then UPnP, Avahi, etc could set an internal flag somehow to trigger these rules.

SilentGreen:
That sounds very good too me, because i have a similar issue with the Messenger (Windows and some Macs) on a hotel network, serving at least 60 rooms. Just enabling UPnP didn't solve the issue alone, so i will add the provided information manually in my NAT to see if it's running.

Thank you so far...

Navigation

[0] Message Index

[#] Next page

Go to full version