pfSense Gold Subscription

Author Topic: Xbox Live - Strict NAT  (Read 901 times)

0 Members and 1 Guest are viewing this topic.

Offline charger767

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Xbox Live - Strict NAT
« on: December 23, 2014, 08:26:04 pm »
Hello,

I have read several articles on these forums regarding a common issue with Internet connections and XBL but have not been able to find a solution.  I was hoping someone may be able to assist...

My issue is that I just purchased an Xbox One but am showing "Strict" for the NAT type.  To solve this problem I have tried the following:
-Enabled UPNP (ports 53-65535 for my statically assigned Xbox's IP)
-Manually created NAT port forwarding rules
-Set the Outbound rule creation to Manual

None have seemed to help.  When I created the manual port forwarding rules and turned on UPNP I was able to get "Moderate" momentarily but even that has since ceased to work.  Also, I should note that when I set the Outbound NAT forwarding rules to Manual it seems to "kill" my internet for other devices so I have reverted that back to Automatic.

Please let me know which information I need to post.  I will gladly provide screenshots of my configuration but at this point am not sure what else to try.  I have seen several different threads on here all with wildly different approaches...some of which worked for a few while others had to try different configurations.

Any help would be greatly appreciated.  Just let me know where to start and what information to provide!

Thanks in advance.

Offline charger767

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Xbox Live - Strict NAT
« Reply #1 on: December 27, 2014, 11:36:53 am »
I just tried explicitly forwarding all ports for my xbox and turning on Upnp again and still shows strict....how is that possible?  Also, if i forward all ports isnt Upnp essentially moot at that point?

To provide a little more information here I have pfsense running as my primary router which is plugged directly into my modem.  I have 2 other NIC's in my server running pfsense.  1 is attached to an AP for my wifi and another is for the LAN which is then connected to a switch and ultimately my xbox.   I have a few ports forwarded for things like my webserver and ssh etc but other than that I have a pretty standard home networking setup. 

Based on this article: https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live    I think I only need to forward a few ports.   I manually put each of those in but still have the same issue so I tried forwarding all ports and still nothing.     If someone responds willing to help I will post my ruleset screenshots in hopes that I may have just misconfigured something.   

Any help is greatly appreciated.  Thanks

Offline charger767

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Xbox Live - Strict NAT
« Reply #2 on: December 28, 2014, 10:23:44 pm »
Figured it out...Hopefully this will assist someone in the future.

First of all it seems to be important to restart any switches in between the xbox and pfsense.  I also restart pfsense after making changes to be safe. 

I had to enable UPNP, set it as static port, and use manual outbound NAT rules.  I have a separate NIC for my wifi so that is why I thought it was "killing"  my connection.  Therefore I had to add 2 entries (one for WIFI NIC, and one for LAN NIC).  The LAN rule HAS to be at the bottom!! 

I did NOT have to add any NAT/port forwarding rules, just had to create those 2 manual outbound rules and enable UPNP.

This is my UPNP rule:  allow 53-65535 192.168.0.109 53-65535.  I left all the default config for UPNP except enabled the default deny checkbox.

Offline jespejo

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Xbox Live - Strict NAT
« Reply #3 on: January 01, 2018, 03:11:16 pm »
For about a year was trying to figure this out. A whole slew of port alias', Nat rules and a bunch of reboots and retrys.  In the end it was 2 of the three you indicated, but the kicker was NAT:Outbound which you mentioned and got more details from this thread

by boxsterguy
https://www.reddit.com/r/PFSENSE/comments/6cip47/xbox_nat_is_strict/

Thanks for starting point...

I deleted all crap i did in the past, including port alias and nat rules pointing to the the xboxone.

All i needed was the following on pfsense with Xbox totally shutdown

1.create a DHCP Static IP for Xbox
2.turn Upnp on with Default deny with one ACL allow 53-65535 172.16.x.x/32 53-65535
3.Firewall>Nat>Outbound>Hybrid
4.created a mapping: Interface WAN, source  Network/IP:32, Dest ANY, Under Translation ticked on Static Port and saved
5.turn on Xboxone

 No rebooting of Pfsense or switches needed, which I read in other threads. No totally OPEN. Son is appreciative he can host a game.