pfsense and xbox live

A

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
641
I know this has probably been covered a 101 times. I googled and found 101 way to try and make xbox work with pfsense, however, I am using pfSense 2.0 RC1 and can't get my xbox to work with pfSense. The best I can get is "your NAT type is Moderate" from xBox Live.

I seen the guide on pfSense but I can't get it to work. That post is from 2009 and I have the latest release 2.0 RC1. I've spent half a day trying both uPnP and port forwarding, and I can't get "Open NAT".

Any help, suggestions, ideas, would be greatly appreciated!

Port Forwarding
Picture11-3.png


NAT outbound
Picture12-2.png


WAN rules
Picture13-2.png
 
Last edited:
I'm using pfSense too and get all green on XBOX Live connection test. I don't have any VLAN configured. Try to remove source port restrictions from those rules, since it's likely that the server is transmitting from a port that is different than the destination port. My Live rules look like this:

Code: 
WAN     TCP/UDP     *     *     LAN address     3074     192.168.1.8     3074     XBOX Live/3074      
WAN     UDP         *     *     LAN address     88       192.168.1.8     88       XBOX Live/88
 
get rid of the inbound source port rules, something like xbox probably isnt going to work with port restriction. as long as you have the destination ports right you should be good to go.
 
I had this same problem and I tried everything and nothing worked. I have found various other people with the same problem. My only solution was to switch to a different OS. Right now I am using ClearOS which works perfect with xbox live.

I don't know the cause of the problem but monowall has it also(pfsense is based off of monowall). Someone once told me it was if you have 2 xboxs it causes problems with pfsense with the way it routes traffic (I have 2 xboxs also). I have no clue if that's true though. What's wierd about it is that pfsense works fine for many people but there are a few I found while trying to fix the same problem that it just plain doesn't work no matter what you do. I hope you get it fixed.
 
mlaine said:
I'm using pfSense too and get all green on XBOX Live connection test. I don't have any VLAN configured. Try to remove source port restrictions from those rules, since it's likely that the server is transmitting from a port that is different than the destination port. My Live rules look like this:

Code: 
WAN     TCP/UDP     *     *     LAN address     3074     192.168.1.8     3074     XBOX Live/3074      
WAN     UDP         *     *     LAN address     88       192.168.1.8     88       XBOX Live/88
Click to expand...

Done, but still getting "Your NAT type is moderate". Should destination be LAN or VLAN?

Changed source port to any:
Picture14.png


mas said:
get rid of the inbound source port rules, something like xbox probably isnt going to work with port restriction. as long as you have the destination ports right you should be good to go.
Click to expand...

10-4, see above but still getting Moderate NAT. I can post more config screen shots, just let me know what you need to see.

Xbox is on VLAN103 192.168.103.2/30
 
To remedy this I had to use UPnP with DHCP being offered from the pfSense box. I had to use the pfSense box as a DHCP server to get UPnP to work. I limited the DHCP Offer to the MAC of the Xbox.
 
Cyberrad said:
To remedy this I had to use UPnP with DHCP being offered from the pfSense box. I had to use the pfSense box as a DHCP server to get UPnP to work. I limited the DHCP Offer to the MAC of the Xbox.
Click to expand...

I didn't want to mess with UPnP. Seems like there should be a way to port forward the necessary ports.

Am I not going to have team chat with "moderate NAT"?
 
No you should still be fine to play and team chat. I remember one of my friends only found out about his moderate NAT 3 years after owning the xbox.

The only restrictions that I remember is that you will have problems hosting games. Otherwise it should all work.
 
dextr3k said:
No you should still be fine to play and team chat. I remember one of my friends only found out about his moderate NAT 3 years after owning the xbox.

The only restrictions that I remember is that you will have problems hosting games. Otherwise it should all work.
Click to expand...
Moderate NAT can sometimes make it difficult or impossible to connect to some hosts (party chat, private chat, etc).

Im having trouble opening up my NAT for live as well as of late. it used to work just fine with the xbox on DMZ but now even with DMZ its moderate :confused:
 
Done, but still getting "Your NAT type is moderate". Should destination be LAN or VLAN?
Click to expand...
I'm not sure about this, since I don't have any VLANs configured, but selecting LAN should allow any address in LAN interface, including those that are not allocated to any VLAN.

I forgot to mention it before, I'm running pfSense 2.0-RC3 (amd64), so maybe there has been some changes since RC1. Might be worth trying out, if you feel all right going for a nightly build.
 
mlaine said:
I'm not sure about this, since I don't have any VLANs configured, but selecting LAN should allow any address in LAN interface, including those that are not allocated to any VLAN.

I forgot to mention it before, I'm running pfSense 2.0-RC3 (amd64), so maybe there has been some changes since RC1. Might be worth trying out, if you feel all right going for a nightly build.
Click to expand...

Just updated to RC3. Still getting "NAT moderate" on Xbox Live. I can hear people but they cannot hear me. Also, canyouseeme doesn't show 3074 and 88 open. I am not sure why this is. I have both ports forwarding. Maybe my config is bad.

I don't know if the "destination address" should be LAN subnet, VLAN103 address, VLAN103 subnet. I can't find a good description of these on the pfsense site. The xbox is on VLAN103 at 192.168.103.2


Picture14-1.png
 
Last edited:
In your original post, you had some outbound NAT rules for VLANs too that were connected to ports 3074/88, probably automatically created by pfSense, try to remove them and see if it helps. Canyouseeme also shows my 3074/88 ports closed, so it's better to rely on XBOX's own Live connection test.

You may want to post or link to this post on "Networking & Security" subforum, a lot of network experts and solid knowledge over there.
 
Destination Address needs to be set to WAN address. NAT IP set to the xbox's local IP.
 
mlaine said:
In your original post, you had some outbound NAT rules for VLANs too that were connected to ports 3074/88, probably automatically created by pfSense, try to remove them and see if it helps. Canyouseeme also shows my 3074/88 ports closed, so it's better to rely on XBOX's own Live connection test.

You may want to post or link to this post on "Networking & Security" subforum, a lot of network experts and solid knowledge over there.
Click to expand...

Took out outbound rules for 3074 and 88, still having issues. I am getting new error. I am getting this:

ERROR STATUS REPORT
W: 0000-000B
X: 0000-000D
Y: 20A8-4800
Z: 0000-0000
ID: FFFF-FFFF

I'm going post this in Networking Forum as you suggested.

saedrin said:
Destination Address needs to be set to WAN address. NAT IP set to the xbox's local IP.
Click to expand...

Did it but getting error as above.
 
These are my rules, and I can access every service perfectly with this configuration.

Capture.png


Edit: also make sure your firewall is correctly unblocking those ports, it should add rules automatically when you port forward
 
saedrin said:
These are my rules, and I can access every service perfectly with this configuration.

Edit: also make sure your firewall is correctly unblocking those ports, it should add rules automatically when you port forward
Click to expand...

Thanks for reply Saedrin. Everything does work except for the dang Xbox :confused:

Looks like you are not using an xbox, I don't see port 3074 or 88 in your config. It did auto unblock both 3074 and 88 on WAN. Still getting same error as above. Here is my current config:
Picture10-2.png


yyyyy.jpg


xxx.png
 
I have no outbound rules set, have you tried running with everything the same just no outbound?
 
That outbound rule is auto created. Refering to the config guide on the pfSense forum, it says you have to enable manual outbound NAT and a "static port".
 
Weird, it must detect that you're using an xbox specific port or something since it doesn't auto create them for any of my rules.
 
Let me clarify, that outbound rule is auto created but it isn't for a particular port, its for the whole VLAN subnet:

NAToutbound.png
 
The guys over networking forum will certainly come up with something. Going to keep my eye on both of the posts, I'm really curious about the reason that prevents it from working. Good luck! :)
 
Thanks man, I am hoping I can get this thing fixed. Interested to see what the issue is also. Sure I am not the only one to have this problem so hopefully others can benefit from it as well.
 
You must log in or register to reply here.
Back
Top