Pfsense and Xbox One: Enabling open NAT instead of strict NAT.

Posted by phatdee on January 26, 2014
Posted in: Pfsense. Tagged: , , . 4 comments

I tried about 10 different methods from peoples suggestions on getting my Xbox One to get the network to be an Open Nat, instead of the damn strict NAT and I had a hell of a time getting this to work…finally found this thread on dslresports.com and it worked like a charm.

i have to thank pfsense forum user (and dslr forum user) AhnHEL (he actually found my original post, here, on dslr), he sent me a PM and gave me step by step directions and everything worked, NAT is now reporting as open for the xbone.

just as his directions stated, i recommend putting any settings back to how they were, assuming you followed others threads/directions with no luck. i changed all my settings back to what they were prior to making this thread and followed his directions. the only thing i had to do was pull the power plug from my xbone. after following the steps, the nat went from strict to moderate, but i ran the rest after power cycling the xbone and nat switched to open.

dhcp mapping will work, but i statically set my xbone to an ip outside of the DHCP scope instead.

quote:

Ok, I dont know what you still have setup while you were trying to get this to work but remove any port forwards or rules that you created previously. We’re going to try the UPnP method because its the easiest method to configure. Keep your XBone off while setting this up.

1. I’m sure you have done this, but setup a static DHCP mapping for your XBox One. In my settings below this is 192.168.39.17

2. Now go to Firewall: NAT: Outbound and select Manual Outbound NAT and hit save. This should at default create two entries a LAN mapping and a Localhost mapping.

3. Now add a mapping for your XBox One’s static DHCP IP address on your LAN interface with a /32 as a mask bit in the Source section. In the Translation section of this mapping, select the “Static Port” checkbox. Give the mapping a name like XBone AON and save.

4. Now take this XBone AON mapping rule and move it ABOVE your Default LAN mapping and hit Save.

5. Go to Services: UPnP & NAT-PMP and setup as follows: check enable upnp and nat-pmp, check allow upnp port mapping, external interface, WAN, interaces, LAN, user specified permissions 1, allow 88-65535 192.168.39.17/32 88-65535 Then hit Change.

6. Now to be sure no states to the XBox are lingering from a previous connection, go to Diagnostics: Reset state and Reset.

7. Now fire up your XBox and you should be at NAT Open. If not, double check your settings and if you have a managed switch on your network, disable Multicast filtering on the switch.

regarding number 6, as stated i power cycled off my xbone, clearing the states was not enough.

regarding number 7, the xbone is connected to a managed switch, but i did not need to change any settings on the switch.

thanks again, AhnHEL.
 

Here’s the entire thread.

4 comments on “Pfsense and Xbox One: Enabling open NAT instead of strict NAT.

  1. I have tried every guide I can find and not a single one has fixed this problem for me. You mention using a /32 subnet, my home network is on a /24 subnet, does this make any difference in how I should set this up?

    Reply

    • Yes, you have a /24 for your network but when you specify /32 it basically just means that single IP address that the Xbox is assigned to. If you were to assign /24 that would mean that you wanted all boxes on your /24 subnet (ie possible 253 hosts). /32 = 255.255.255.255 /24 = 255.255.255.0 . In this particular case I believe either /32 or /24 will work, but you probably don’t want ALL your hosts on your network to be setup like this..only the Xbox One..so use /32.

      I agree though, XboxOne is a pain in the ass. If fact, I recently switched to IpFire and my XBone is broken again..it’s reporting “Moderate” NAT.

      Reply

  2. Pingback: Fix Xbox Strict NAT on PFSense

Leave a Reply

Your email address will not be published. Required fields are marked *