Skip to content

Instantly share code, notes, and snippets.

@rbaas293

rbaas293/pfSense-Fix-Strict-NAT-Type.md

Last active March 9, 2023 19:18
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rbaas293/55822fa5bf5c04dd94195519e6b4847e to your computer and use it in GitHub Desktop.
Save rbaas293/55822fa5bf5c04dd94195519e6b4847e to your computer and use it in GitHub Desktop.
Download ZIP
How To Open Your NAT Type For Xbox Multiplayer.
Raw
pfSense-Fix-Strict-NAT-Type.md

Find the Mac Adress of your Xbox One(s)

  1. Go to Settings -> Network Settings
  2. Go to Advanced Settings. Here you will see your Wired MAC and Wireless MAC
  3. Copy these down, noting the corisponding xbox nickname.

Make an alias for your Xbox One(s)

  1. First check what your dynamicly allocated IP range is.
  • In pfsense go to Services -> DHCP Server. Under General Options you will see a user defined Range.
  • Your static IP mapping must be outside this range.
  • My range was 10.6.9.25 to 10.6.9.254. So I chose 10.6.9.21 to 10.6.9.24 to represent my 4 Xbox Ones.
  1. Make your Alias
  • In pfsense go to Firewall -> Aliases -> Add.
  • In the Name and Discription boxes, type Xbox_Ones.
  • Under Host(s) put each one of your Xbox static IP and name them with your nickname.

Creat the Outbound NAT Mappings

  1. In pfsense, go to Firewall -> NAT -> Outbound.
  2. Click Add (add to the top)
  3. Under Source your type will be Network and Source Network will be the alias you created earlier. Mine was Xbox_Ones.
  4. Change the /24 to /32.
  5. Under Translation, check the box for Static Port.
  6. Under Misc, Give it a discription. I gave it, Xbox Ones.

Make your Xbox Have Static DHCP

  1. With all the Xbox(s) on, In pfSense go to Status -> DHCP Leasing.
  2. Find the corrisponding MAC adress of your xbox in the leases and click Add Static Maping.
  3. Type the corrisponding static IP address for one Xbox in the IP Address field.
  4. Confirm this is the correct MAC Adress, and now name the Xbox in Client Identifier, Hostname, and Description.
  5. Repeat for each Xbox.
  6. Save and Continue
@glennanj1
Copy link

Thanks for this!

@Diepie2635
Copy link

Would any of this change I did these steps and both my xboxs are still showing strict

@DeFlanko
Copy link

same.

@rbaas293
Copy link
Author

rbaas293 commented Mar 9, 2023
edited

@Diepie2635 @DeFlanko

I switched from pfsense to OpnSense a few years ago, but I believe you need to Port forward. Xbox requires the following ports:

Port 53 (UDP and TCP)
Port 80 (TCP)
Port 88 (UDP)
Port 500 (UDP)
Port 3544 (UDP)
Port 3074 (UDP and TCP)
Port 4500 (UDP)

I would make a Alias to these ports the same way you did for the Xbox hosts, then create a port forward:

  • Goto NAT -> Port Forward -> ADD
  • Interface = WAN
  • Protocol = TCP/UDP
  • Destination = <Open-NAT-Hosts-ALIAS>
  • Destination port range = <Open-NAT-Ports-ALIAS>
  • Redirect Target IP = <Open-NAT-Hosts-ALIAS>
  • Redirect Target Port = <Open-NAT-Ports-ALIAS>
  • Save and Apply

If you stop here and check your NAT type it will probably show moderate, but really it is OPEN. The only reason it shows moderate is due to the lack of UPnP. If you want to setup UPnP:

  • Goto Services -> UPnP & NAT-PMP
  • Enable = Checked
  • UPnP Port Mapping = Checked
  • NAT-PMP Port Mapping = Checked
  • Default Deny = Checked

Then under UPnP Access Control Lists, add a line for each Xbox on your network:

  • ACL Etries = allow 3074 <ip-of-xbox>/32 3074
  • Save and Apply

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment