OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: packet loss on August 11, 2016, 05:01:42 am
-
Update: December 8th 2017. This tutorial was outdated so I removed the content. It needs to be updated with more accurate information.
-
Thanks, very cool! I was thinking maybe we should make an "How-to" forum and move this over there?
Cheers,
Franco
-
Sounds like a good idea franco. :)
-
Thanks, very cool! I was thinking maybe we should make an "How-to" forum and move this over there?
Cheers,
Franco
Franco,
I'd like to see how-to forum as well. Moderation will be important. We don't want it to get filled with junk or irrelevant information.
-
Thank you for this!
I have multiple XBox Ones and was getting strict nat with just UPnP enabled.
From this tutorial, after enabling UPnP, I set up an group Alias for the xboxs and then created the NAT Outbound Static port rule using that Alias. With that rule I was able to get an Open NAT status on both consoles at the same time.
Just as a disclaimer, I have not tried multiplayer yet to verify, but things look promising.
-
@azdps, the ports you mention that normally don't need to be forwarder inside, are they documented somewhere what they are needed for?
Both Xbox Live and PSN are kinda annoying when it comes to which ports exactly are needed for inside or outside traffic only.
The game Destiny uses port 3074, for example. But, PSN does not use that port for PSN, but Xbox Live does.
There was a while when I wanted to get the game on both consoles, so I manually give the same IP address to both consoles so I can do forwarding for it.
Don't need it anymore, so I guess I should clean it up.
-
Glad it helped you out Oskar11226.
@azdps, the ports you mention that normally don't need to be forwarder inside, are they documented somewhere what they are needed for?
No I haven't found anything specific reference which ports need to be forwarded in or out for Xbox Live. Microsoft just mentioned the port numbers and that they need to be forwarded. This has caused a lot of Xbox user problems over the years. When I first started trying to figure out how to obtain an Open NAT with Xbox Live I used tcpdump on my firewall to see what was happening in the background. I could see traffic being blocked in on port 3544 which was ultimately trying to reach 3074. Initially I port forwarded 3544 to 3544, 3074 to 3074 etc and realized this was actually the problem. Port 3544 was trying to reach 3074 on my network. So I ended up with the solution I posted.
To better understand some of these ports I refered to the following website which lists each port and what they are typically used for:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
This helped me understand Teredo tunneling, encapsulation etc. I didn't spend a lot of time trying to figure out outbound ports and just setup my firewall to allow all outbound ports for my Xbox One. Noticing that allowing these ports out seemed to keep states which allowed the necessary incoming traffic back in with the exception of port 3544.
I also found the following website blog interesting:
https://labs.ripe.net/Members/mirjam/usage-of-teredo-and-ipv6-for-p2p-on-windows-10-and-xbox-one
The blog mentions that Xbox One is "using Teredo for NAT traversal and IPsec for security".
Hope this was somewhat clear.
-
Thanks for that. I hadn't looked closely to the screenshots since I already have rules.
Will have to reconfigure for Toredo it seems.
-
No problem weust. Also check out this Microsoft Xbox One technical document:
http://download.microsoft.com/download/A/C/4/AC4484B8-AA16-446F-86F8-BDFC498F8732/Xbox%20One%20Technical%20Details.docx
-
Thanks. Will have a look.
-
Sorry for posting to an old 2016-2017 thread but since this is a tutorial post i thought this was best posted here.
On the xbox One console itself you now have the option to use an alternate ports so for example if you have two xbox one console say in the bedroom and the living room this is a good idea to use the alternate ports feature instead of fighting over port 3074 however there no option for this one the xbox 360 but if so, I would change the xbox one consoles alternate ports to other then 3074 leaving the xbox 360 to 3074
-
I currently have our configuration setup as per the instructions for pfsense, but not sure if this is still needed anymore going forward due to microsoft allowing you to use a specific port.