OPNsense Xbox Live

3-minute read
networking

Xbox Live

Update: If you’re looking for the pfSense version of this doc, you can find it here.

This post is mainly documentation for myself on how to setup OPNsense to achieve Xbox Live Open NAT. There are two things that I wanted. First, I wanted to achieve Open NAT without turning on UPnP. Second, I needed this to all work for both the Xbox Ones in the house.

The official docs has a list of TCP and UDP ports that Xbox Live needs to work. But, in reality there is only one port that needs to be port forwarded. If you only have one Xbox One, that port is 3074 on both TCP and UDP. If you have multiple Xbox Ones, then on the Xbox One go into Settings -> General -> Networking settings -> Advanced settings -> Alternate port selection. From there, you can pick an alternative port to use for Xbox Live. After selecting the port, make a note of it.

The Xbox One will need a static IP address. That can be done via DHCP, which is straight forward to setup and I won’t cover that here. Or a static IP can be setup directly on the Xbox One.

Here is how I setup port forwarding in OPNsense for Xbox Live Open NAT.

Create Alias for Xbox Port for both TCP/UDP:

  • Firewall -> Aliases
  • Click + at the bottom right
  • Name: Xbox Live Port
  • Type: Port(s)
  • Content: 3074 (or the alternative port if on second Xbox One)
  • Description: Whatever you like

Create Alias for Xbox IP addresses

  • Firewall -> Aliases
  • Click + at the bottom right
  • Name: Xbox One Host
  • Type: Host(s)
  • Content: IP address of Xbox One
  • Description: Whatever you like

Setup Port Forwarding Rules

  • Firewall -> NAT -> Port Forward
  • Click +Add at the top right
  • Interface: WAN
  • TCP/IP Version: IPv4
  • Protocol: TCP/UDP
  • Destination: WAN Address
  • Destination port range: Xbox Live Port Alias
  • Redirect Target IP: Xbox One Host Alias
  • Redirect target port: Xbox Live Port Alias
  • Description: Be creative
  • NAT Reflection: Enable (Super Important!)

Setup Firewall Rules

These should be auto-created when port forwarding rules were created. This was the easy part.

Setup Outbound NAT Rule

  • Firewall -> NAT -> Outbound
  • Switch the Mode at the top from Automatic to Hybrid
  • Click Save
  • Click +Add
  • Interface: WAN
  • TCP/IP Version: IPv4
  • Protocol: TCP/UDP
  • Source address: Xbox One Host Alias
  • Source port: Xbox Live Port Alias
  • Destination address: any
  • Destination port: any
  • Static Port: Checked (Super Important!)
  • Description: A one line poem

Rinse and repeat for each Xbox One with their alternate Xbox Live port. The process is pretty simple to do, it took a little to figure out how to make it work. Hope this is helpful for someone else other than me.