Xbox 360 Behind pfSense Firewall: Your NAT Type Is Strict

We recently put a Xbox 360 online at the computer shop and I finally got around to configuring everything so we could get on Xbox Live. Our network uses a pfSense firewall along with some other security measures which create a fairly secure environment however it can take some configuration to get things working properly at times. The pfSense firewall is a really amazing open source firewall software developed by some folks here in Louisville. Anyhow depending on how your firewall is set up you may run into a couple issues, which aren’t really issues, connecting to Xbox Live. Below is information on how to get past your Xbox 360 reporting that the NAT type is Strict when your Xbox 360 is located behind a pfSense firewall.

Xbox 360: Your NAT Type Is Strict

If you receive the above message and your Xbox 360 is behind a pfSense firewall then you can easily resolve the issue by changing how pfSense controls outbound NAT. Modify the outbound NAT settings using the directions below.

Modify Outbound NAT From Automatic To Manual On pfSense Firewall:

1. Launch pfSense Management Interface: First connect to your pfSense firewall’s management interface which will look similar to the below example image.

   

2. Firewall NAT: Now select Firewall in the top navigation menu and then select NAT from the drop down to open the pfSense Firewall NAT management interface as shown in the example image below.

   

3. Firewall Outbound NAT: From the Firewall NAT configuration page click the Outbound tab which is located next to “1:1″ and will open the pfSense Outbound NAT configuration page as shown below.

   

4. Modify Outbound NAT Behavior: First move the radio button from “Automatic outbound NAT rule generation” to “Manual outbound NAT rule generation” as shown in the below example. Once the radio button has been changed click the Save button to record the changes. Keep in mind you will still need to apply the changes which we will do after making the second change below.

   

5. Static Port: While still on the Outbound NAT configuration page click the edit button, which is a small button with an “e” on it, to the right of the WAN Interface entry added after changing the outbound NAT to Manual. The interface’s outbound NAT configuration page will look similar to the below where you need to put a check in the Static Port check box and then click the Save button.

   

6. Apply pfSense NAT Changes: After clicking the Save button above you will be redirected to the primary outbound NAT configuration page which will now have a Apply Changes button located near the top as shown in the below image. Click the Apply Changes button to apply the outbound NAT configuration changes.

   

Once the outbound NAT changes have been applied your Xbox 360 should no longer display that the NAT policy is Strict though it may still display that the NAT policy is Moderate unless you have already made the port forwarding changes necessary for the NAT to be configured properly for the Xbox 360. If you haven’t completed the port forwarding then look for another article in the next couple of days that will explain configuring the proper port forwarding on a pfSense firewall for the Xbox 360 NAT Type to function properly.

See larger image pfSense: The Definitive Guide (Paperback) By (author) Christopher M. Buechler, Jim Pingle List Price: $36.50 USD New From: $35.87 In Stock Used from: $36.50 In Stock

See larger image Xbox 360 250GB Console with Kinect (Console) List Price: $399.99 USD New From: $321.00 In Stock Used from: $211.99 In Stock Release date November 4, 2010.

This entry was posted on Thursday, November 18th, 2010 at 6:27 PM and is filed under Insights. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.