Category Archives: PFSENSE

How to get OPEN NAT with Xbox or Xbox One and PFSENSE firewall

Here is my quick & easy guide to getting OPEN NAT inside your network for multiple XBOX’s and inside a PFSENSE FIREWALLED network.

  1. all Xboxes must be configured with a STATIC IP.
    1. under the Xbox Settings, Network, Advanced settings, I use MANUAL IP address setting.
      1. put a static IP inside the range of your network.
      2. as an example:
        1. IP: 192.168.100.20
        2. Subnet: 255.255.255.0
        3. Gateway: 192.168.100.1
        4. DNS: Point it at your PFSENSE box.  192.168.100.1
        5. Secondary DNS: Use Google:  8.8.8.8
      3. Alternate PORT:  not needed // leave at default
      4. clear any alternate MAC addresses.
    2. Save these settings and SHUT DOWN your XBOX.
    3. Pull the plug
  2. Go log into your PFSENSE firewall
  3. I am using a beta version of PFSENSE 2.5.0.a.20200401.1515
  4. You should try to be using as current a version as possible to avoid any issues with outdated PFSENSE code.
  5. Inside PFSENSE, go to Services/ UPnP & NAT-PMP
    1. Setup your settings like this (click image for larger version):
      Notes:

      1. under ACL ENTRIES, each XBOX’s STATIC IP address must be on it’s own line here.  If you have multiple XBOX’s, create one line entry for each XBOX and edit the IP ADDRESS
      2. HIT SAVE to save your settings here.
  6. Go to Firewall / NAT / Outbound
    1. Make sure that the MODE is set to Hybrid Outbound NAT rule generation.
    2. Add a mapping (see below, click for larger image)
    3. NOTES:
      1. under SOURCE, you must put the IP address for your XBOX here.
      2. Repeat and add mappings for EACH XBOX (and IP ADDRESS) inside your LAN
      3. SAVE CHANGES
  7. Plug the power back into your Xbox
  8. Power it on
  9. Once it is booted, go to NETWORK / SETTINGS.
  10. RE-RUN NAT TYPE test
  11. RE-RUN MULTIPLAYER test
  12. you should now have “OPEN” NAT

 

PFSENSE 2.3 PPTP VPN passthru workaround

PFSense 2.3.x and up have removed the PPTP tab, and PPTP passthru options.  This is because PPTP has been depreciated and it not considered 100% safe anymore.

For those of you still in need of using PPTP passthru to allow Windows VPN remote users into your LAN, here is the easy workaround.

  1. Firewall, NAT, Port forward.
    1. add port forward from WAN (presumably your outside interface name)
      1. TCP
      2. WAN ADDRESS
      3. DEST PORT RANGE=PPTP 1723
      4. REDIRECT TARGET IP=the internal IP of your Windows RRAS server.
      5. REDIRECT TARGET PORT=1723
      6. Allow it to ADD ASSOCIATED FILTER RULE for this entry
      7. SAVE
    2. add another rule, exactly the same as above EXCEPT for GRE.  All the same settings, but use GRE
  2. Once that is complete, go look at your WAN firewall rules.  You should have two new auto-created rules.  One for PPTP and one for GRE.
  3.  Remote users should now be able to connect just fine through PFSENSE 2.3.x into your Windows RRAS server.

Remember, using PPTP in 2016 is considered a risk, so do it at your own risk.  Please consider moving towards a newer VPN standard with better security.