Xbox Live and PlayStation Network with pfSense

Many people sem to be having a problem using pfSense with Xbox Live or PlayStation Network to game online. I have both and both of them are working fine through pfSense, without opening up UPnP up to all devices on the network. This also works with the game that seems to cause the most issues… Call of Duty: Modern Warfare 3.

So here is what you need to do to make it work.

  1. Assign Static DHCP mappings to the console(s)
  2. Enable UPnP and restrict it to the console(s)
  3. Modify Outbound NAT rules for the console(s)

Each step should be repeated for each console. I should probably point out that the WAN interface on my setup is called EXTERNAL and the LAN interface is called TRUSTED.

1. Assign Static DHCP mappings to the console(s)

For this step the MAC address of the console(s) will be handy. Login to your pfSense box and go to Status > DHCP Leases in the navigation bar. Find the line that contains the MAC address of your console and click the icon to add a static mapping.

The MAC address field should contain the MAC address of the console you are configuring. IP Address is the IP that will be assigned to the console and must be outside the DCHP range of your network. Hostname can be set to PS3 or Xbox depending on the console you are configuring and Description is optional.

Click on save to save the mapping.

Click Apply Changes to set the change in stone.

Repeat this step for the other console if required.

2. Enable UPnP and restrict it to the console(s)

Go to Services > UPnP & NAT-PMP on the navigation bar.

Enable the following options.

  • Enable UPnP and NAT-PMP
  • Allow UPnP Port Mapping
  • Allow NAT-PMP Port Mapping
  • By default deny access to UPnP & NAT-PMP?

Make sure you select the Interface that your console(s) are connected to.

You can enable the “Log Packets” option to troubleshoot if you like.

Enter “allow 88-65535 88-65535” into the User specified permissions box(es), one for each console. replace with the IP address of the console you are configuring. The /32 limits the subnet to a single IP address and is important.

Click change.

3. Modify Outbound NAT rules for the console(s)

Click on Firewall > NAT in the navigation bar and select the the Outbound TAB. Change your NAT type from “Automatic Outbound NAT” to “Manual Outbound ANT”. Click Save.

Click the icon at the top of the table to create a new outbound NAT rule.

In the Source: Address box enter the IP address of the console you are configuring. Select 32 from the drop-down menu next to the address.In the Translation section check the box called Static Port. Enter a description if you wish but it is not required.

Click Save.

Repeat this step for each console if required.

In the Outbound NAT table select the check box next to the row(s) you have just created and click the icon next  to the line containing the “Auto created rule for TRUSTED to EXTERNAL ” row in the table.

Click theApply Changes button.

You should now be good to go.

My setup consists of  the following for reference.

  • pfSense 2.0 WARP running on a Watch Guard Firebox 700
  • Xbox 360 slim running latest firmware
  • PS3 slim running latest firmware

Let me know in the comments if you have any problems.

My Shiny New Alienware m17x R3

Somehow, as if by magic, I have managed to persuade work to buy me a nice new Alienware m17x gaming laptop. I decided to show you all what it is like, not to brag, but to educate…

What an awsome machine it is!!! Check out the spec below.

Intel Core i7 2630QM Quad Core @ 2Ghz
16GB DDR 3 @ 1333Mhz
2 x 320GB 7200RPM Disks in RAID 0
AMD Radeon HD 6870M 1GB GDDR5
17.3″ 1920×1080 Full HD WLED LCD display
Blur-Ray Reader / CD-RW DVD-RW Slot loading Drive
HDMI Output
HDMI Input
USB 3.0

It’s really is an amazing machine considering it’s portability. It’s a shame it gets used more for work and running virtual servers in a development environment then to play games…  I have obviously tested it with a few games though, which it handles admirably.

The sound quality from the Klipsch speakers is quite impressive for a laptop, although I would have preferred a bit more bass. It does however have 2 headphone ports for gaming headsets, and allows the gamer to fade between game sounds and player chat through Ventrilo or teamspeak. A digital audio out is also handy for connecting my 7.1 surround sound system with just one cable.

The graphics output options are pretty impressive for a laptop, having HDMI Out, VGA 15 pin D-sub out and a Mini Display port out offer plenty of flexibility when outputting those PowerPoint presentations, or of course for playing your games on a larger display. The laptop also has a built-in WiHD transmitter, which I am told will wirelessly transmit HD video to a WiHD ready TV or receiver. although I havn’t tried this feature yet I’m sure it is a handy for Gamers.

HDMI In support allows you to plug your PlayStation 3 or XBOX 360 in and use the built-in HD display of the laptop to play your console games.

Two USB 3.0 ports are a very welcome feature, allowing me to use an external hard disk to run VM’s from without contending my internal hard disks.

All in all I am very pleased with the Alienware m17x R3, although it is on the heavy side when it comes to commuting with the laptop in my bag.