XBOX Open NAT Guide
Open NAT for XBOX behind pfSense requires either port triggering or port forwarding to obtain. This is a quick guide on how to obtain open NAT while limiting UPnP to only your XBOX. This guide also applies to other devices like the Playstation or Nintendo Switch.
Create Static IP
1) Login to pfSense and navigate to Status/DHCP Leases
2) Select the white plus box (you should see "add static mapping" on hover
3) Enter your static IP
4) Save
Enable UPnP
1) Navigate to Services/UPnP & NAT-PMP
2) Select "Enable" and "UPnP Port Mapping"
3) Select "Default Deny"
4) Add the following ACL Entries: allow 53-65535 *static IP you created/32* 53-65535
5) Save
Add NAT Rule
1) Navigate to Firewall/NAT/Outbound
2) Change outbound NAT Mode to Hybrid
3) Select add new mapping
4) Add XBOX static IP (or alias if created) to Source field
5) Select Static Port under Translation - Port or Range
5) Save
Restart XBOX
1) Power on your XBOX
2) Navigate to "Restart" and select
3) Navigate to "Network Settings" to identify NAT type
Success!
At this point you should have open NAT on your XBOX using UPnP that is restricted to the XBOX. Enjoy!!!
Please let me know if I missed something or could improve this solution in the comments below.