Setting up Xbox Live to work with FreeBSD, PF & Verizon FIOS

April 20, 2015 at 3:47 pm (Computers)

It took me a bit of digging across several sites, but I now have our Xbox connected to XboxLive properly.

My network is a little more complicated than most, as I have a DMZ zone between my ‘inside’ network and the internet.  Basically, inside devices connect through my FreeBSD gateway/firewall to the DMZ side of the FIOS router, and then out to the internet.  All internet traffic prior was routed through from a single internal address to a single DMZ address on the firewall, then out to the internet through the FIOS router.

The steps that I took are:

  • Set the FIOS router’s DHCP addressing to a narrower range than the default (0-254) – I used 100-254.  This will allow you to assign static IPs below 100.
  • Pick an address for the Xbox on the DMZ side, and set it as static on the FIOS router – XboX_DMZ
  • Add the XboX port forwarding rules to the XboX_DMZ address.
  • Add a second IP address to the DMZ interface on the FreeBSD gateway (in the rc.conf file)
    • ifconfig_xl0_alias0=”inet netmask 0xffffffff”
      • Note that you have to use the “netmask 0xffffffff”, it won’t work with
  • Add a line to the PF rules file – the first sets the internal and external addresses, the second sets a bi-directional one-to-one NAT mapping for the Xbox
    • Xbox360 = “”       # Internal Xbox Address
      Xbox360_ext = “”        # External Xbox address for bi-nat
    • binat on $ext_if from $Xbox360 to any -> $Xbox360_ext

You may need to configure some additional PF rules, depending on how strict your packet filtering is.  The Xbox needs to use TCP port 3074 and UDP ports 88 and 3074.

Resources that I used to figure this out, and may be helpful for you are:


Permalink 1 Comment

I’ve really done it now….

July 6, 2008 at 1:10 am (Computers, Family Life)

While my wife and kids were out of town, I decided to do some long (and I do mean long) overdue maintenance in my office. Basically I tore down my entire network and fixed the spaghetti tangle of cabling. I also took the opportunity to rid myself of a large collection of useless (to me, anyway) computer parts via Freecycle. I finally have everything organized the way I want, and powered up the server that is my firewall/gateway to the internet. It came up fine, but silly me, I chose then to update the antivirus software. That killed it. Not a hard kill, just enough for me to realize that dumping a spare drive and rebuilding it will be a better use of my time, since it was running short of drive space anyway.

Halfway through the first OS install, the ‘new’ drive that I selected started making funny noises.  I stopped the install, and swapped it out with a ‘new, new’ drive that immediately started the ‘click of death’.  Burned already, I ran a test on the next drive to verify it before I went to any more trouble.  That machine had been up and running nearly constantly for the last four years, and I’d like the new iteration to be at least as reliable.

So, for the time being, NONE of the computers on my desk can get online. None. I’m posting this from my wife’s laptop, that connects directly to the wireless DSL router.

On top of that, they’re coming home tomorrow, so I have to finish it by then.

Why then am I posting at my blog, you ask? Because it’s verifying and formatting the new hard drive, and I’ve got about 20 minutes to wait.  And it’s 2:30 in the morning and I really don’t want to sit and stare at that stupid thing any more.

Permalink 2 Comments