Xbox 360, Live, and NAT update


A little over a year ago, I posted how I fixed some problems I was having with Xbox Live by setting up UPnP on my Linux router. Since I was finally able to get my hands on an Xbox 360, I figured it was time to update my guide on using Live behind a Linux NAT. The instructions work for both Xbox and Xbox 360, but I'm going to focus on the Xbox 360 configuration this time around.

First things first. If you don't need to do this, don't do this. How do you know if you need to do this? Are you using Linux as a NAT router for your home network? Does the Xbox 360 report your NAT as moderate? If so, you probably need to do this. What is "this"? Keep reading.

Since the last time I posted, the Linux-IGD project has seen some development, but to look at their home page you wouldn't know it. Even the Sourceforge page still shows 0.92 as the latest version, having not been updated since January 12, 2003. All of the recent changes are in their CVS repository, though, so we'll build from that instead. Follow the instructions to checkout linux-igd to your machine.

If you followed my previous post, make sure you've fully uninstalled upnpsdk and linuxigd (a "make uninstall" should be enough for upnpsdk, and for linuxigd you should at least make sure upnpd is not running and remove the /etc/linuxigd directory). Once you've checked out the CVS project, you'll find a file called INSTALL. Read that to guide you through installing libupnp-1.2.1. Make sure you download version 1.2.1 and not version 1.2.1a from the download page. The INSTALL file is not exactly correct, as you can't just run "make" from the libupnp-1.2.1 root directory. Instead, go down into the upnp directory under libupnp-1.2.1 and run make there. This should also build ixml and threadutil at the previous directory level. Follow the rest of the INSTALL steps, making sure to copy the extra ixml and threadutil libs and includes. Finally, you can build and install the CVS linux-igd following the steps in the INSTALL file.

Before you fire up upnpd, first take a look through /etc/upnpd.conf and make sure everything is set to your liking. Some settings I suggest (these should be the defaults):

  • Make sure "iptables_location" points to the path to your iptables binary. This should default to /usr/sbin/iptables and should already be correct, but double-check to be sure.
  • debug_mode = 1. Without this, you're not going to be able to keep tabs on what upnpd is doing.
  • Make sure the chain names for forward and prerouting are correct for your configuration. The defaults should usually be right, but it doesn't hurt to double-check.
  • Set your upstream_bitrate and downstream_bitrate if you really care. These are in bits per second, not bytes, so make sure you multiply by 8 if you start from bytes per second. For example, 2 Megabits per second would be 2097152, but 2 MegaBytes per second would be 16777216.
Now you can fire up upnpd by running "upnpd <external ifname> <internal ifname>", where <external ifname> and <internal ifname> depend on your configuration (they are eth0 and eth1 for me, respectively, but yours might be different -- check /sbin/ifconfig if you're not sure). If all goes well, upnpd will now be running if you look at the process list (I use "ps waux | grep upnpd", and look for entries like "/usr/sbin/upnpd eth0 eth1"), and you should see some messages in /var/log/messages and /var/log/debug.

Now that that's taken care of, start up your Xbox 360 and go to the System blade. From here, choose Network Settings and then Test Xbox Live Connection. You'll be prompted that testing the connection will sign out all profiles, so choose Yes and get down to business. You should now see something like this:

The most important line is the one called "NAT", and it should read "Open", like so:
(For original Xbox users, read my original post for steps to check your NAT level.) If it doesn't, something went wrong. On the linux box, run "tail -f /var/log/debug" (if your syslogd is configured to log debug messages somewhere else, tail that log instead -- you can find out what your syslogd will do by looking at /etc/syslog.conf). When you run the Test Xbox Live Connection troubleshooter, you should see something similar to the following in your log when it gets to the "Xbox Live" portion of the test.
If you don't see that, run "killall upnpd" and then check ps to make sure upnpd has died before restarting it. Watch the debug log when restarting, and if you see any errors you can look into the Linux-IGD forums to see if you can find some help. Luckily for me, everything worked great the first time.

By the way, if you have a Windows box behind your NAT, it should now pick up the UPnP gateway device (you may have to install some components through the Add/Remove Programs applet to be able to see UPnP connections, and even if you already have UPnP support installed you'll need to reboot for the OS to pick up the gateway device). For example, on my XP laptop, I now see this in my Network Connections control panel:

From here, you can drill down into the gateway device's Status, then Properties, and finally Settings to see the list of current port mappings.
If you can't get this working, you can use Noel Danjou's UPnPTest (about halfway down the page, "Univeral Plug-and-Play Tester") to test your UPnP configuration instead. Linux-IGD still reports itself as version 0.92, but the CVS version is really something like 1.04 or 1.05 now.

Hopefully this will help out other people trying to get Xbox Live working on their original Xbox or new Xbox 360, since Microsoft doesn't officially support Linux as a NAT router. If you've had problems and been told to go buy a router off of the official compatibility list even though you'd rather continue with your Linux setup, this is for you.

Update: One minor note that I forgot. You may need to do a little bit of manual patching of the linux-igd code, if that fix hasn't merged into CVS. Read that thread, and look in your downloaded code to see if you need to manually patch or not before you actually build.


Great article btw, just thought I would post this for anyone having trouble. After following your article I could only get the NAT to display "Moderate." I only got it to register as "Open" after I added the rules discussed in this thread:

I'm not sure why I had to do that considering those same rules are shown being added in the example /var/log/debug in the article. Anyway if you're still having problems after following this article, try adding those rules.

and if my xbox says MTU error ? what can i do ?

Then you have an MTU error, which is unrelated to NAT. Check out this page from --

If that doesn't work, give 1-800-4-MY-XBOX a call, though if you're using linux as your router you'll probably be out of luck. You might try to see if you're having the problems indicated there and if the solutions work for you.

Nick, the rules in the thread you linked are basically forwarding the Xbox Live ports to your Xbox. That will definitely work, but it won't work well if you have multiple Xboxes (or an Xbox and Xbox 360) behind your router. This article is about setting up UPnP to allow the Xbox to request the ports it wants. This will definitely let you have multiple Xboxes behind your router with NAT = OPEN, though I haven't tested if they can both access Live at the same time.

I have noticed some cases where linux-igd gets "stuffed up" for lack of a better term, where it'll just ignore any incoming requests. When this happens, kill it (killall upnpd), restart it, and run the Network Connection test from your Xbox or 360. Watch the log output from upnpd to see if it's getting a request. This seems like it may be a bad interaction between MSN Messenger and linux-igd, and may be fixed in later versions of the codebase. Worst case, kill all running instances of Messenger on your network before cycling upnpd and testing your Xbox again.

I have developped an UPnP daemon.
The Linux version is now correctly adding the port forwarding rules.
As I dont have an XBox, I would like to know if it is working well.
It was allready tested on FreeBSD and the XBOX360 showed the NAT as "Open".
My software is available here :

Hi Todd - I'm developing the LinuxIGD project, and verified that patch you mention is integrated. LinuxIGD version 0.95 has this and is released, and I'm working on a version 1.0 release soon.

Hope this information is useful,

Hi, there is a 1.3.1 posted now of libupnp and wondered if you knew if this was ok to use ? I saw you noted that 1.2.1a was not ok.

Great article btw.

Daniel (poster above from the LinuxIGD project) could answer you better than I can. The article deals with a very specific version of LinuxIGD that's now about a year old. Since it sounds like work has finally started again on the LinuxIGD project, it's quite possible that a newer version of LinuxIGD supports the newer version of libupnp.

The best I can tell you is to follow the README and INSTALL documents from LinuxIGD to determine what dependencies you need. I might go ahead and upgrade to a newer version again. If I do and I run into any snags I'll go ahead and post about it.

could u help me set my nat up for my xbox 360 with a lynksis router i am connected but my nat is on moderate and strict

Isaac, this article is specifically for getting Xbox Live working with a roll-your-own Linux PC router. For a standalone router like you have from Linksys, you should check Linksys's support pages,'s support pages, or call 1-800-4-MY-XBOX if your hardware is on the compatibility list at . I can't help with specifics for your router.

Linux-igd doesn't work for me. Instead, miniupnpd work fine from the first time, only instaling it as described in INSTALL file. I recommend it to everybody:

linux-igd doesn't work for me, instead of miniupnpd, that works out of the box and it's easier to install:

Very helpful! Thank you!

Long live x360!

OK I'm new at this whole live thing. I wanted easiest way to hook up so I have a direct modem set up. I have Comcast. I tried to hook up to live and when it does the check the IP check comes up failed. Its on atomatic, what do i do Please Help!

Damon, Comcast does MAC authorization to hand out IP addresses. When you first setup your PC to work with your Comcast connection, either a tech set that up for you or you went through some software installation to allow your PC on their network. The MAC on your Xbox is different than the MAC on your PC, which is why you're not getting an IP. Luckily, the Xbox allows you to "spoof" a MAC address for just this situation. You can find this under the Advanced setup for your network connection on the console.

Todd, what do you look for under the Advanced settings on the console?

About this Entry

This page contains a single entry by published on January 8, 2006 12:53 AM.

Automatically add Gadgets to was the previous entry in this blog.

Gaming backlog is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.



OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.01