Here’s what I did to get it from “Moderate” to “Open”:

NAT Moderate to NAT Open
NAT Strict to NAT Open

1. Create a reservation in my DHCP server for my Xbox 360 so that it always gets the same IP address. You could also set a static IP on the Xbox if that is your preference.

2. In m0n0wall, check the box “Enable advanced outbound NAT” on the Outbound NAT configuration tab.

3. Setup a mapping for your local LAN subnet. Interface should be WAN, source should be your subnet address (for example, my subnet is 192.168.12.0/24), target should be left blank and leave “Disable port mapping” unchecked.

4. Setup a mapping for your Xbox 360. Interface should be WAN, source should be the IP address assigned to the Xbox in Step 1 with a 32 bit mask (for example, 192.168.12.100/32), target should be left blank and this time check the box for “Disable port mapping”.

5. Save and apply these changes.

6. Configure Inbound NAT and create a mapping for TCP/UDP 3074. Interface should be WAN, External address should be Interface address, Protocol should be TCP/UDP, External port range should be 3074 to 3074, NAT IP should be the IP address of the Xbox assigned in Step 1, Local port should be 3074. Check the box to “Auto-add a firewall rule to permit traffic through this NAT rule.”

7. Save and apply these changes.

8. Reset the NAT and Firewall state.

Now when you run the Xbox live test, it should come back as “Open”.

Notice The above steps were based on the 1.3 version of m0n0wall. I haven’t used any of the previous versions, so the steps may vary from version to version.