_mg_
08-04-2008, 08:15 PM
Hi guys!
I would need a little help with my pf settings to get Xbox Live's NAT from 'Strict' to 'Open'. I'm not too familiar with pf and at the moment I don't know where to go from here.
The following ports must be available for Xbox LIVE to operate correctly:
udp: 88, 3074
tcp: 3074
http://support.microsoft.com/kb/908874?sd=xbox
I've tried different possible solutions from the internet, but with no luck. My home setup is server(pf firewall/router assigns IP-addresses from MAC-addresses) -> linksys wlan server -> xbox360 (wireless)
Here is my current pf.conf. All suggestions regarding this problem or my pf.conf file will be taken gladly :) .
#
# MACROS
#
ext_if = "rl0"
int_if = "rl1"
tcp_services = "{ 22, 113, 21 }"
icmp_types = "echoreq"
jope_pc = "192.168.1.100"
jossu_pc = "192.168.1.101"
xbox = "192.168.1.102"
spare = "192.168.1.103"
# xbox ports
x_udp = "{88, 3074}"
x_tcp = "3074"
#
# TABLES
#
table <trusted> const { $jope_pc $jossu_pc $xbox $spare }
table <badguys> persist file "/var/log/pf_badguys.log"
#
# OPTIONS
#
set block-policy return
set loginterface $ext_if
set skip on lo
#
# SCRUB
#
scrub in all
#
# QUEUEING
#
#
# TRANSLATION
#
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# xbox360 / added 03.08.2008
rdr pass on $ext_if inet proto udp from any to any port \
$x_udp -> $xbox
rdr pass on $ext_if inet proto tcp from any to any port \
$x_tcp -> $xbox
#
# FILTER RULES
#
block all
# ntp / added 29.04.08
pass out quick on $ext_if inet proto udp from $ext_if to \
any port = ntp keep state
pass in quick on $int_if from <trusted> to any
pass out quick on $int_if from any to <trusted>
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
block in log quick on $ext_if inet proto $tcp_services from <badguys>
# xbox360 / added 03.08.2008
pass in quick on $ext_if inet proto udp from any to $xbox \
port $x_udp keep state
pass in quick on $ext_if inet proto tcp from any to $xbox \
port $x_tcp keep state
pass out quick on $int_if inet proto udp from any to $xbox \
port $x_udp keep state
pass out quick on $int_if inet proto tcp from any to $xbox \
port $x_tcp keep state
pass in quick on $int_if inet proto udp from $xbox to any \
port $x_udp keep state
pass in quick on $int_if inet proto tcp from $xbox to any \
port $x_tcp keep state
pass in log quick on $ext_if inet proto tcp \
from any to ($ext_if) port $tcp_services \
flags S/SA keep state (max-src-conn-rate 3/60, overload <badguys> flush)
pass in inet proto icmp all icmp-type $icmp_types
I would need a little help with my pf settings to get Xbox Live's NAT from 'Strict' to 'Open'. I'm not too familiar with pf and at the moment I don't know where to go from here.
The following ports must be available for Xbox LIVE to operate correctly:
udp: 88, 3074
tcp: 3074
http://support.microsoft.com/kb/908874?sd=xbox
I've tried different possible solutions from the internet, but with no luck. My home setup is server(pf firewall/router assigns IP-addresses from MAC-addresses) -> linksys wlan server -> xbox360 (wireless)
Here is my current pf.conf. All suggestions regarding this problem or my pf.conf file will be taken gladly :) .
#
# MACROS
#
ext_if = "rl0"
int_if = "rl1"
tcp_services = "{ 22, 113, 21 }"
icmp_types = "echoreq"
jope_pc = "192.168.1.100"
jossu_pc = "192.168.1.101"
xbox = "192.168.1.102"
spare = "192.168.1.103"
# xbox ports
x_udp = "{88, 3074}"
x_tcp = "3074"
#
# TABLES
#
table <trusted> const { $jope_pc $jossu_pc $xbox $spare }
table <badguys> persist file "/var/log/pf_badguys.log"
#
# OPTIONS
#
set block-policy return
set loginterface $ext_if
set skip on lo
#
# SCRUB
#
scrub in all
#
# QUEUEING
#
#
# TRANSLATION
#
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# xbox360 / added 03.08.2008
rdr pass on $ext_if inet proto udp from any to any port \
$x_udp -> $xbox
rdr pass on $ext_if inet proto tcp from any to any port \
$x_tcp -> $xbox
#
# FILTER RULES
#
block all
# ntp / added 29.04.08
pass out quick on $ext_if inet proto udp from $ext_if to \
any port = ntp keep state
pass in quick on $int_if from <trusted> to any
pass out quick on $int_if from any to <trusted>
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
block in log quick on $ext_if inet proto $tcp_services from <badguys>
# xbox360 / added 03.08.2008
pass in quick on $ext_if inet proto udp from any to $xbox \
port $x_udp keep state
pass in quick on $ext_if inet proto tcp from any to $xbox \
port $x_tcp keep state
pass out quick on $int_if inet proto udp from any to $xbox \
port $x_udp keep state
pass out quick on $int_if inet proto tcp from any to $xbox \
port $x_tcp keep state
pass in quick on $int_if inet proto udp from $xbox to any \
port $x_udp keep state
pass in quick on $int_if inet proto tcp from $xbox to any \
port $x_tcp keep state
pass in log quick on $ext_if inet proto tcp \
from any to ($ext_if) port $tcp_services \
flags S/SA keep state (max-src-conn-rate 3/60, overload <badguys> flush)
pass in inet proto icmp all icmp-type $icmp_types