An easy way to do it is to duplicate a rule for one of the services you know has higher priority. Then edit the new rule to any port numbers, but with a specific source IP address.

Just for the record. I tried to host regular multipleyer sessions and it work no problem. For some reason only the coop mode is giving me problems.

I recently made some headway on this issue.  It appears that the uPnP port mappings are getting FUBAR'd (by other Xbox 360s on the network).  I disabled static ports and it seems to solve the connection issue.  However now I will occasionally get warnings about not having OPEN NAT on some Xbox 360s, but it's not such a big deal.

Anyway to investigate the problem I first upgraded to 1.2.3 RC1.  Then I did some packet captures targeting the consoles that were unable to connect.  The packets appear to be sent by the Xbox 360 to Xbox Live(XBL) but a reply is never received.  All the while the other Xbox 360s are connected and playing fine.  This leads me to believe it's a port forwarding issue.    I think the replies were being sent to the wrong IP but there's no way I can see to distinguish that reply from all the other traffic in the packet capture since whoever the reply is being sent to is also receiving it's own packets from XBL.  Once I turned off static ports, they have all been signing on OK not to mention sign on time is faster and no disconnects have occurred that I know of since then.  Everyone is playing online and they're very happy… and if they're happy, I'm happy.

I checked and the uPnP port mappings are still being made, even without static ports.  I'm sure uPnP wasn't developed with this in mind but I'm going to keep trying!

Thank you for your help.

@chrisboy99:

people cant connect. even not find the server on steam- server list
only local computers can Join it

This sounds like a missconfiguration of the server.
Did you actually set it up to register on the master list?

If you could post the output of the serverlog here someone (me?) might be able to help you.
Although this is more a question for one of the countless Half Life 2 modding scene forums and less for the pfSense forum.

(Also it would help if you answer my previous questions)

Did you enable static ports (as in the sticky above)? Does the server show a client connecting in the log? If you connect with a client what error do you get? Does TCPdump show any packets destined for the server? Does your serverlog show anything like this:

Console initialized.
….
Adding master server 207.173.177.11:27011
Adding master server 68.142.72.250:27011
Connection to Steam servers successful.
VAC secure mode is activated.

Did you actually forward all the ports the srcds requires?

UDP 1200
UDP 27000 to 27015 inclusive
TCP 27030 to 27039 inclusive

further inspection ….......

the subnets were all wrong also so the DHCP wasnt able to assign IP's to OPT1 was on another network instead of just another subnet, I modified it to....

network 192.168.1.0/25
LAN 192.168.1.1/25 subnet host
OPT1 192.168.1.128/25 subnet host
subnet mask: 255.255.255.128

which mean they are on different subnets but same network now.

tested xbox live and everything is brill!!!  ;D

thank again for the input without it I wouldn't have been looking in the right areas ;)

I think the answer to your question is no, although i'm not sure i understood what you want to ask
^^"

I whited out the private IP addresses, "they'' say its bad practice to post your network addresses although hiding private addresses is being very paranoid but I do as others better educated than I tell me.

Pic 1:
I wrote rules to allow UPnP only on my gaming console IPs so that other devices on that interface cant use UPnP.  You could set up one rule for your entire subnet if you like but that wasnt what I wanted.

Pic 2:
I wrote rules to use static ports on the XBOX, PS3, Wii, and BluRay which are all on my DMZ interface so those look duplicated but each IP is different.  The rest of the DMZ network has a rule to not use static ports as well as the LAN and OVPN.

I pasted those numbers on the pics in this post so you normally wouldnt see a space between the IP addresses and the mask for example 10.99.99.0/28, 10.99.99.2/32, etc.


Thanks for the quick reply!

Well I should clarify that I have a static mapping set in the DHCP server.  It was my understanding from the other guides that you need to do that to set outbound static mapping. However I did make it outside the DHCP pool. (so for example I use a 10.10.10/24 I allow .5 - .240 for the actual Pool).  If that isn't correct, I can change it easily, however it does work for my xbox360

I have hit clear to try and restart to see if that helps, but it doesn't.  Any thoughts?

Well, I have found out what the problem might be.

http://forums.srcds.com/viewtopic/9380

The error I am getting (sv_lan is 0…) could be due to a bug. If I could get another person to test this out that would make me feel better.

Edit: Also, make sure that you have your sv_region set to anything but -1, or the server will not show up on the master list!

Are you really certain, that the server was actually running on 27017.
I think i remember something that if you misswrite something in the config file, the server jsut starts with the default value (which would be in this case 27015).

I will check it out, thanks

The main reason I would like to do this is as i said old games that do not support IP
Most new Lan based games will not let you play as a lan setup if your ip address is on a differant range then the server.
Most old Lan based games do not even have support for IP
and in my experance most VPNs do not allow all ethernet traffic

To give you an example other then gaming
With a vpn if you connect to a network with a shared drive in windows the vpn client can not see what computer has the shard drive under the network list becouse that data is not passed.

Here is the router Package i used
http://www.mikrotik.com/testdocs/ros/2.9/interface/eoip.php

Ok, to answer my own question.

Using static ports with AON causes the rejects.  Setup AON without static ports and I get regular Blocks.

UPnP says its allowing in on port 3074 like Stu/d stated above but its not making it through the firewall for some odd reason, although states shows me a bunch of connections on port 3074.

Setting up a port forward for 3074 resolves all this but then whats the point of UPnP then?

I still need to test the "port forward" method a bit more.

I'll update my post ASAP.

I wonder if that could that have something to do with the Static Ports option in the NAT?

You should probably keep static ports on.

Anyway I'm glad everything worked out OK for you! ;D

It sounds like the packets are not being properly sent to the XBox Live server (as it doesn't respond); since the problem doesn't appear to be the destination port, there must be some kind of interruption between the jump from LAN to WAN.  Does that logic sound right to you?

I suppose it doesn't matter now but…
I think what was happening is that the Xbox Live server was responding to requests by Xbox 2, only the packets were being directed to Xbox 1 since it was assigned port 3074 by uPnP/pfsense.