@bman212121: Double NAT is always bad…. That's likely where the issues are coming into play. Turn of DHCP on your netgear router, and plug the OPT1 port from the pfsense into a lan port on your netgear instead. This will let the pfsense's DHCP server give your xbox and laptop an IP. You shouldn't need to do anything fancy for your xbox to get online. Just make sure that you have automatic outbound nat generation. It's under Firewall > NAT > Outbound. The xbox will be able to make the outbound connections which will let traffic flow back through the firewall on the ports it opens. Thanks for the reply, I know about the double NAT. The problem is you can't use this wireless router to connect to OPT1 through one of it's lan ports. I have tried this multiple times and the router drops connection, bypasses its wireless security and falls back to from N to G routing. It's a terrible router as in features, but it all I have at the moment. NAT is turned off in the router and so is the SPI, so even though I am using the WAN port to connect to PfSense it's is at least working as a makeshift access point. I have been keeping my eyes open for an Open source firmware, but right now the firmware is only for Version 2 of the hardware and I have version 3. My other wireless systems in the house are all Cisco and running Tomato firmware. I needed an additional wireless for ym son and thought I would give Netgear a try, well you live and learn. Thanks for your help.

well there ya go. Either do the upnp limited to only the xbox as I did, or combine that with your own vlan for your xbox, or if you are crazy about securing this further, get another network interface and hook up the xbox (or any number of xboxes with a switch) to an entirely different subnet and set rules in pfsense to allow internet only, not the rest of your network. essentially, you are doing that with the vlan already :)

hmm.  I watch the firewall, it shows the blocked connection, but it is the same as what I have for forwarding.

what do i do if my counter works slow?

There are many bandwidth testing tools, though really to get a really representative test you need 300 test clients that behave the same as your real clients. This wikipedia page contains a useful starting list. That said, have you read the hardware sizing guide? The bandwidth you have available, the services you're running and the typical usage by these 300 clients matters more than the raw number of clients. For instance, 300 people using IRC and P2P programs and heavy web browsing will have a very different impact than 300 people who check their email a few times a day.

The Realtek and 3com should be supported under ALTQ. @TS:  Can you verify that the default allow any LAN NAT rule is in place?

Just follow the XBox tutorial, same instructions.  Personally I use the UPnP method for the 2 XBoxes and 2 PS3s running in my home. http://forum.pfsense.org/index.php/topic,13887.0.html

@JaY_III: I have no issues with steam at all and i did not have to open any ports for it. Are you sure you even needed any ports opened once you reset your firewall. Under LAN steam works without any ports opened/forwarded, it's not the same for LAN2 everything is locked down.

Allow all outgoing connections, log it, fire up SC2, and then view the log and see what ports are being used. I'm going to assume it's a dynamic range and you're in for a full, full log file. (For any updates through the blizzard downloader) @mastablastaz: @Jahntassa: @mastablastaz: Any ideas guys? Personally i'd be less restrictive with pfSense and utilize a software firewall like Comodo to block unwanted outgoing stuff. Blizzard likes using Bittorrent and other such fun things for doing updates, and aren't always forthcoming with all the ports / connections they use. Generally they assume (which I would as well) that most setups are fairly unrestricted outbound, or using software firewalls with program-based rulesets. Well, I just open everything outbound when playing games (still have kaspersky internet security on) and close everything up againg when Im not on my computer. Thanks for your input.

I just viewed it. I did try those settings, but they only work for 1 xbox. Im talking about multiple xbox's. Ive tried adding port forwards for the 2nd and on xbox and nothing works. The one who's ip is entered manually into the UPNP works perfect all the time, but in this case, mine works great but my brothers doesnt get open. So how do we conquer multiple xbox's?

@ImageJPEG: Sorry for the third post. I'm posting this from my PS3. So I found out it's not my pfSense box. I connected my PS3 straight to my firewall and it says UPnP is avalable AND I have a Type 2 NAT. Now I just have to figure out what's going on with this Belkin AP…grr. By the way, I've been doing some trial and error things with this which may explain why I've posted three times (four if you include my first topic starter). Hope this helps with helping me. Try the config per my post in the sticky thread.  Just be sure to disable UPnP.

@vronp: I've found about 5 different threads that post a "method that works" yet none of them work for me on 1.2.3. Try the config per my post in the sticky thread.  Just be sure to disable UPnP.

heh, I think I got it… in the properties tab, the virtual nic had eset nod32's firewall checked and I think that was causing the problem. I reinstalled vmware while I was at it, so I can't confirm whether eset was the culprit, but I'm just glad to know that pfsense was always rock solid and this was a pebkac ;) thanks everyone, problems solved I only noticed that eset was enabled on the virtual nic's when I was reconfiguring the vmware virtual network editor, and I noticed it said eset was enabled right next to the name of the nic. I didn't think that installing eset would of caused this. It's probably because I modified the regular eset installer so that it'd think it was a enterprise edition so I could get it to install on 2k8r2 properly.

Old thread I know, but wanted to clear a few things up (for future references). Steam uses certain ports for their master list. TCP:  27014-27050 UDP: 4380, 27000-27030 I ran into this problem a long time ago when hosting a server from my house, but now that I don't really block many ports, I kind of forgot about it. So this may or may not fix your problem.