Just follow the XBox tutorial, same instructions.  Personally I use the UPnP method for the 2 XBoxes and 2 PS3s running in my home.

http://forum.pfsense.org/index.php/topic,13887.0.html

@JaY_III:

I have no issues with steam at all and i did not have to open any ports for it.

Are you sure you even needed any ports opened once you reset your firewall.

Under LAN steam works without any ports opened/forwarded, it's not the same for LAN2 everything is locked down.

Allow all outgoing connections, log it, fire up SC2, and then view the log and see what ports are being used. I'm going to assume it's a dynamic range and you're in for a full, full log file. (For any updates through the blizzard downloader)

@mastablastaz:

@Jahntassa:

@mastablastaz:

Any ideas guys?

Personally i'd be less restrictive with pfSense and utilize a software firewall like Comodo to block unwanted outgoing stuff. Blizzard likes using Bittorrent and other such fun things for doing updates, and aren't always forthcoming with all the ports / connections they use. Generally they assume (which I would as well) that most setups are fairly unrestricted outbound, or using software firewalls with program-based rulesets.

Well, I just open everything outbound when playing games (still have kaspersky internet security on) and close everything up againg when Im not on my computer.

Thanks for your input.

I just viewed it.

I did try those settings, but they only work for 1 xbox.

Im talking about multiple xbox's. Ive tried adding port forwards for the 2nd and on xbox and nothing works.

The one who's ip is entered manually into the UPNP works perfect all the time, but in this case, mine works great but my brothers doesnt get open.

So how do we conquer multiple xbox's?

@ImageJPEG:

Sorry for the third post. I'm posting this from my PS3. So I found out it's not my pfSense box. I connected my PS3 straight to my firewall and it says UPnP is avalable AND I have a Type 2 NAT. Now I just have to figure out what's going on with this Belkin AP…grr. By the way, I've been doing some trial and error things with this which may explain why I've posted three times (four if you include my first topic starter). Hope this helps with helping me.

Try the config per my post in the sticky thread.  Just be sure to disable UPnP.

@vronp:

I've found about 5 different threads that post a "method that works" yet none of them work for me on 1.2.3.

Try the config per my post in the sticky thread.  Just be sure to disable UPnP.

heh, I think I got it… in the properties tab, the virtual nic had eset nod32's firewall checked and I think that was causing the problem. I reinstalled vmware while I was at it, so I can't confirm whether eset was the culprit, but I'm just glad to know that pfsense was always rock solid and this was a pebkac ;) thanks everyone, problems solved

I only noticed that eset was enabled on the virtual nic's when I was reconfiguring the vmware virtual network editor, and I noticed it said eset was enabled right next to the name of the nic. I didn't think that installing eset would of caused this. It's probably because I modified the regular eset installer so that it'd think it was a enterprise edition so I could get it to install on 2k8r2 properly.

Old thread I know, but wanted to clear a few things up (for future references).

Steam uses certain ports for their master list.
TCP:  27014-27050
UDP: 4380, 27000-27030

I ran into this problem a long time ago when hosting a server from my house, but now that I don't really block many ports, I kind of forgot about it.
So this may or may not fix your problem.

Make sure UPnP is turned off on both ends. I've never been able to get an AOE II game to work correctly when having it enabled.

ive turned on the static port option in the manual nat rules as well, and that doesnt seem to make any difference either

Hi,

Did you mean pfSense does not support doing broadcasting over the IPsec tunnel??

Its not ment to be.

Simply use Lancraft for clients dude :D

http://www.lancraftwc3.com/2008/04/what-is-lancraft.html

Start ur lancraft only on wc3 client and insert Wc3 Server IP. Then start game and u will see hosted langame.

OPENVPN in brigdemode would work but is waste of effort.

Cya

Anyone? Perhaps I should post in the NAT forum.

I decided to put up a new-improved version for the benefit of future readers.  Please continue to comment.  The information content should be the same.
–-

PFSense XBox360 Setup

NAT / Portforward WAN port 3074 to the XBox360 port 3074.

NAT / Outbound

Select:
        (*)  Manual Outbound Rule Generation

Create rules for each of your subnets.  Set "Static Port" to "YES"
      on the subnet with the XBox360, "NO" on the others.

My rules look like this, the XBox 360 is on the
      192.168.243.0/24 network:

WAN  192.168.240.0/24  *  *  *  *  *  NO
          WAN  192.168.241.0/24  *  *  *  *  *  NO
          WAN  192.168.243.0/24  *  *  *  *  *  YES

XBox's network test declared the connection as "Strict" before setting
      "Static Port", moving up to "Moderate" after setting "Static Port"

Create a Fireall / Rule for WAN allowing the portforward of 3074 to get
  through to the xbox360 port 3074:

TCP/UDP  *        *          xbox360        3074

Create the following firewall rules allowing outgoing traffic from the
  subnet hosting the XBox360 (Indicated here as "LAN_Net"):

TCP/UDP  LAN_Net  *          IF IP Address  53(DNS)
      TCP/UDP  LAN_Net  *          *              80(HTTP)
      TCP/UDP  LAN_Net  *          *              88(KEREBOS)
      TCP/UDP  LAN_Net  3074        *              1024-65535
      TCP/UDP  LAN_Net  1024-65535  *              3074

That is all you have to do.  If you want to understand more, read the
  explanation below.

Explanation

This setup assumes that you want to constraint the xbox360 as much as
  possible without any compromises on the XBox functionality or play.

Microsoft says to "open" or "Forward" ports 88 and 3074.  This is both
  unnecessary and insufficient for pfsense if you have a "Default Deny"
  rule-set.  I assume that these directions are appropriate for other
  routers because of router behavior that Microsoft has assumed but not
  stated.

88 is for kerebos authentication.  You have to let it out, but if you
  are doing NAT then the NAT engine will generate a transient rule to
  let the reponse in.  No port-forward is necessary.  If you put a port
  forward in place for port 88, then no other machine on your network
  will be able to use kerebos, since all responses will come back to
  your XBox360!

3074 is used for all communication, but in various ways.  During play,
  all communication goes out through 3074.  Some other players appear to
  receive their incoming communication only on 3074, others on apparently
  random registered and dynamic port numbers.  A single one minute trace
  contained ports from 3976 to 63789.  You can block outgoing traffic
  except for destination ports 88 and 3074 and receive an "Open" rating
  (The highest) from the XBoxLive connection test, but as you play, there
  will be many outgoing packets going to registered and dynamic ports
  that are blocked.  You will seem to be much harder to kill.

Since all outgoing communication during play originates on port 3074,
  it would seem to make sense to move the 3074 requirement from the
  destination to the source, restricting your xbox to sending on 3074
  but allow it to send to any port.  This would enable your xbox to
  contact all other players.  With this change, you will be able to
  play fine, an examination of your Firewall log will not show anything
  blocked, and Packet Capture will not show any packets being sent to
  anything you have blocked.  However the XBoxLive connection test will
  fail completely, saying that your MTU is too small.  This is not true;
  the XBoxLive connection test sends from ports 1258, 1259, maybe 1257,
  and less frequently on 1256.  Those packets are blocked from going
  out.  Microsoft is testing on ports not being used for play, and
  playing on ports not tested!

In all observed cases either the source or destination was port 3074.

Short of openning everything wide, allow both:

Source (xbox) on port 3074 to any registered (1024-49151) or
        dynamic (49152-65536) port.
  and
        Source (xbox) on any registered (1024-49151) or dynamic
        (49152-65536) port to destination port 3074.

This appears to be the tightest constraint that provides an "Open"
  XBoxLive connection and does not block any packets during test or play.

I have not seen any xbox traffic to date (other than 53(DNS) or
  80(HTTP) or 88(Kerebos) that did not have 3074 as either the soure or
  the destination port.

Did you get this working? I seem to recall someone asking about this on IRC last night, thought the nickname was the same.

If so you might post a little summary here in the thread in case someone else comes along and wants the answer.

Yes, by going to Firewall>Nat>Outbound>Manual outbound rule generation and disabling "static port" on the rule I created there.  I had to create a static port rule to fix other NAT issues I had with BF:1943(PS3), Men of War and also my son's Nintendo DS not connecting to his friend's game.

seems odd that an ISP would arbitrarily block a high range port (mainly they just do that for things like port 25 etc..) this may be a silly question, but I didn't specifically see it addressed, is there a firewall on the actual L4D2 server box?

I had issues setting up an L4D2 server (issues relating to NAT reflection i believe) I went to 2.0 and it all just worked.

For my server all I forward in from the outside is 27015 UDP I don't even use the manual outbound NAT with static ports (Valve has resolved alot of the NAT issues)

Let me know if you want any more detail on how mine is setup