Ok so I was getting ready to throw in the towel and decided to give a UPnP a shot.
Guess what it works!
No need for anything, not even port forwarding.
Is this an anomaly as I have read that UPnP in PF is not very useful.

Anyway I'm glad I give this a shot and hope this may help someone else.

I will give that a try when i get the chance. Thank you all for the help :) ill let yall know if it worked

Sorry, newest version (1.2.3 release), full install to HDD.

pfsense.jpg
pfsense.jpg_thumb

That's the correct way. Anything on the lan should be before the firewall.

To block WoW, you could block connections on your LAN with destination port 3724.  I don't know whether it is TCP or UDP, though.  This will block attempts to log in from the game client.

For just a single player with online gaming, and not much other traffic from your LAN at the same time, the SMC gateway that Comcast ships with their biz installs is actually quite a powerful little gateway.  The advantages of PFSense with its QoS will not come into play.  There are certain setups to setup your own router from behind the SMC so your own router gets the next static IP in your block, effectively bypassing the router/NAT features of the SMC, and if you use PFSense and you have quite a bit of other LAN traffic, the QoS/traffic shaping abilities that PFSense has will help out your online gaming quite a bit.

Since you have 1:1 mappings, you try to access the external public IP from the inside.
Meaning a request comes from the LAN, goes to the WAN and should go back into the LAN.
This is not possible. (Due to the way NAT works).
Also 1:1 NAT does not work with NAT reflection.

Why do you use 1:1 NAT?
Is upnp not working for you to forward the ports dynamically?

If you could use dynamically created normal NAT mappings, you could try to enable NAT reflection.

Can you post screenshots of your firewall, nat, aon rules?
From where do you connect?
How is your network set up? (ASCII art?)
if someone connects from external side, what is the error they get?
Any entries in the firewall log?
Any entries in the server log?
What does a TCP dump on the WAN show?

Would device polling be a detriment here?

I wonder because Im in the exact same situation as the OP.

Try this:
http://forum.pfsense.org/index.php/topic,13887.msg94807.html#msg94807

I had to track this down when getting PvPGN to work with external SC players for my LAN. The problem is that Starcraft encapsulates it's source TCP/IP port within the data itself, so simple port forwarding fails often.

Well, what you have to do is:

1. Alter the PCs in question to use different source ports from default. This is a registry edit on Windows, and a ResEdit on Mac.
  a. use regedit to edit/create:
    HKLM\Software\Battle.net\Configuration REG_DWORD "Game Data Port"
    (choose a unique so far unused port for each client, value should be in hex)
2. Then on your router forward each of those ports to the correct client computer
3. Enable Manual Outbound NAT, and setup each port you chose as an outbound source port (so that it isn't translated to another port # on the WAN side, this is waht borks up Bnet a lot, since SC encodes the port # within the data, etc..)
One of my entries looks like:
WAN  192.168.0.0/24 6113 * * * * YES

An easy way to do it is to duplicate a rule for one of the services you know has higher priority. Then edit the new rule to any port numbers, but with a specific source IP address.

Just for the record. I tried to host regular multipleyer sessions and it work no problem. For some reason only the coop mode is giving me problems.

I recently made some headway on this issue.  It appears that the uPnP port mappings are getting FUBAR'd (by other Xbox 360s on the network).  I disabled static ports and it seems to solve the connection issue.  However now I will occasionally get warnings about not having OPEN NAT on some Xbox 360s, but it's not such a big deal.

Anyway to investigate the problem I first upgraded to 1.2.3 RC1.  Then I did some packet captures targeting the consoles that were unable to connect.  The packets appear to be sent by the Xbox 360 to Xbox Live(XBL) but a reply is never received.  All the while the other Xbox 360s are connected and playing fine.  This leads me to believe it's a port forwarding issue.    I think the replies were being sent to the wrong IP but there's no way I can see to distinguish that reply from all the other traffic in the packet capture since whoever the reply is being sent to is also receiving it's own packets from XBL.  Once I turned off static ports, they have all been signing on OK not to mention sign on time is faster and no disconnects have occurred that I know of since then.  Everyone is playing online and they're very happy… and if they're happy, I'm happy.

I checked and the uPnP port mappings are still being made, even without static ports.  I'm sure uPnP wasn't developed with this in mind but I'm going to keep trying!

Thank you for your help.

@chrisboy99:

people cant connect. even not find the server on steam- server list
only local computers can Join it

This sounds like a missconfiguration of the server.
Did you actually set it up to register on the master list?

If you could post the output of the serverlog here someone (me?) might be able to help you.
Although this is more a question for one of the countless Half Life 2 modding scene forums and less for the pfSense forum.

(Also it would help if you answer my previous questions)

Did you enable static ports (as in the sticky above)? Does the server show a client connecting in the log? If you connect with a client what error do you get? Does TCPdump show any packets destined for the server? Does your serverlog show anything like this:

Console initialized.
….
Adding master server 207.173.177.11:27011
Adding master server 68.142.72.250:27011
Connection to Steam servers successful.
VAC secure mode is activated.

Did you actually forward all the ports the srcds requires?

UDP 1200
UDP 27000 to 27015 inclusive
TCP 27030 to 27039 inclusive

further inspection ….......

the subnets were all wrong also so the DHCP wasnt able to assign IP's to OPT1 was on another network instead of just another subnet, I modified it to....

network 192.168.1.0/25
LAN 192.168.1.1/25 subnet host
OPT1 192.168.1.128/25 subnet host
subnet mask: 255.255.255.128

which mean they are on different subnets but same network now.

tested xbox live and everything is brill!!!  ;D

thank again for the input without it I wouldn't have been looking in the right areas ;)