I think the answer to your question is no, although i'm not sure i understood what you want to ask
^^"

I whited out the private IP addresses, "they'' say its bad practice to post your network addresses although hiding private addresses is being very paranoid but I do as others better educated than I tell me.

Pic 1:
I wrote rules to allow UPnP only on my gaming console IPs so that other devices on that interface cant use UPnP.  You could set up one rule for your entire subnet if you like but that wasnt what I wanted.

Pic 2:
I wrote rules to use static ports on the XBOX, PS3, Wii, and BluRay which are all on my DMZ interface so those look duplicated but each IP is different.  The rest of the DMZ network has a rule to not use static ports as well as the LAN and OVPN.

I pasted those numbers on the pics in this post so you normally wouldnt see a space between the IP addresses and the mask for example 10.99.99.0/28, 10.99.99.2/32, etc.


Thanks for the quick reply!

Well I should clarify that I have a static mapping set in the DHCP server.  It was my understanding from the other guides that you need to do that to set outbound static mapping. However I did make it outside the DHCP pool. (so for example I use a 10.10.10/24 I allow .5 - .240 for the actual Pool).  If that isn't correct, I can change it easily, however it does work for my xbox360

I have hit clear to try and restart to see if that helps, but it doesn't.  Any thoughts?

Well, I have found out what the problem might be.

http://forums.srcds.com/viewtopic/9380

The error I am getting (sv_lan is 0…) could be due to a bug. If I could get another person to test this out that would make me feel better.

Edit: Also, make sure that you have your sv_region set to anything but -1, or the server will not show up on the master list!

Are you really certain, that the server was actually running on 27017.
I think i remember something that if you misswrite something in the config file, the server jsut starts with the default value (which would be in this case 27015).

I will check it out, thanks

The main reason I would like to do this is as i said old games that do not support IP
Most new Lan based games will not let you play as a lan setup if your ip address is on a differant range then the server.
Most old Lan based games do not even have support for IP
and in my experance most VPNs do not allow all ethernet traffic

To give you an example other then gaming
With a vpn if you connect to a network with a shared drive in windows the vpn client can not see what computer has the shard drive under the network list becouse that data is not passed.

Here is the router Package i used
http://www.mikrotik.com/testdocs/ros/2.9/interface/eoip.php

Ok, to answer my own question.

Using static ports with AON causes the rejects.  Setup AON without static ports and I get regular Blocks.

UPnP says its allowing in on port 3074 like Stu/d stated above but its not making it through the firewall for some odd reason, although states shows me a bunch of connections on port 3074.

Setting up a port forward for 3074 resolves all this but then whats the point of UPnP then?

I still need to test the "port forward" method a bit more.

I'll update my post ASAP.

I wonder if that could that have something to do with the Static Ports option in the NAT?

You should probably keep static ports on.

Anyway I'm glad everything worked out OK for you! ;D

It sounds like the packets are not being properly sent to the XBox Live server (as it doesn't respond); since the problem doesn't appear to be the destination port, there must be some kind of interruption between the jump from LAN to WAN.  Does that logic sound right to you?

I suppose it doesn't matter now but…
I think what was happening is that the Xbox Live server was responding to requests by Xbox 2, only the packets were being directed to Xbox 1 since it was assigned port 3074 by uPnP/pfsense.

Solved

Steps:

1. NAT >>AON  manually created  entries for all networks. ie  WAN 192.168.X.X /24 source   Static Port (Unchecked)   
2. The entry for Xbox I selected  static port. The other entries were left unchecked
3.  Nat >> Port Forward the standard set
     A. WAN UDP External Port 88     NAT IP (192.168.X.X)  Local Port  88
     B. Wan TCP/UDp External Port 3074    NAT IP (192.168.X.X) Local Port 3074
4. UPnP is off

Results:

XboxLive connection went from Strict to Open.

@n1ko:

I have nintendo wii and mario kart and it worked out-of-the-box. No firewall rules has been made and everything works. Updates,virtual console, mario kart channel etc etc.

hi!

which version do you use?

i'm using 1.2 - Release.
my Wii can connect to the Inet, but i can't play online with Mario Kart. i see my friends, but when i will connect to their channel, it doesn't work.no error message or sth. when i connect to the WFC und will play, i see the message "searching for players" but nothing more for 10 minutes.

greets tpf

I dont think it's enough to just block the ports BitTorrent uses, because almost every client randomizes it's ports.

Why dont ou try to configure the traffic-shaper?
Since you only want to avoid that everything gets slowed down when something torrents, and not block it alltogether this might be the solution.

Also i think it wont be enough just to allow the ports 3074 and 88 for Xbox live.
After the first client connected these ports are used and the next client will use different ports.

Maybe you could google/tcpdump and look what the second/third client uses.

Ahh ok, i wasen't aware that the rules are catched in that way.

thank you

bi-nat? iv got my traffic shaper switched off because it makes ventrilo lag, but i still have the problem with starcraft

update
i stopped the lag with the static NAT option but i still cant create games.

As far as I know it, UPnP won't do the static port on outbound connections so you still have to set up that on AoN page.

Holy crap, i got it!!! finally.
When i realized the IRC port was the problem, i also realized that i had imspector proxying IRC.
I disabled just the IRC portion for imspector, restarted the service, and viola.
It now works just fine, even after i turned off advanced outbound nat and all port forwards.

So, lesson learned. CNC3 uses frickin IRC. wireshark is my best friend.

No one has replied to this thread, but i figured i would post the solution just in case anyone else has the same problem.