I didn't mean you're wrong You're correct Start from the day using pfsense I can't even go further like successfully login smoothly So don't even need to talk about hosting a game ( In garena, it's not necessary to do port forward if you want to host a game ) ( I tried before when i was still using cheap router ) About the pictures that i shown Although i can login that sometimes But i can do nothing also eventhough it was logged in Because it will show me connection to server failed when i tried to join a room So, it's useless for me to login garena also Can't play, so, what's the point in logging in? I'm just wondering why surfing net is ok with pfsense MSN, YM, also able But why all the games not working as before I tried the static port already, not working also ???

The shaper seems to be working very well now!  UPnP is working great as well.  I've attached a screenshot of what my uPnP status page looks like.  I don't think there are too many routers out there that can handle this kind of usage.  Thank you PFsense devs for making the ultimate gaming router / firewall! [image: upnp_status.JPG] [image: upnp_status.JPG_thumb]

It should work just compile it in a freebsd system and you can have it working in pfSense normally.

Hmm, very odd that you are having problems. I've all my equipment on DHCP, and have created static DHCP entries for them. Of course DNS is pointing to the firewall, as well as Default Gateway. Then I've enabled UPnP on the Firewall, X-box360 and PS3. The firewall has UPnP forbidden for everything, except the X-Box360 and PS3's IP addresses. This works without any sort of problems. They get the best NAT possible both, I see ports open and close according to the different games and states the machines are in. Here at work I've tried as well, and here I see problems, but my guess is that it has something to do with some of the ancient switches we have here :-(

I have tried on your way but it isn't work  :-\ Looking for kind soul to help me  :'(

Ya they ended up on the right track there…but you can use a switch....in this case here he had a 2950...He could have had anything setup on that switch, even without him knowing.  who knows, whoever had the switch may have had 2 different Vlans or even some ACL's (access control lists, basically a manual firewall for a switch of that type) on it...It could have been several different issues.  I didn't see this post earlier, I probably could have helped.  Nonetheless it should have worked, my bet was a configuration error on the cisco switch.  That's an enterprise class switch and not some soho linksys or dlink type.  It has much more things you can configure than a home or office router/switch.

Thanks for the advice I tried Static Port option and things are looking better. Thanks Guys. @GruensFroeschli: have you tried the static port option? http://forum.pfsense.org/index.php/topic,7001.0.html

You might want to take a look into the traffic shaper.

Please do not post the same in multiple forums. Can you show a screenshot of your rules? Did you read the notes next to the schedules? When working with pfSense based schedules, the logic is a bit different from the normal pfSense rules. For example, the rules are evaluated from top to bottom. If you have a pass rule and the rule is outside of the schedule, the traffic will be BLOCKED regardless of pass rules that occur after this rule. In these cases you will want to change the pass rule to a block style rule to get the needed functionality.

Look in diagnostics -> states.  The source port will match the destination port if static port is working.  Also do not forget to clear your states after making the static port changes.

thanks, I got the information i needed pretty quick when looking at: http://doc.pfsense.org/index.php/Static_Port. I just did what the above said, added a rule for all of my subnet to use only one wan when using the range of ports this game uses and walah im up and running. This firewall is great… I have a few more issues to work out but functionality is working great.

Can you describe how it "does not work"? Are you sure that you followed the manual correctly on configuring your server to register himself on the public list?

Thanks :) I realise it's a problem that often comes up! Just in case anyone reads this post for help, basically pfSense defaults to an 'Automatic outbound NAT rule generation' for added security. This can cause problems with incoming connections (UPnP sorts out the out going). To turn this off select 'Manual Outbound NAT rule generation' then change the automatically generated rule to 'Static Port' = YES. Repeat for any other subnets if necessary.

I tried that command, and yes, the delayed ACK is 0 by default it seems. Ah well, thank you to everyone who posted, learned a little bit 'bout my pfsense box, etc, etc.

From my experience, Xbox 360s will not respond to ping requests.  Very inconvenient!

I have once setup something like that for some friends of mine and it was working fine. There are some things that you have to consider: When playing over IPSEC you are in different subnets and broadcasts to announce a server in you LAN won't make it from one subnet to the other. You have to manually join the IP of the server to join a game. Built in "LAN-Browsers" won't work. Most games have an option to manually specify a server IP. The server should be hosted at the fastest connection. On asymetric connections the upstream is usually even more important than the downstream. The traffic of all clients will be concentrated on that link so better choose the one with the highest available bandwidth and not the one with the fastes machine. Besides that it should usually work (given that you allow the ports through IPSEC that the games need; maybe start with pass any rules for testing first).

Hehe. Yeah macs kind of dont like it if you kill their active connections. Did you ever plug out an Access Point over which a mac is downloading at this moment? ;)

For anyone looking at this in the future: Looks like I figured it out (after 3 hours last night, and 4 hours tonight using the backup xml config files). We had the MAC address spoof/cloning turned on.  Looks like that isn't working properly since when I turned it off, everything works like a charm (no static ports needed). I'm fairly sure that MAC address cloning was not a problem with any of my previous routers, so maybe this is a pfSense bug. How I trouble shot this: After trying the suggestions that were supposed to work (ie: static ports), I gave up and nuked the router and reset it to factory.  I checked this worked.  It did.  I then downloaded the backup config xml file and compared it to my config that had problems. Slowly I tried adding things from my bad config to the simple config until I got a problem.  Eventually I found the change that caused problems was the MAC Address cloning/spoofing. Enjoy! Keywords: Gaming, Games, pfSense, MAC Address spoof spoofing cloning

Check this thread http://forum.pfsense.org/index.php/topic,7295.msg41322.html#msg41322

I have been using te above setup for ~ 2 months now and it works great.  The only problem is that the 4 consoles are outside the firewall because when using virtual IPs they cannot connect to each other.  I have looked around the 1:1 / virtual IP forums and found that there is no fast and reliable way to have the 4 consoles behind pfsense without have connection problems.  Does anyone have a suggestion or am I stuck keeping these machines in front of PFsense? Xbox 1 - 192.168.1.200 –> 68.97.56.44 Xbox 2 - 192.168.1.201 --> 68.97.56.45 Xbox 3 - 192.168.1.202 --> 68.97.56.46 etc on xbox live the xboxes can't connect to one another using the virtual IP 68.97.56.x (even with NAT redirection on) This is the same for PCs I've tried using Virtual IP. Thank you.