Look in diagnostics -> states.  The source port will match the destination port if static port is working.  Also do not forget to clear your states after making the static port changes.

thanks,

I got the information i needed pretty quick when looking at: http://doc.pfsense.org/index.php/Static_Port.

I just did what the above said, added a rule for all of my subnet to use only one wan when using the range of ports this game uses and walah im up and running.

This firewall is great… I have a few more issues to work out but functionality is working great.

Can you describe how it "does not work"?

Are you sure that you followed the manual correctly on configuring your server to register himself on the public list?

Thanks :) I realise it's a problem that often comes up!

Just in case anyone reads this post for help, basically pfSense defaults to an 'Automatic outbound NAT rule generation' for added security. This can cause problems with incoming connections (UPnP sorts out the out going).

To turn this off select 'Manual Outbound NAT rule generation' then change the automatically generated rule to 'Static Port' = YES.

Repeat for any other subnets if necessary.

I tried that command, and yes, the delayed ACK is 0 by default it seems. Ah well, thank you to everyone who posted, learned a little bit 'bout my pfsense box, etc, etc.

From my experience, Xbox 360s will not respond to ping requests.  Very inconvenient!

I have once setup something like that for some friends of mine and it was working fine. There are some things that you have to consider:

When playing over IPSEC you are in different subnets and broadcasts to announce a server in you LAN won't make it from one subnet to the other. You have to manually join the IP of the server to join a game. Built in "LAN-Browsers" won't work. Most games have an option to manually specify a server IP.

The server should be hosted at the fastest connection. On asymetric connections the upstream is usually even more important than the downstream. The traffic of all clients will be concentrated on that link so better choose the one with the highest available bandwidth and not the one with the fastes machine.

Besides that it should usually work (given that you allow the ports through IPSEC that the games need; maybe start with pass any rules for testing first).

Hehe.
Yeah macs kind of dont like it if you kill their active connections.
Did you ever plug out an Access Point over which a mac is downloading at this moment? ;)

For anyone looking at this in the future:

Looks like I figured it out (after 3 hours last night, and 4 hours tonight using the backup xml config files).

We had the MAC address spoof/cloning turned on.  Looks like that isn't working properly since when I turned it off, everything works like a charm (no static ports needed).

I'm fairly sure that MAC address cloning was not a problem with any of my previous routers, so maybe this is a pfSense bug.

How I trouble shot this:
After trying the suggestions that were supposed to work (ie: static ports), I gave up and nuked the router and reset it to factory.  I checked this worked.  It did.  I then downloaded the backup config xml file and compared it to my config that had problems.

Slowly I tried adding things from my bad config to the simple config until I got a problem.  Eventually I found the change that caused problems was the MAC Address cloning/spoofing.

Enjoy!

Keywords: Gaming, Games, pfSense, MAC Address spoof spoofing cloning

Check this thread

http://forum.pfsense.org/index.php/topic,7295.msg41322.html#msg41322

I have been using te above setup for ~ 2 months now and it works great.  The only problem is that the 4 consoles are outside the firewall because when using virtual IPs they cannot connect to each other.  I have looked around the 1:1 / virtual IP forums and found that there is no fast and reliable way to have the 4 consoles behind pfsense without have connection problems.  Does anyone have a suggestion or am I stuck keeping these machines in front of PFsense?

Xbox 1 - 192.168.1.200 –> 68.97.56.44
Xbox 2 - 192.168.1.201 --> 68.97.56.45
Xbox 3 - 192.168.1.202 --> 68.97.56.46
etc

on xbox live the xboxes can't connect to one another using the virtual IP 68.97.56.x (even with NAT redirection on)
This is the same for PCs I've tried using Virtual IP.

Thank you.

I wonder if some of these folks are running restrictive LAN rules.  IE: They edited the default allow all and started to clamp down on lan -> internet traffic?

Well I made that rule; it doesn't do the trick, changed the rule to any ICMP, still doesn't work…

it seems any rules, portforwards I make, just do not want to work...

read the gaming board.

@hoba

sir, thanks so much, i got it worked now.

That worked out for me, thanks for your help.

@Nostradamus:

Hi.

Here : http://forum.pfsense.org/index.php/topic,6047.0.html

I understand the fact that I shouldn't try to install the miniupnp package in a 1.2 branch release.
But I didn't see any warning whatsoever that I should not perform a firmware upgrade when I have the miniupnp package installed because it will mess things up.
You have to first manually remove the miniupnp package before upgrading the firmware

Anyway, it's solved for me now, but I can imagine that in the future there will be a lot of users that upgrade to 1.2-RC2 or later and will hit the same problem.

You created the alias BF2 that contains all your ports.
The field where you can enter the port is red. You inserted 5900 in this field. But you have to write the name of the alias (in this case BF2).
You also created an alias for your IP but inserted on the config page the IP directly. Just put there the name of your alias.