Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection to xBox 360 isn't working

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 5 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Nothing there really looks like a problem. Packet 38 is a Reset Ack but it doesn't look like there's an issue connecting to that IP, there is two way traffic.

      Is this something that just started?

      Do you see anything blocked in the firewall log?

      Are you running pfBlocker or Snort/Suricata?

      Steve

      Gamienator 0G 1 Reply Last reply Reply Quote 0
      • Gamienator 0G
        Gamienator 0 @stephenw10
        last edited by

        @stephenw10

        The problem persists for a couple of weeks IIRC. Like in December sitting on my xBox 360 and wasn't able to login. I thought there is an outage. Now yesterday I tried another game on my Series X and saw the same issue.

        I don't see nothing blocked in my firewall, which would surprise me because I didn't blockes anything. Not using pfBlocker or Snort. Only thing I installed was AdGuard, but my xBox don't use my DNS servers

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          So it's not something that happens every time it tries to connect? It just occasionally fails?

          Gamienator 0G 1 Reply Last reply Reply Quote 0
          • Gamienator 0G
            Gamienator 0 @stephenw10
            last edited by

            @stephenw10

            Nono, it fails all the time, but only on the 360 Part of Microsoft. And I don't play 360 games that often. Thats why I noticed it the second time just now. But the issue is there all the time.

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @Gamienator 0
              last edited by michmoor

              @gamienator-0
              There are 4 TCP conversations in this PCAP.
              2.20.156.141 is Akamai
              40.90.217.196 is MSFT -- Im going to assume this is the conversation we care about.

              Looking at just the HTTP conversation the only thing that sticks out at me is the following

              cd145a5f-8e1d-4f18-b666-669fe9655ecd-image.png

              A login fail. Its in a POST message so your xbox sending data to the server, PIFLC.XBOXLIVE.COM.

              Maybe something. Maybe nothing. I dont know much about how a normal working connection would look like.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              Gamienator 0G 1 Reply Last reply Reply Quote 0
              • Gamienator 0G
                Gamienator 0 @michmoor
                last edited by Gamienator 0

                Here guys is a PCAP with an successfull login: xBox_Success.cap

                When I route my xBox over my VPN Tunnel the login works. I don't understand whats going wrong here

                M 1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Do you have a static WAN IP? It might have been blocked for some reason.

                  Gamienator 0G 1 Reply Last reply Reply Quote 0
                  • Gamienator 0G
                    Gamienator 0 @stephenw10
                    last edited by

                    @stephenw10
                    Nope, Dynamic WAN IP on my Line

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      Gblenn @Gamienator 0
                      last edited by

                      @gamienator-0 Are you sure all the right ports are forwarded to your Xbox? If you have ports open, did you change the IP of the Xbox perhaps?

                      Gamienator 0G 1 Reply Last reply Reply Quote 0
                      • Gamienator 0G
                        Gamienator 0 @Gblenn
                        last edited by

                        @gblenn AFAIK know there aren't any ports needed to be forwared inbound. Otherwise it wouldn't be able to login via Hotspot. am i right?

                        G 1 Reply Last reply Reply Quote 0
                        • G
                          Gblenn @Gamienator 0
                          last edited by Gblenn

                          @gamienator-0 By hotspot you mean using your phone? Although mobile carriers do use CG-NAT I'm not sure how "open" their networks are in that regard. Might work actually, and your phone certainly doesn't NAT or do any firewalling.
                          According to Xbox support pages you need at least 88 UDP and 3074 UDP/TCP opened (in addition to 80 and 53 but they are "open" already).
                          Port 3074 is used by a lot of different games so if you have PC's used for gaming you might want to look into setting up UPnP for all your gaming devices.

                          https://support.xbox.com/en-US/help/xbox-360/networking/network-ports-used-xbox-live

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Mmm, I'd be surprised if it needed any inbound ports just to login. And you certainly can't get any through CGNAT even if you configured them.

                            1 Reply Last reply Reply Quote 0
                            • M
                              michmoor LAYER 8 Rebel Alliance @Gamienator 0
                              last edited by

                              @gamienator-0
                              For the pcap not working - where did you take it from?
                              For the pcap working - where did you take it from?

                              They are different. I don't see HTTP traffic on the working one.
                              The non-working one, it looks like it was taken off some Microsoft device based on the mac address. How did you do capture on this device if it is an xbox?

                              On the working one- there's no mac address seen in the pcap. How did you get this captured? From where?

                              Firewall: NetGate,Palo Alto-VM,Juniper SRX
                              Routing: Juniper, Arista, Cisco
                              Switching: Juniper, Arista, Cisco
                              Wireless: Unifi, Aruba IAP
                              JNCIP,CCNP Enterprise

                              Gamienator 0G 1 Reply Last reply Reply Quote 0
                              • Gamienator 0G
                                Gamienator 0 @michmoor
                                last edited by Gamienator 0

                                @michmoor Heythere,

                                I took the not working from pfSense Packet Catpure on Interface WAN, on the Working I took from the pfSense Packet Capture on the VPN Interface. Here is the PCAP catpured from WAN Again with working condition.
                                XBox_Success_2.zip
                                And to triple check everything I factory resetted my Modem and tried another Firewall from Sophos, with the same results. So it's not an pfSense issue. Lets see what we get from the PCAPs

                                M johnpozJ 2 Replies Last reply Reply Quote 0
                                • M
                                  michmoor LAYER 8 Rebel Alliance @Gamienator 0
                                  last edited by

                                  @gamienator-0 said in Connection to xBox 360 isn't working:

                                  I took the not working from pfSense Packet Catpure on Interface WAN, on the Working I took from the pfSense Packet Capture on the VPN Interface.

                                  So your WAN interface, you get a private IP address? You are utilizing double-NAT?
                                  I know that can be an issue for multiplayer gaming but not sure how it plays into xbox sign-in attempts.

                                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                  Routing: Juniper, Arista, Cisco
                                  Switching: Juniper, Arista, Cisco
                                  Wireless: Unifi, Aruba IAP
                                  JNCIP,CCNP Enterprise

                                  Gamienator 0G 1 Reply Last reply Reply Quote 0
                                  • Gamienator 0G
                                    Gamienator 0 @michmoor
                                    last edited by

                                    @michmoor No, my WAN Interface has a public IP from Dail-in via PPPoE :)

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator @Gamienator 0
                                      last edited by

                                      @gamienator-0 where are you routing your vpn connection through? Same country as your from? Or different one?

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      Gamienator 0G 1 Reply Last reply Reply Quote 0
                                      • Gamienator 0G
                                        Gamienator 0 @johnpoz
                                        last edited by

                                        @johnpoz Into a different Country, from Germany to Finland.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Ok, well that sounds definitely like some blocking at the server end. Just not for your specific IP as I speculated earlier.

                                          Gamienator 0G 1 Reply Last reply Reply Quote 0
                                          • Gamienator 0G
                                            Gamienator 0 @stephenw10
                                            last edited by

                                            I get even more and more the feeling that either:

                                            a) my ISP is doing something weird or
                                            b) my VDSL Modem is doing weird stuff.

                                            I just noticed that even Playing CS:GO is not working anymore. After a couple of seconds I get the Message not possible to official Servers with following log:

                                            Refreshing ping measurements
                                            SDR RelayNetworkStatus:  avail=OK  config=OK  anyrelay=OK   (Refreshing ping measurements)
                                            SteamNetworkingSockets lock held for 5.6ms.  (Performance warning.)  ServiceThread,SteamDatagramClientThinker::Think,EnsureDataCenterRoutesValid,ThinkPingProbes,CreateServerDataForCluster(x10),SendUDPacket(x10)
                                            This is usually a symptom of a general performance problem such as thread starvation.
                                            Host_WriteConfiguration: Wrote cfg/config.cfg
                                            Ping measurement completed
                                            Ping location: mlx1=14+1,mst1=19+1/20+1,fra=/22+1,ams=/25+1,lhr=/32+1,vie=/33+1,par=/37+1,mad=/40+1,waw=/42+1,mny1=85+8/86+8,iad=/91+8,mmi1=124+12/119+8
                                            SDR RelayNetworkStatus:  avail=OK  config=OK  anyrelay=OK   (Refreshing ping measurements)
                                            Ping measurement complete after 5.0s.  Sending sample to GC
                                              ams: 25ms via mlx1 (front=14ms, back=11ms)
                                              can: 185ms via tsnu (front=149ms, back=36ms)
                                              canm: 193ms via tsnu (front=149ms, back=44ms)
                                              cant: 184ms via tsnu (front=149ms, back=35ms)
                                              canu: 183ms via tsnu (front=149ms, back=34ms)
                                              dfw: 132ms via mny1 (front=85ms, back=47ms)
                                              lhr: 32ms via mlx1 (front=14ms, back=18ms)
                                              mam1: 25ms via mlx1 (front=14ms, back=11ms)
                                              mas1: 93ms via mny1 (front=85ms, back=8ms)
                                              mat1: 104ms via mny1 (front=85ms, back=19ms)
                                              mch1: 105ms via mny1 (front=85ms, back=20ms)
                                              mdc1: 92ms via mny1 (front=85ms, back=7ms)
                                              mdf1: 122ms via mny1 (front=85ms, back=37ms)
                                              mfr1: 22ms via mst1 (front=19ms, back=3ms)
                                              mla1: 149ms via mny1 (front=85ms, back=64ms)
                                              mln1: 32ms via mlx1 (front=14ms, back=18ms)
                                              mlx1: 14ms via direct route
                                              mmi1: 119ms via mny1 (front=85ms, back=34ms)
                                              mny1: 86ms via direct route
                                              mpx1: 157ms via mny1 (front=85ms, back=72ms)
                                              msa1: 139ms via mny1 (front=85ms, back=54ms)
                                              msj1: 150ms via mny1 (front=85ms, back=65ms)
                                              msl1: 110ms via mny1 (front=85ms, back=25ms)
                                              mst1: 20ms via direct route
                                              par: 37ms via mst1 (front=19ms, back=18ms)
                                              pwg: 183ms via tsnu (front=149ms, back=34ms)
                                              pwj: 150ms via tsnu (front=149ms, back=1ms)
                                              pwu: 158ms via tsnu (front=149ms, back=9ms)
                                              pww: 170ms via tsnu (front=149ms, back=21ms)
                                              pwz: 177ms via tsnu (front=149ms, back=28ms)
                                              sea: 150ms via mny1 (front=85ms, back=65ms)
                                              sha: 175ms via tsnu (front=149ms, back=26ms)
                                              sham: 174ms via tsnu (front=149ms, back=25ms)
                                              shat: 174ms via tsnu (front=149ms, back=25ms)
                                              shau: 169ms via tsnu (front=149ms, back=20ms)
                                              shb: 174ms via tsnu (front=149ms, back=25ms)
                                              sto2: 49ms via mlx1 (front=14ms, back=35ms)
                                              tsn: 150ms via tsnu (front=149ms, back=1ms)
                                              tsnm: 149ms via tsnu (front=149ms, back=0ms)
                                              tsnt: 149ms via tsnu (front=149ms, back=0ms)
                                              tsnu: 149ms via direct route
                                              tyo1: 267ms via msj1 (front=160ms, back=107ms)
                                            Host_WriteConfiguration: Wrote cfg/config.cfg
                                            Started tracking Steam Net Connection to =[A:1:2737553413:22553]:0, handle ceb4929
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mlx1#71 (188.42.190.100:27047).  Ping = 414 = 14+400 (front+back).
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mst1#57 (151.106.18.227:27041).  Ping = 419 = 19+400 (front+back).
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mlx1#71 (188.42.190.100:27047) as primary.  (Ping = 414 = 14+400+0 (front+interior+remote).)
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mst1#57 (151.106.18.227:27041) as backup #1 (Ping = 419 = 19+400+0 (front+interior+remote).)
                                            Already have a ticket for server 'steamid:90168859682390021' with older expiry 1675206188.  Discarding and replacing with new ticket expiring at 1675206254
                                            Received Steam datagram ticket for server steamid:90168859682390021 vport 0.
                                            Host_WriteConfiguration: Wrote cfg/config.cfg
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] problem detected locally (4001): Timeout; remote problem. Rx age server (never) relay 0.4s
                                            Steam Net connection #216746281 SDR server steamid:90168859682390021 vport 0 problem detected locally, reason 4001: Timeout; remote problem. Rx age server (never) relay 0.4s
                                            **** Unable to localize '#GenericConfirmText_Label' on panel descendant of 'PopupManager'
                                            Closing Steam Net Connection to (unknown), handle ceb4929 (2001 Matchmaking failed.  We never heard from gameserver)
                                            Summary of connection to #216746281 SDR server steamid:90168859682390021 vport 0:
                                                End-to-end connection: closed due to problem detected locally, reason code 4001.  (Timeout; remote problem. Rx age server (never) relay 0.4s)
                                                    Remote host is in data center 'fra'
                                                    Current rates:
                                                        Sent:   0.0 pkts/sec   0.0 K/sec
                                                        Recv:   0.0 pkts/sec   0.0 K/sec
                                                        Ping:414ms    Max latency variance: ???ms
                                                        Est avail bandwidth: 1024.0KB/s  
                                                        Bytes buffered: 0
                                                    Lifetime stats:
                                                        Totals
                                                            Sent:         21 pkts           6,597 bytes
                                                            Recv:          0 pkts               0 bytes
                                                        No ping distribution available.  (1 samples)
                                                        No connection quality distribution available.  (0 measurement intervals)
                                                        Latency variance histogram not available
                                                    No rate stats received from remote host
                                                    No lifetime stats received from remote host
                                                Primary router: mlx1#71 (188.42.190.100:27047)  Ping to relay = -1
                                                    Current rates:
                                                        Sent:   2.0 pkts/sec   0.6 K/sec
                                                        Recv:   2.2 pkts/sec   0.0 K/sec
                                                        Quality:  100%  (Dropped:0.00%  WeirdSeq:0.00%)
                                                        Bytes buffered: 0
                                                    Lifetime stats:
                                                        Totals
                                                            Sent:         21 pkts           6,597 bytes
                                                            Recv:         21 pkts             204 bytes
                                                            Recv w seq:         21 pkts
                                                            Dropped   :          0 pkts   0.00%
                                                            OutOfOrder:          0 pkts   0.00%
                                                            Duplicate :          0 pkts   0.00%
                                                            SeqLurch  :          0 pkts   0.00%
                                                        No ping distribution available.  (0 samples)
                                                        No connection quality distribution available.  (1 measurement intervals)
                                                        Latency variance histogram not available
                                                    No rate stats received from remote host
                                                    No lifetime stats received from remote host
                                                Backup router: mst1#57 (151.106.18.227:27041)  Ping = -1+-1=-2 (front+back=total)
                                                
                                            Removing Steam Net Connection for =[A:1:2737553413:22553]:0, handle ceb4929
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mst1#57 (151.106.18.227:27041).  ConnectionShutdown
                                            [#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mlx1#71 (188.42.190.100:27047).  ConnectionShutdown
                                            

                                            While die PCAP ( CSGO.zip ) shows incoming and outgoing Traffic ... To be 100% sure I just ordered a new VDSL Modem...

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.