Rejecting Xbox 360 traffic



  • I have UPNP switched on but when i look in the Firewall entry i get yellow entries for xbox live traffic;

    Jan 15 01:12:19 WAN 99.238.240.170:3074 192.168.2.4:3074 UDP

    However when i look in the upnp page i get this;

    3074 udp 192.168.2.4 Xbox (192.168.2.4:3074) 3074 UDP

    Doesn't yellow mean rejecting traffic ?



  • Yes yellow "x" means reject judging by the name of the icon.

    Maybe check to make sure there are no firewall rules blocking that port.  As I remember, when you create a manual port forward, there is an option to "automatically create firewall rule."  I know you're using uPnP but it seems to me that for security reasons, a reject wouldn't happen unless you specifically told it to reject and not just block (which I believe PFsense does by default).



  • Seems strange then,

    I have no rules setup though at the moment in the firewall, I had only set the box up a day or so before and i was playing around with packages but thats about it. I have now moved it onto my new Box that i just built today. I will be online later so i will check that it is ok.

    I was playing Halo 3 last night and my ping went to 1 red ping and my friend on the same provider was at full green ping, i can only imagine that i was dropping packets. After this game we were playing on the PIT and i have host, you can tell this by the way that the security cameras move on that map only when you are host and everyone had green pings including myself. This is what prompted me to look in the first place.

    Thanks for the reply



  • Try a fresh install because I have a stock Pfsense with no firewall rules except those created by the port forward.  We run 8 Halo 3s without issues like yours.  Checked my logs for good measure after I saw your post and I did not see anything like you've described.  I thought the pit cameras moved regardless of who was host.  This is news to me, I'll have to check.

    A pretty reliable way to see if you have host is to check your states.  Filter by port 3074 and if you've got as many connections to unique IPs as there are players, then you're most likely host.  Also check the traffic graph for verification.  If the out is constantly around say 40KB/s for a 4v4, then you're probably host.  I did some tests with the traffic needed to host a Halo 3 game if you need reference http://forum.pfsense.org/index.php/topic,6780.0.html



  • I'm seeing this as well on port 3074 for COD4 on my PS3 which I have DMZ'd on a seperate interface.  I dont have any rules rejecting traffic.  Not using any port forwards, strictly UPnP.  AON Static ports on PS3 IP address.

    Clicking on yellow X tells me this:

    The rule that triggered this action is:

    @1 anchor "firewallrules" all
    @10 pass out quick on lo0 all flags S/SA keep state label "pass loopback"
    @11 anchor "packageearly" all
    @12 anchor "carp" all
    @13 pass quick inet proto icmp from {wan address} to any keep state
    @14 anchor "dhcpserverlan" all
    @15 pass in quick on fxp0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN"
    @16 pass in quick on fxp0 inet proto udp from any port = bootpc to {lan address] port = bootps keep state label "allow access to DHCP server on LAN"
    @17 pass out quick on fxp0 inet proto udp from 10.33.40.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN"
    @18 anchor "dhcpserverDMZ" all
    @19 pass in quick on fxp2 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"

    Arent all these pass rules?



  • Ok, to answer my own question.

    Using static ports with AON causes the rejects.  Setup AON without static ports and I get regular Blocks.

    UPnP says its allowing in on port 3074 like Stu/d stated above but its not making it through the firewall for some odd reason, although states shows me a bunch of connections on port 3074.

    Setting up a port forward for 3074 resolves all this but then whats the point of UPnP then?


Locked