Thread: pf and xbox live
View Single Post
  #1   (View Single Post)  
Old 4th August 2008
_mg_ _mg_ is offline
New User
  
Join Date: Jul 2008
Posts: 2
Default pf and xbox live
Hi guys!

I would need a little help with my pf settings to get Xbox Live's NAT from 'Strict' to 'Open'. I'm not too familiar with pf and at the moment I don't know where to go from here.

The following ports must be available for Xbox LIVE to operate correctly:
udp: 88, 3074
tcp: 3074
http://support.microsoft.com/kb/908874?sd=xbox

I've tried different possible solutions from the internet, but with no luck. My home setup is server(pf firewall/router assigns IP-addresses from MAC-addresses) -> linksys wlan server -> xbox360 (wireless)

Here is my current pf.conf. All suggestions regarding this problem or my pf.conf file will be taken gladly .

Code:
#
# MACROS
#
ext_if = "rl0"
int_if = "rl1"

tcp_services = "{ 22, 113, 21 }"
icmp_types = "echoreq"

jope_pc = "192.168.1.100"
jossu_pc = "192.168.1.101"
xbox = "192.168.1.102"
spare = "192.168.1.103"

# xbox ports
x_udp = "{88, 3074}"
x_tcp = "3074"

#
# TABLES
#
table <trusted> const { $jope_pc $jossu_pc $xbox $spare }
table <badguys> persist file "/var/log/pf_badguys.log"

#
# OPTIONS
#
set block-policy return
set loginterface $ext_if

set skip on lo

#
# SCRUB
#
scrub in all

#
# QUEUEING
#


#
# TRANSLATION
#

# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)

# xbox360 / added 03.08.2008
rdr pass on $ext_if inet proto udp from any to any port \
$x_udp -> $xbox
rdr pass on $ext_if inet proto tcp from any to any port \
$x_tcp -> $xbox

#
# FILTER RULES
#
block all

# ntp / added 29.04.08
pass out quick on $ext_if inet proto udp from $ext_if to \
any port = ntp keep state

pass in quick on $int_if from <trusted> to any
pass out quick on $int_if from any to <trusted>

pass out keep state

anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }

block in log quick on $ext_if inet proto $tcp_services from <badguys>

# xbox360 / added 03.08.2008
pass in quick on $ext_if inet proto udp from any to $xbox \
port $x_udp keep state
pass in quick on $ext_if inet proto tcp from any to $xbox \
port $x_tcp keep state

pass out quick on $int_if inet proto udp from any to $xbox \
port $x_udp keep state
pass out quick on $int_if inet proto tcp from any to $xbox \
port $x_tcp keep state

pass in quick on $int_if inet proto udp from $xbox to any \
port $x_udp keep state
pass in quick on $int_if inet proto tcp from $xbox to any \
port $x_tcp keep state


pass in log quick on $ext_if inet proto tcp \
from any to ($ext_if) port $tcp_services \
flags S/SA keep state (max-src-conn-rate 3/60, overload <badguys> flush)

pass in inet proto icmp all icmp-type $icmp_types
Reply With Quote