LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Need working iptables rules to allow XBox 360 to talk to Live server (http://www.linuxquestions.org/questions/linux-networking-3/need-working-iptables-rules-to-allow-xbox-360-to-talk-to-live-server-823338/)

Malibyte 08-01-2010 04:07 AM

Need working iptables rules to allow XBox 360 to talk to Live server
 
Hi all -

I'm trying to get a new XBox 360 to work on my network. I configured it
manually with a static IP address (192.168.1.29) on my internal network,
gave it all the appropriate network info, opened up the ports it needs
(UDP 88 and 3074, and TCP 3074; also tried TCP 53 briefly; 80 is already
open) and forwarded them through the firewall.

It seems to be able to get on the Internet per se (its network test says
that it gets out (it's able to ascertain that the XBox Live server is up
and running) but can't actually talk to the Xbox Live server because my
MTU is too low ("XBox Live requires a minimum MTU setting of 1364")...

However, I have set both interfaces to be configured on boot with an MTU
of 1500. This is not the problem. If I drop my firewall long enough to
run the connection test, it works.

SO...does anyone have a set of iptables rules which will definitely allow
the XBox 360 on my internal network to talk to the XBox Live server? Does it
use high-order ports to talk to 53 and 88 on the M$ server?

Thanks
Bob

gilead 08-01-2010 10:21 PM

You could use wireshark to check the traffic being generated by the XBox. Or, if you trust what it's doing, you just let it connect to anything it wants to (you should check which NIC the traffic is on, but it's up to you you):
Code:

iptables -t filter -A FORWARD -p TCP -s 192.168.1.29 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -p UDP -s 192.168.1.29 -m state --state NEW,ESTABLISHED -j ACCEPT

For the inbound traffic you'd either allow the reverse of those rules, or your network may just accept inbound traffic from existing connections:
Code:

iptables -t filter -A FORWARD -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT


Malibyte 08-02-2010 01:34 AM

Gilead -

Thanks...I had considered doing that already but wanted to try and "protect" the console. But after tearing my hair out for another hour or so, figured that it's under warranty, so it's M$'s problem if somebody cracks it, so added those FORWARD rules. It works now (though I still need to DNAT UDP 88 and TCP/UDP 3074 specifically).

Bob

tostrander 08-31-2010 05:54 PM

Would you mind posting your iptables file or script? I did all of the above, have the DNAT for 88,3074 and it's still not working for some reason.

thanks

Malibyte 09-02-2010 12:48 AM

tostrander:

I'm running my own firewall script, available here if you want it (obviously doing much more than just dealing with the XBox):

http://www.malibyte.net/iptables/scripts/fwscripts.html

In the NAT file, I have this:
UDP 88 192.168.1.29 88
TCP 3074 192.168.1.29 3074
UDP 3074 192.168.1.29 3074

(192.168.1.29 is the XBox's IP address).

This may be overkill for what you want, but if you look at the port-forwarding and "GAMES" routines in the main script and the options in the config file, you'll likely figure out which rules you need.

Hope this helps.
Bob


All times are GMT -5. The time now is 10:12 PM.