Need working iptables rules to allow XBox 360 to talk to Live server
Hi all -
I'm trying to get a new XBox 360 to work on my network. I configured it manually with a static IP address (192.168.1.29) on my internal network, gave it all the appropriate network info, opened up the ports it needs (UDP 88 and 3074, and TCP 3074; also tried TCP 53 briefly; 80 is already open) and forwarded them through the firewall. It seems to be able to get on the Internet per se (its network test says that it gets out (it's able to ascertain that the XBox Live server is up and running) but can't actually talk to the Xbox Live server because my MTU is too low ("XBox Live requires a minimum MTU setting of 1364")... However, I have set both interfaces to be configured on boot with an MTU of 1500. This is not the problem. If I drop my firewall long enough to run the connection test, it works. SO...does anyone have a set of iptables rules which will definitely allow the XBox 360 on my internal network to talk to the XBox Live server? Does it use high-order ports to talk to 53 and 88 on the M$ server? Thanks Bob |
You could use wireshark to check the traffic being generated by the XBox. Or, if you trust what it's doing, you just let it connect to anything it wants to (you should check which NIC the traffic is on, but it's up to you you):
Code:
iptables -t filter -A FORWARD -p TCP -s 192.168.1.29 -m state --state NEW,ESTABLISHED -j ACCEPT Code:
iptables -t filter -A FORWARD -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT |
Gilead -
Thanks...I had considered doing that already but wanted to try and "protect" the console. But after tearing my hair out for another hour or so, figured that it's under warranty, so it's M$'s problem if somebody cracks it, so added those FORWARD rules. It works now (though I still need to DNAT UDP 88 and TCP/UDP 3074 specifically). Bob |
Would you mind posting your iptables file or script? I did all of the above, have the DNAT for 88,3074 and it's still not working for some reason.
thanks |
tostrander:
I'm running my own firewall script, available here if you want it (obviously doing much more than just dealing with the XBox): http://www.malibyte.net/iptables/scripts/fwscripts.html In the NAT file, I have this: UDP 88 192.168.1.29 88 TCP 3074 192.168.1.29 3074 UDP 3074 192.168.1.29 3074 (192.168.1.29 is the XBox's IP address). This may be overkill for what you want, but if you look at the port-forwarding and "GAMES" routines in the main script and the options in the config file, you'll likely figure out which rules you need. Hope this helps. Bob |
All times are GMT -5. The time now is 12:55 AM. |