LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-29-2014, 08:48 AM   #1
netboy_541
Member
 
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 173

Rep: Reputation: 30
XBOX ONE and IPTables


Hey guys.

I'm running a DD-WRT router (and yes, I've posted this over there, but I think that site is pretty much dead) and for the life of me cannot get xbox one to work, but xbox 360 works fine. I keep getting NAT moderate, and it's creating hell for my tenants.


Here's my IPTables script, and I warn you now I know not what I do, so if it's totally wrong, please forgive me... :P


Code:
### FIREWALL COMMANDS FOR PUBLIC/PRIVATE SSIDS

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

#Drop everything else on br1
iptables -I INPUT 4 -i br1 -j DROP

#Restrict br1 from accessing br0
iptables -I FORWARD 1 -i br1 -o br0 -j DROP

#Restrict br0 from accessing br1
iptables -I FORWARD 2 -i br0 -o br1 -j DROP

#Allow br1 to access http/https & FTP to internet
iptables -I FORWARD 3 -i br1 -p tcp -m multiport --dports 80,443,21 -j ACCEPT
iptables -I FORWARD 4 -i br1 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow access to Hamilton City Schools Schoology site
#https running @ port 8080
# https://schoology.hamiltoncityschools.com:8080
iptables -I FORWARD 3 -i br1 -p tcp -d schoology.hamiltoncityschools.com --dport 8080 -j ACCEPT

#Allow br1 to access xboxlive stuff to internet
iptables -I FORWARD 5 -i br1 -p tcp --dport 3074 -j ACCEPT
iptables -I FORWARD 6 -i br1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 7 -i br1 -p udp -m multiport --dports 4500,3544,3074,500,88 -j ACCEPT

#Drop everything else on br1
iptables -I FORWARD 8 -i br1 -j DROP

#END

I have two "waps", one for my network (BR0) and one for my tenants (BR1), they do not cross talk, and all data between them is dropped, as you can see by the rules. I'm thinking a drop rule is overriding an allow rule.


Any help would be appreciated, I've been working on this for days and I'm just at my wits end.... what drives me insane is the 360 works perfectly fine, but the xbox one doesnt...

Last edited by netboy_541; 05-29-2014 at 08:49 AM.
 
Old 06-02-2014, 04:49 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
I think you need to allow the DHCP replies (presuming the DHCP server is on br0) to get back to br1. These replies use UDP port 68, not 67.
 
Old 06-02-2014, 05:02 PM   #3
netboy_541
Member
 
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 173

Original Poster
Rep: Reputation: 30
BR0 is on the 172.16.1.xxx segment, BR1 is on 10.10.0.XXX segment. Each bridge has it's own DHCP instance.

It's a little complicated. :P

I will throw that rule in there tho, because for all I know, that could be it.....


Just for fun I attached the xbox one to my side of the network (BR0) and it worked perfectly, so that reaffirms my thoughts that I have a rule causing this to break.

I do not want my tenants tho to be on BR0, as that side of the network is not subject to throttling like BR1.

Last edited by netboy_541; 06-02-2014 at 05:06 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables / DD-WRT // XBox Live help! netboy_541 Linux - Networking 2 04-04-2013 11:00 AM
LXer: Xbox 360 reset glitch hack, Xbox 360 Linux on its way? LXer Syndicated Linux News 0 08-29-2011 10:50 PM
Need working iptables rules to allow XBox 360 to talk to Live server Malibyte Linux - Networking 4 09-01-2010 11:48 PM
Forwarding Xbox Live ports to Original Xbox in OS X.4.4 mst3kman Other *NIX 11 08-16-2006 09:21 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration