Jump to content
Not connected, Your IP: 3.149.235.171
Sign in to follow this  
fawkesguy

Port forwarding for Xbox

Recommended Posts

I have port forwarding enabled, and it's working for my web server and webcam, but I can't get it setup for Xbox Live. Xbox Live needs port 3074 UDP & TCP opened. I have my AirVPN forwarded port set to UDP & TCP, local port 3074. I've also tried it without setting the local port. Doesn't work either way. I'm also using DNAT. Below is what's in my firewall. The Xbox is 192.168.1.50 I've deleted the entries for the web server and webcam.

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I FORWARD -i br0 -o eth0 -j DROP

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 2127 -j DNAT --to-destination 192.168.1.50

Anyone know how I can get Xbox Live running? I'd like to keep the Xbox going through the VPN.

Share this post


Link to post

Hello!

This is a copy & paste of an e-mail from the support team you should have received a few minutes ago, this admins pastes it here for general knowledge:

On 02/06/2013 04:55 AM, fawkesguy wrote:

> I have port forwarding enabled, and it's working for my web server and webcam, but I can't get it setup for Xbox Live. Xbox Live needs port 3074 UDP & TCP opened. I have my AirVPN forwarded port set to UDP & TCP, local port 3074. I've also tried it without setting the local port. Doesn't work either way. I'm also using DNAT. Below is what's in my firewall. The Xbox is 192.168.1.50 I've deleted the entries for the web server and webcam.

>

> iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

> iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

> iptables -I FORWARD -i br0 -o eth0 -j DROP

> iptables -I INPUT -i tun1 -j REJECT

> iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

Hello!

The rule

iptables -I FORWARD -i br0 -o eth0 -j DROP

might be right or wrong (it depends on your setup) try to delete it for testing purposes (only after you have corrected another rule, see below).

>

> iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50

> iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50

Why the above rules are duplicated? Maybe the Xbox needs UDP packets as well, try to change the second one to:

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 2127 -j DNAT --to-destination 192.168.1.50

(note "-p udp" instead of "-p tcp" on the second rule)

Kind regards

AirVPN Support Team

Share this post


Link to post

Hello,

The rule

iptables -I FORWARD -i br0 -o eth0 -j DROP

Is fine. That drops all connections if the VPN goes down. Tested and working.

The 2nd DNAT line is a typo. It is actually correct in my firewall - one line for tcp, one for udp.

Still doesn't work.

Any suggestions?

Share this post


Link to post

I have DDWRT setup using assigned IP's via my PS3 MAC address then use the built in OpenVPN policy routing to just route my PS3 outside the VPN. I have no reason to hide my PS3 traffic. Works better outside the VPN anyway. Pretty simple to setup.

Under the Services>Services tab in DDWRT I have a Static Lease for my PS3 MAC address setup so it gets the same IP address every time. Then under the Services>VPN tab I have under "OpenVPN client" in the Policy based Routing box I just plugged in the IP address that I set for the PS3 in the Static Lease table. I checked using the PS3 browser what its IP location was using an IP determining webite. It shows my ISP as being correct and the location being correct proving it is indeed routed outside the VPN.

Found that to be much easier than setting up a routing table.

Share this post


Link to post

I have DDWRT setup using assigned IP's via my PS3 MAC address then use the built in OpenVPN policy routing to just route my PS3 outside the VPN. I have no reason to hide my PS3 traffic. Works better outside the VPN anyway. Pretty simple to setup.

Under the Services>Services tab in DDWRT I have a Static Lease for my PS3 MAC address setup so it gets the same IP address every time. Then under the Services>VPN tab I have under "OpenVPN client" in the Policy based Routing box I just plugged in the IP address that I set for the PS3 in the Static Lease table. I checked using the PS3 browser what its IP location was using an IP determining webite. It shows my ISP as being correct and the location being correct proving it is indeed routed outside the VPN.

Found that to be much easier than setting up a routing table.

That would work, except I have the following line in my firewall: "iptables -I FORWARD -i br0 -o eth0 -j DROP" which stops traffic outside of the tunnel from accessing the Internet. I do that so if the VPN goes down, no devices on my network have Internet access. If you know of a way I can maintain that while allowing a single IP to bypass the VPN, that would solve my one remaining issue! If anyone has any ideas, please let me know.

Thanks!

Share this post


Link to post

Hi, whats your IPTABLES firewall script for your webserver? im struggling to get any port forwarding working.

This is my current script:

iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

There is a NAS web gui that runs on port 4080 behind my DD-WRT router so it should ALWAYS respond to requests. I can connect to the airVPN just fine. Im sure my script isnt right somewhere.

Help!!!

Share this post


Link to post

im also trying with an xbox but im unsure as to why its not working i forwarded the local ports and in my firewall and a rule to allow incoming and outgoing connections for the port they generate but i still have nat error when testing

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...