fawkesguy 0 Posted ... I have port forwarding enabled, and it's working for my web server and webcam, but I can't get it setup for Xbox Live. Xbox Live needs port 3074 UDP & TCP opened. I have my AirVPN forwarded port set to UDP & TCP, local port 3074. I've also tried it without setting the local port. Doesn't work either way. I'm also using DNAT. Below is what's in my firewall. The Xbox is 192.168.1.50 I've deleted the entries for the web server and webcam. iptables -I FORWARD -i br0 -o tun1 -j ACCEPT iptables -I FORWARD -i tun1 -o br0 -j ACCEPT iptables -I FORWARD -i br0 -o eth0 -j DROP iptables -I INPUT -i tun1 -j REJECT iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50 iptables -t nat -I PREROUTING -i tun1 -p udp --dport 2127 -j DNAT --to-destination 192.168.1.50 Anyone know how I can get Xbox Live running? I'd like to keep the Xbox going through the VPN. Quote Share this post Link to post
Staff 9921 Posted ... Hello! This is a copy & paste of an e-mail from the support team you should have received a few minutes ago, this admins pastes it here for general knowledge: On 02/06/2013 04:55 AM, fawkesguy wrote: > I have port forwarding enabled, and it's working for my web server and webcam, but I can't get it setup for Xbox Live. Xbox Live needs port 3074 UDP & TCP opened. I have my AirVPN forwarded port set to UDP & TCP, local port 3074. I've also tried it without setting the local port. Doesn't work either way. I'm also using DNAT. Below is what's in my firewall. The Xbox is 192.168.1.50 I've deleted the entries for the web server and webcam. > > iptables -I FORWARD -i br0 -o tun1 -j ACCEPT > iptables -I FORWARD -i tun1 -o br0 -j ACCEPT > iptables -I FORWARD -i br0 -o eth0 -j DROP > iptables -I INPUT -i tun1 -j REJECT > iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE Hello! The rule iptables -I FORWARD -i br0 -o eth0 -j DROP might be right or wrong (it depends on your setup) try to delete it for testing purposes (only after you have corrected another rule, see below). > > iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50 > iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2127 -j DNAT --to-destination 192.168.1.50 Why the above rules are duplicated? Maybe the Xbox needs UDP packets as well, try to change the second one to: iptables -t nat -I PREROUTING -i tun1 -p udp --dport 2127 -j DNAT --to-destination 192.168.1.50 (note "-p udp" instead of "-p tcp" on the second rule) Kind regards AirVPN Support Team Quote Share this post Link to post
fawkesguy 0 Posted ... Hello, The rule iptables -I FORWARD -i br0 -o eth0 -j DROP Is fine. That drops all connections if the VPN goes down. Tested and working. The 2nd DNAT line is a typo. It is actually correct in my firewall - one line for tcp, one for udp. Still doesn't work. Any suggestions? Quote Share this post Link to post
fawkesguy 0 Posted ... Anyone else have an Xbox running through AirVPN? I can't be the only one. Quote Share this post Link to post
jdubau55 0 Posted ... I have DDWRT setup using assigned IP's via my PS3 MAC address then use the built in OpenVPN policy routing to just route my PS3 outside the VPN. I have no reason to hide my PS3 traffic. Works better outside the VPN anyway. Pretty simple to setup. Under the Services>Services tab in DDWRT I have a Static Lease for my PS3 MAC address setup so it gets the same IP address every time. Then under the Services>VPN tab I have under "OpenVPN client" in the Policy based Routing box I just plugged in the IP address that I set for the PS3 in the Static Lease table. I checked using the PS3 browser what its IP location was using an IP determining webite. It shows my ISP as being correct and the location being correct proving it is indeed routed outside the VPN. Found that to be much easier than setting up a routing table. Quote Share this post Link to post
fawkesguy 0 Posted ... I have DDWRT setup using assigned IP's via my PS3 MAC address then use the built in OpenVPN policy routing to just route my PS3 outside the VPN. I have no reason to hide my PS3 traffic. Works better outside the VPN anyway. Pretty simple to setup. Under the Services>Services tab in DDWRT I have a Static Lease for my PS3 MAC address setup so it gets the same IP address every time. Then under the Services>VPN tab I have under "OpenVPN client" in the Policy based Routing box I just plugged in the IP address that I set for the PS3 in the Static Lease table. I checked using the PS3 browser what its IP location was using an IP determining webite. It shows my ISP as being correct and the location being correct proving it is indeed routed outside the VPN. Found that to be much easier than setting up a routing table. That would work, except I have the following line in my firewall: "iptables -I FORWARD -i br0 -o eth0 -j DROP" which stops traffic outside of the tunnel from accessing the Internet. I do that so if the VPN goes down, no devices on my network have Internet access. If you know of a way I can maintain that while allowing a single IP to bypass the VPN, that would solve my one remaining issue! If anyone has any ideas, please let me know. Thanks! Quote Share this post Link to post
h3avpns3nt 3 Posted ... Hi, whats your IPTABLES firewall script for your webserver? im struggling to get any port forwarding working. This is my current script: iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080 iptables -t nat -I PREROUTING -i tun1 -p udp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080 iptables -I FORWARD -i br0 -o tun1 -j ACCEPT iptables -I FORWARD -i tun1 -o br0 -j ACCEPT iptables -I INPUT -i tun1 -j REJECT iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE There is a NAS web gui that runs on port 4080 behind my DD-WRT router so it should ALWAYS respond to requests. I can connect to the airVPN just fine. Im sure my script isnt right somewhere. Help!!! Quote Share this post Link to post
metalbew 2 Posted ... im also trying with an xbox but im unsure as to why its not working i forwarded the local ports and in my firewall and a rule to allow incoming and outgoing connections for the port they generate but i still have nat error when testing Quote Share this post Link to post