Jump to content
RealModScene
iLLNESS

LiNK with pfSense

Recommended Posts

When LiNK was first out, there were some users who found out quite unhappily pfSense and LiNK don't work together. There were oddball ways to get around scrapping your pfSense in favor of a generic router, but all were kind of crappy. 

Either way, the issue is LiNK is using encrypted packets and pfSense doesn't handle this well right out of the box. Without getting into the nitty gritty of why this occurs, I'll just sum it up. LiNK sends a packet out, pfSense gets this packet and messes with the header of the packet so it can route it through other ports and use different IP's etc (correct me if I'm wrong). There is a really simple solution to this that I suppose was undiscovered to the few who have tried making it work. It is a feature in pfSense called 'Static Port'.

 

 

 

By default, pfSense rewrites the source port on all outgoing packets. Many OS's do a poor job of source port randomization, if they do it at all. This makes IP spoofing easier, and makes it possible to fingerprint hosts behind your firewall from their outbound traffic. Rewriting the source port eliminates these potential (but unlikely) security vulnerabilities.

 

So the solution is simple. You must enable static port for the outbound NAT rule for the xbox. This forces pfSense to route the traffic through the ports LiNK wants it to.

1. Set a static IP for your xbox (either on the xbox itself, or through the DHCP server)

2. Create a port forward rule under NAT for the xbox IP and specify the two ports you have set in LiNK settings on the console (ie 3071/3072)

3. Create an outbound NAT rule (manual NAT must be used) on your WAN interface using the xbox ip as the source (ie 192.168.1.100/32). At the bottom of the rule tick the box that says 'use static port'.

4. Test! There is a possibility you need to reset your firewall states and try again.

Posted Image

Posted Image

 

Mods feel free to move/edit this. Just wanted to share my findings and couldn't find a better place to do so.

 

NOTE: Tested with pfSense 2.0.3. Confirmed by toggling static port on and off with all the same rules. UPnP 'could' work but I was unable to get it working properly myself. Tutorial assumes you already know how to use pfSense and are following other tutorials for port forwarding/setting up link. This is really just to clarify the outbound nat rule importance.

  • Like 1

Share this post


Link to post
Share on other sites

That's a really nice and Noob friendly tutorial. Keep up the good work!

Share this post


Link to post
Share on other sites

that means that every time you wanna play online you must turn your pc on and launch this program? 

pfsense is a router distribution.. some use it most dont.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...