iLLNESS 1 Posted May 5, 2013 When LiNK was first out, there were some users who found out quite unhappily pfSense and LiNK don't work together. There were oddball ways to get around scrapping your pfSense in favor of a generic router, but all were kind of crappy. Either way, the issue is LiNK is using encrypted packets and pfSense doesn't handle this well right out of the box. Without getting into the nitty gritty of why this occurs, I'll just sum it up. LiNK sends a packet out, pfSense gets this packet and messes with the header of the packet so it can route it through other ports and use different IP's etc (correct me if I'm wrong). There is a really simple solution to this that I suppose was undiscovered to the few who have tried making it work. It is a feature in pfSense called 'Static Port'. By default, pfSense rewrites the source port on all outgoing packets. Many OS's do a poor job of source port randomization, if they do it at all. This makes IP spoofing easier, and makes it possible to fingerprint hosts behind your firewall from their outbound traffic. Rewriting the source port eliminates these potential (but unlikely) security vulnerabilities. So the solution is simple. You must enable static port for the outbound NAT rule for the xbox. This forces pfSense to route the traffic through the ports LiNK wants it to. 1. Set a static IP for your xbox (either on the xbox itself, or through the DHCP server) 2. Create a port forward rule under NAT for the xbox IP and specify the two ports you have set in LiNK settings on the console (ie 3071/3072) 3. Create an outbound NAT rule (manual NAT must be used) on your WAN interface using the xbox ip as the source (ie 192.168.1.100/32). At the bottom of the rule tick the box that says 'use static port'. 4. Test! There is a possibility you need to reset your firewall states and try again. Mods feel free to move/edit this. Just wanted to share my findings and couldn't find a better place to do so. NOTE: Tested with pfSense 2.0.3. Confirmed by toggling static port on and off with all the same rules. UPnP 'could' work but I was unable to get it working properly myself. Tutorial assumes you already know how to use pfSense and are following other tutorials for port forwarding/setting up link. This is really just to clarify the outbound nat rule importance. 1 Quote Share this post Link to post Share on other sites
Prayer 49 Posted May 5, 2013 That's a really nice and Noob friendly tutorial. Keep up the good work! Quote Share this post Link to post Share on other sites
Mazen El Jammal 4 Posted May 11, 2013 that means that every time you wanna play online you must turn your pc on and launch this program? Quote Share this post Link to post Share on other sites
iLLNESS 1 Posted May 12, 2013 that means that every time you wanna play online you must turn your pc on and launch this program? pfsense is a router distribution.. some use it most dont. Quote Share this post Link to post Share on other sites