General Questions

worked for me..

can you explain what it's doing exactly?.. risks/etc of doing this

This applies to both the PS3 and XBox, in a way it's the consoles being retarded because you open all the ports it needs and it still complains that it doesn't have open access. What the problem is, devices such as Netgear/Linksys for example may have UPnP turned on. It just ask the firewall to open a port inbound to the machine. Well that's exactly what you do in m0n0wall, so why do the consoles drop to stupid mode? Because of the source port numbers. The consoles shouldn't care about what source port m0n0wall is using since it has a way for inbound traffic to come in, but some reason if the port opened in the firewall doesn't match the source port the firewall is using they give those error messages. Even though technically, both are the same, inbound traffic can flow just fine.

Here's what I did to get it from "Moderate" to "Open":

1.  Create a reservation in my DHCP server for my Xbox 360 so that it always gets the same IP address.  You could also set a static IP on the Xbox if that is your preference.

2.  In m0n0wall, check the box "Enable advanced outbound NAT" on the Outbound NAT configuration tab.

3.  Setup a mapping for your local LAN subnet.  Interface should be WAN, source should be your subnet address (for example, my subnet is 192.168.0.0/24), target should be left blank and leave "Disable port mapping" unchecked.

4.  Setup a mapping for your Xbox 360.  Interface should be WAN, source should be the IP address assigned to the Xbox in Step 1 with a 32 bit mask (for example, 192.168.0.100/32), target should be left blank and this time check the box for "Disable port mapping".

5.  Save and apply these changes.

6.  Configure Inbound NAT and create a mapping for TCP/UDP 3074.  Interface should be WAN, External address should be Interface address, Protocol should be TCP/UDP, External port range should be 3074 to 3074, NAT IP should be the IP address of the Xbox assigned in Step 1, Local port should be 3074.  Check the box to "Auto-add a firewall rule to permit traffic through this NAT rule."

7.  Save and apply these changes.

8.  Reset the NAT and Firewall state.

Now when you run the Xbox live test, it should come back as "Open".

NOTE:  The above steps were based on the 1.3b11 version of m0n0wall.  I haven't used any of the previous versions, so the steps may vary from version to version.

I ran the above steps and got an "Open" status from Bulletstorm, and much better quality of online play (as in it works now But now the first time I start up the xbox 360 it says it gets logged in, but the only set of panels available to me is the "My Xbox" set.  I have the option to log in, but it gives me an error message and then an option to test the connection, which passes.  Then when I come back to the dashboard, all the panels are available.  Subsequent power cycles give me the full menu on login.  I'm thinking that the initial connection sets up some NAT rules that initially don't allow the full menu to come up, but then on another connection, allows it.

Anyone got any ideas?

Whats wrong with creating a DMZ and just putting the Xbox in the DMZ?

Whats wrong with creating a DMZ and just putting the Xbox in the DMZ?

I looked for an option for a DMZ in the interface but couldn't find one, how is this done?

I have some more information which may be useful:

What I was getting from my Xbox was the screen you get when your network isn't hooked up and it just logs you in locally.  Which is strange, because when I run the test it works, and then I can log into xbox live. 

Oddly enough, if I powercycle the xbox after a successful login to xbox live, it logs in fine.  It's like a NAT connection has to be made that stays in place for the TTL, but then dies after that and needs to be made manually again.  Does anyone have any suggestions?

Also, now a (unrelated) portforward doesn't work anymore.

I have Monowall v1.32

After adding all the above changes (TCP 80, TCP/UDP 53, 3074, UDP 88) and adding specific ports for Black Ops (UDP 33233, 22728).

A static IP address for xbox.

"Enable advanced outbound NAT" has been ticked.

I'm still getting a "strict" status.

For test purposes I setup a telstra turbo 7 series wireless gateway (NextG network) with the above NAT and it worked first pop with an "open" status. But the connect speed is very very slow compared to my other connection the monowall is on.

Gee i'm starting to get frustrated with monowall.

Does anyone have any suggestions where i may be going wrong?

Whats wrong with creating a DMZ and just putting the Xbox in the DMZ?

I looked for an option for a DMZ in the interface but couldn't find one, how is this done?

It isn't done.

The concept of DMZ as desired isn't a m0n0wall feature, it belongs to those inexpensive home NAT routers such as the Linksys.

In m0n0wall, DMZ has a far different meaning. See:

Handbook section 13.1 and the Glossary

http://doc.m0n0.ch/handbook-single/#id11642778

http://doc.m0n0.ch/handbook-single/#id11654548