News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Port mapping questions
Pages: [1]
Topic: Port mapping questions  (Read 2058 times)
« on: October 31, 2012, 23:38:08 »
azdps **
Posts: 63
internet --> modem --> m0n0wall -- > wireless ap --> xbox

I only have 2 network adapters in my m0n0wall box. I have no switch and my setup is very straight forward and simple. m0n0wall takes care of all everything. The access point just passes all info through without restriction. For my outbound nat I have selected avoid port mapping to prevent port randomization. The only reason I need static ports is because of xbox live. Both m0n0wall and pfsense causes problems with my xbox live and I end up with a moderate or strict nat. I've isolated the problem in the source code of m0m0wall.


Quote
   /* depending on whether or not port mapping is disabled, we put the (generic) IP
      rule or the portmap rule first. If the portmap rule comes first, we will always
      have mapped/randomized ports. Otherwise, the port will only be mapped if there
      is already another mapping for the same port.
   */


Now the last sentence above quoted from the filter.inc source code file is troubling. That's what causing static port mapping to fail when using xbox live using the network configured above. I'm attaching a larger portion of the code so it will be clearer on what I'm talking about.


Code:
if ($config['nat']['portrange-low'] && $config['nat']['portrange-high']) {
$rangelow = $config['nat']['portrange-low'];
$rangehigh = $config['nat']['portrange-high'];
}

$portmaprule = "map $if $src $dst -> {$tgt} portmap tcp/udp $rangelow:$rangehigh\n";
$ipmaprule = "map $if $src $dst -> {$tgt}\n";

/* depending on whether or not port mapping is disabled, we put the (generic) IP
   rule or the portmap rule first. If the portmap rule comes first, we will always
   have mapped/randomized ports. Otherwise, the port will only be mapped if there
   is already another mapping for the same port.
*/
if ($portmap)
$natrule .= $portmaprule . $ipmaprule;
else
$natrule .= $ipmaprule . $portmaprule;

return $natrule;
}


A more closer look:


Code:
if ($portmap)
$natrule .= $portmaprule . $ipmaprule;
else
$natrule .= $ipmaprule . $portmaprule;

return $natrule;


The above code kills xbox lives chances of always having an open nat. I made a simple change in the code below and now xbox live works absolutely great.


Code:
if ($portmap)
$natrule .= $portmaprule . $ipmaprule;
else
$natrule .= $ipmaprule;

return $natrule;


I would like to know if this is going to break anything. Ok so lets say I have "already another mapping for the same port". What issue is this going to cause with the above code change?
« Reply #1 on: November 07, 2012, 18:56:29 »
iridris ***
Posts: 145
You shouldn't need to modify m0n0wall's source code to get Xbox live working.

First, either set a static IP or use DHCP reservation for your xbox.
Next, on the Inbound NAT page, map TCP/UDP port 3074 and UDP port 88 to your xbox's IP address (let m0n0wall create the associated firewall rules as well).
Then, on the Outbound NAT page, enable 'advanced outbound NAT'.
On that same page, create two rules: First, for your xbox, then for the rest of your LAN subnet:

InterfaceSourceDestinationTargetDescription
WAN192.168.1.0/24**LAN Subnet
WAN192.168.1.36 {Xbox IP}** (No Portmap)Xbox

Then just Save and you're done! After that, your xbox should show up as 'Open NAT'.
« Reply #2 on: November 12, 2012, 06:43:18 »
azdps **
Posts: 63
iridris you were right I didnt have to modify the source code. I installed the latest beta snapshot of 1.8 and I was able to obtain on open nat with the outbound nat suggestion you made. Thanks.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines