Pfsense UPNP Help

[Sikh]

So I recently moved into a new house, and from my old network structure I only added another switch.

So right now, my network structure looks like this [surboard 6120 > Pfsense box > HP ProCurve Switch 2524(Managed), Access Points > Dell Unmanaged Switch > Computers, Consoles, etc]

So, before I moved, my brother could jump on his 360, I could jump on mine, and both were Open NAT Type, etc. Same with computers, we played COD4 and several games at the same time, without me having to port forwarding and it worked great, UPNP'ing was working. I had a small LAN at my house with about 4 xbox's and no Strict/Moderate NAT Type, etc etc. It was easy because I didnt have to port forward every damn xbox or computer.

Now, Ever since I moved and resetup my network, the only thing that changed was me adding the switch and even with me unplugging the switch and running everything off the dell, It still gives me half ass UPNP. I had a LAN with about 9 people and all of us got STRICT NAT on xbox's and on PC's we couldnt even join the same servers.

I even went ahead and port forwarded 4 xbox's and 1 of them went moderate and open, 2 were strict, 1 was open.

I tried everything before completely reformatting my PFSense installation. Im running version 1.2.3-RELEASE. It fixed itself, I had people come over again yesterday after I did it and we all were playing games with lobbies easy to find, NAT Type OPEN across all systems. I then went to play COD4 with my brother and this time one of us didnt get kicked out, it properly let us play.

So, WHAT COULD IT BE?

ANY HELP IS APPRECIATED. Ive bugged BUDMAN far too much and he's been very helpful and so far my network was perfect, but ever since I moved, everythings ****ed up and I dont like it.

[+BudMan MVC]

What could it be? its impossible to say what was jacked up -- from your post I take it working now.

"It fixed itself"

There is no way to tell what was wrong since now you say its working. Had you installed any packages on your previous install? Power outage where the pfsense box bounced? Maybe could of corrupted a config?

If its currently working - what can we troubleshoot??

[Sikh]

No it WAS working, it DID fix itself, yesterday morning when I did a "upgrade" but back to the same firmware, instead of having to rip apart my pfsense box and hooking a cd drive to it, I took the "easy" way out.

So right now, its NOT working again. I have NAT to Manual NAT Generation with the Default Rule set to YES for Static Port(googled this problem when it first happened and this suggestion poped up on the pfsense forums). Now its working, only problem is, UPNP doesnt work, so only my port forwards work, which when adding my brothers 360, It turns both into moderate, when UPNP'ing, The 360 itself will find a random open port, before it was me on default 3074 and brother on 20666 now its not working and if I try sending him 20666 it doesnt work, the system needs to be able to do it himself.

Im going to completely reformat the hard drive tomorrow and reinstall pfsense, if that doesnt work, im moving over to smoothwall and trying that.

[+BudMan MVC]

Well you could try moving to 2.0 its in beta5 really close to RC vs smoothwall.

Where would you get the idea that you could forward port 20666 to other xbox?? Can you not tell it to use a different port other than 3074 and forward that manually? But no your not going to just pick some random ass port an forward it and expect it to work.

edit have you seen this thread?

http://forum.pfsense.org/index.php?topic=13887.0

Also did you enable logging of UPnP -- what does it show?

[Sikh]

Thats the topic i was refering to, and only the MANUAL NAT in OUTBOUND works for me, but restricts me to one xbox.

I got that port from before, when I use to game with my brother, since my port was 3074(by default) UPNP gave him 20666 every single time so both of us can play in the same game from the same IP. Xbox Live uses 3074, but when its taken up, ive seen it use 20666, 3075, 20656 and a few other ports.

When I log UPNP, you see ABSOLUTELY NOTHING.

I was planning on going to 2.0, but I saw in bugs that recently "UPNP not working correctly" Opened on 12-25-2010 and a few other things that I NEED, so I was alittle learly, I probably will do that before I go Gung-Ho on taking the box apart and getting angry in the process.

[+BudMan MVC]

in that thread did you try the multicast rules? There clearly should be something in status and should be logging the packets, if need be create your own firewall rule to log the packets, or do a packet capture on the box so you can see what exactly is being requested.

So turned it on in 2.0 latest snap, and then turned on my utorrent client.. Sure looks to be working?? Didn't test that port was open, but sure looks like it worked.

[Sikh]

I was just gonna post.

Upgraded to 2.0 Beta5 and everything is working so far, ill report back if it stops working, but its work.

Not only that, but 2.0 looks much cleaner.

Now I just need to figure out a good Access Point Landing page / Captive Portal that logs MAC Addresses and Ill be happy.

Thanks BudMan.

[+BudMan MVC]

pfsense has a captive portal, it does not log mac in the portal auth section of the system log? What auth method are you using?

Sure seems to log mac to me

Dec 29 02:55:13 logportalauth[44930]: LOGIN: admin, 00:21:9b:03:ac:a7, 192.168.1.100

What else do you need?

Only problem I could see is that log is limited, I would use a syslog server for long term storage of logs like that.

[Sikh]

I havent even bothered looking at the captive portal on PFSENSE. I have a CLEAROS Server I want to host the landing page, which then the PHP Script will log the IP and MAC Address on the network for me along with computer name so I know who is ****ing around.

Now, I was originally gonna post to say, UPNP just stopped working again today. Me and my brother jumped on and he joined a game of halo, i couldnt get in, then he got disconnected for strict nat, i did a test and both of us were strict. I just rebooted pfsense, same ****. I then disabled UPNP and enabled it again and valla it worked.

So, im thinking something got ****ed up with my original installation and I just need to reformat the hard drive, so Im gonna end up doing that because in my old house / when it use to work, it was flawless. I had 8 month uptime with UPNP on and NEVER had to "flip the switch"(enable/disable) to make it work and etc etc.

So, Onto reformatting. Ill let you know how that goes.

Thanks for all your help budman.

[Sikh]

So its half ass working, im having a LAN right now and I have to reset UPNP (uncheck all boxes and and check them again) to have it too work.

The bad thing about this, is that my brother and i are consistently gaming and this will be a pain in the ass. I might just go to smoothwall if this keeps being gay.

BUDMAN any advice!?

[Sikh]

New Issue, when xbox is loading or is querying for the internet, the computers on the network lag. WHAT THE ****?