This should probably go in the networking section, but alas, responses and uptake are slow in that part of the forum, so I think this is preferable. This can also help other members.
The problem is as the title suggests; the UDP ports with my software based firewall. More specifically, I'm using VirusBarrier X6, but this shouldn't really matter, as the firewall setup is more or less universal among competitors. Furthermore, I'm using a custom set-up, not one of the pre-configured jokes included in the program. My network path is as follows: Internet -> router -> wireless -> Mac/Software firewall -> Internet sharing -> LAN -> XBox. I use my wireless connection both for my Internet connection as well as the Xbox's connection, which will be referenced later. Also, Microsoft support doesn't provide any help.
To start off, I guess I'll post my current firewall set-up.
NOTE: This is merely one part of my firewall, simplified. When I typically make new firewall rules, I work on one section at a time, in order to iron out any inconsistencies or problems present in my port-forwarding. In order to do so, typically the other areas (in this case LAN<->Mac and Mac -> Internet) are set to be entirely open, so I can check for issues and isolate them more easily. You will see this below in my setup.
Rules (Higher on the list means earlier preference):
Internet -> Mac.
Ports
....
Other ports
....
Xbox Live In:
TCP 80, UDP 88, UDP/TCP 3074,UDP/TCP 53 (Broadcast packets allowed, destination ports)
Note that TCP 80 (http) and UDP/TCP 53 (domain) really aren't needed at all; I included them because they're recommended by Microsoft and I was having issues, so it was a troubleshooting point.
....
VPN In (LT2P over IPsec):
UDP 500, UDP/TCP 1701 (Broadcast packets allowed, destination ports)
Note that these were also provided by my VPN provider, more on this later.
....
TCP In
All ports STOP (no broadcast packets)
....
UDP In
All ports STOP (no broadcast packets, destination port)
....
Internet In
All ports GO (ICMP, IGMP)
Internet Out (Mac -> Internet)
All go.
LAN In/Out
All go.
Now that we've got that done, its time to discuss the problem(s). There are two, specifically, both revolving around the UDP blockage near the bottom of the Internet inbound list; XBox, and VPN. Both function fine without the firewall, and both function perfectly when the UDP blockage is the only thing turned off, leaving my troubleshooting pointing to a missing UDP port-exception for both services. TCP has remained blocked throughout, as noted on the list, which is located near the bottom. There have been no issues with this.
For my Xbox issues, it goes like this:
When UDP blockage and the XBox in-ports are enabled, I get an MTU error; Microsoft says says you need an MTU of 1364, and mines set on auto and is at 1500. Clearly above their requirements, yet it doesn't work.
When I turn off the UDP blockage, but keep the XBox ports going, I can connect to Live without a problem.
When I turn off the UDP blockage as well as the XBox ports, I get the same result; a perfect connection. This would leave me to believe that the XBox ports aren't so necessary in the first place, at least the ones they provided, applied to the inbound traffic, specifically in relation to TCP, as that's been blocked the entire time (outbound they're needed).
When I turn on the UDP blockage, but turn OFF the XBox ports, I get a DNS error; this is probably due to the UDP 53 port being blocked. Interestingly enough though, TCP has been blocked the entire time, meaning TCP 53 is useless. Turning off the TCP blockage on top of the aforementioned settings results in the same error. My DNS server for my xbox is my computer, listed as 192.168.2.1, as you would expect in an Internet sharing situation.
Thus, at least for my Xbox problems, I've come to the conclusion that I'm missing some UDP port in my port forwarding scheme, the only question is which one? Having UDP 53 and the others recommended by MS turned on for the inbound gives me the MTU error; I'm lost as to what I need to open to fix this, but its clearly UDP.
For my VPN issues; well, its far simpler. Using the in-bound allowed ports as listed above, my VPN works fine, provided that the UDP Blockage is turned off. If it is turned on, a get a message that I cannot connect to the L2TP server, and the VPN connection is never established. Once again, this leads me to believe I missed a port somewhere, yet I port forwarded the ones recommended by my VPN provider. Therefore I'm at a loss here too; any recommendations on getting this to work with the UDP blockage enabled?
Thanks!
EDIT: SOLVED!!
(Solution is in my last post)
The problem is as the title suggests; the UDP ports with my software based firewall. More specifically, I'm using VirusBarrier X6, but this shouldn't really matter, as the firewall setup is more or less universal among competitors. Furthermore, I'm using a custom set-up, not one of the pre-configured jokes included in the program. My network path is as follows: Internet -> router -> wireless -> Mac/Software firewall -> Internet sharing -> LAN -> XBox. I use my wireless connection both for my Internet connection as well as the Xbox's connection, which will be referenced later. Also, Microsoft support doesn't provide any help.
To start off, I guess I'll post my current firewall set-up.
NOTE: This is merely one part of my firewall, simplified. When I typically make new firewall rules, I work on one section at a time, in order to iron out any inconsistencies or problems present in my port-forwarding. In order to do so, typically the other areas (in this case LAN<->Mac and Mac -> Internet) are set to be entirely open, so I can check for issues and isolate them more easily. You will see this below in my setup.
Rules (Higher on the list means earlier preference):
Internet -> Mac.
Ports
....
Other ports
....
Xbox Live In:
TCP 80, UDP 88, UDP/TCP 3074,UDP/TCP 53 (Broadcast packets allowed, destination ports)
Note that TCP 80 (http) and UDP/TCP 53 (domain) really aren't needed at all; I included them because they're recommended by Microsoft and I was having issues, so it was a troubleshooting point.
....
VPN In (LT2P over IPsec):
UDP 500, UDP/TCP 1701 (Broadcast packets allowed, destination ports)
Note that these were also provided by my VPN provider, more on this later.
....
TCP In
All ports STOP (no broadcast packets)
....
UDP In
All ports STOP (no broadcast packets, destination port)
....
Internet In
All ports GO (ICMP, IGMP)
Internet Out (Mac -> Internet)
All go.
LAN In/Out
All go.
Now that we've got that done, its time to discuss the problem(s). There are two, specifically, both revolving around the UDP blockage near the bottom of the Internet inbound list; XBox, and VPN. Both function fine without the firewall, and both function perfectly when the UDP blockage is the only thing turned off, leaving my troubleshooting pointing to a missing UDP port-exception for both services. TCP has remained blocked throughout, as noted on the list, which is located near the bottom. There have been no issues with this.
For my Xbox issues, it goes like this:
When UDP blockage and the XBox in-ports are enabled, I get an MTU error; Microsoft says says you need an MTU of 1364, and mines set on auto and is at 1500. Clearly above their requirements, yet it doesn't work.
When I turn off the UDP blockage, but keep the XBox ports going, I can connect to Live without a problem.
When I turn off the UDP blockage as well as the XBox ports, I get the same result; a perfect connection. This would leave me to believe that the XBox ports aren't so necessary in the first place, at least the ones they provided, applied to the inbound traffic, specifically in relation to TCP, as that's been blocked the entire time (outbound they're needed).
When I turn on the UDP blockage, but turn OFF the XBox ports, I get a DNS error; this is probably due to the UDP 53 port being blocked. Interestingly enough though, TCP has been blocked the entire time, meaning TCP 53 is useless. Turning off the TCP blockage on top of the aforementioned settings results in the same error. My DNS server for my xbox is my computer, listed as 192.168.2.1, as you would expect in an Internet sharing situation.
Thus, at least for my Xbox problems, I've come to the conclusion that I'm missing some UDP port in my port forwarding scheme, the only question is which one? Having UDP 53 and the others recommended by MS turned on for the inbound gives me the MTU error; I'm lost as to what I need to open to fix this, but its clearly UDP.
For my VPN issues; well, its far simpler. Using the in-bound allowed ports as listed above, my VPN works fine, provided that the UDP Blockage is turned off. If it is turned on, a get a message that I cannot connect to the L2TP server, and the VPN connection is never established. Once again, this leads me to believe I missed a port somewhere, yet I port forwarded the ones recommended by my VPN provider. Therefore I'm at a loss here too; any recommendations on getting this to work with the UDP blockage enabled?
Thanks!
EDIT: SOLVED!!
(Solution is in my last post)
