You are not logged in.
So, I've recently come into an XBox 360, and I'm trying to connect it to the internet. It can have a wired connection, but we have a wireless router and it's too far away to run a wire. There's a dongle available, but anything a 70 dollar dongle can do, so can my HP Pavilion dv8000, right?
So, I looked online at http://wiki.archlinux.org/index.php/Internet_Share and http://wiki.archlinux.org/index.php/Sim … AT_gateway and from this, I've created this script/set of commands (I know it's not all necessary, but I figured I might as well just follow the entirety of the second link and prune it down later; I also threw in some things myself just to see what the tables look like at the time):
iptables -nvL
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -nvL
iptables -N open
iptables -N interfaces
iptables -N fw-interfaces
iptables -N fw-open
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j interfaces
iptables -A INPUT -j open
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -P INPUT DROP
iptables -A interfaces -i lo -j ACCEPT
iptables -A interfaces -i eth0 -j fw-interfaces
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
#iptables -I INPUT -i wlan0 -s 10.0.0.0/8 -j DROP
#iptables -I INPUT -i wlan0 -s 172.16.0.0/12 -j DROP
#iptables -I INPUT -i wlan0 -s 192.168.0.0/16 -j DROP
#iptables -I INPUT -i wlan0 -s 127.0.0.0/8 -j DROP
/etc/rc.d/iptables save
iptables -L FORWARD
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -j fw-interfaces
iptables -A FORWARD -j fw-open
iptables -A FORWARD -j REJECT --reject-with icmp-host-unreachable
iptables -P FORWARD DROP
iptables -A fw-interfaces -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.39.163/255.255.255.0 -o wlan0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A fw-open -d 192.168.39.163 -p tcp --dport 2074 -j ACCEPT
iptables -A fw-open -d 192.168.39.163 -p udp --dport 2074 -j ACCEPT
iptables -A fw-open -d 192.168.39.163 -p udp --dport 3074 -j ACCEPT
iptables -A fw-open -d 192.168.39.163 -p tcp --dport 3074 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2074 -j DNAT --to 192.168.39.163
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3074 -j DNAT --to 192.168.39.163
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3074 -j DNAT --to 192.168.39.163
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 2074 -j DNAT --to 192.168.39.163
iptables -A fw-open -d 192.168.39.163 -p udp --dport 88 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 88 -j DNAT --to 192.168.39.163
/etc/rc.d/iptables save
ifconfig down
ifconfig eth0 192.168.39.1 netmask 255.255.255.0
ifconfig upYeah, it's a little redundant, but I'm the overkill kind of person. So, XBox live needs ports 2074, 3074, 80, 53 for TCP and UDP in both directions, and 88 for UDP (according to an almagamation of http://support.microsoft.com/kb/908874 and this http://tommccann.net/live/step2.html.
On the Xbox I set up an ip address of 192.168.39.163, appropriate mask, and the OpenDNS servers. It's telling me that "Your network doesn't have a sufficient MTU Setting. Xbox LIVE requires a minimum MTU setting of 1364." I checked both wlan0 and eth0 have MTU of 1500, as does the router. I originally tested this with my sister's laptop, since it was in the room. It runs Windows, and using the Internet Connection Sharing did it fine, so there must be something wrong with this current configuration (my laptop is newer and has better specs overall).
My thoughts: Maybe it's using the OpenDNS servers that causes the MTU problem, but that's only used for name resolution so that shouldn't be the problem. Maybe it's to do with how outgoing packets are configured when sent to the router? When I didn't run through the whole script from link two, when I just did what's listed on Internet Sharing, I found that it complained of the connection MTU (I think), not the whole network.
Suggestions? Help?
Last edited by majiq (2009-07-08 08:22:39)
Offline
Well, to anyone else who's having or had this problem, I hope you can figure out how to fix it. It's working for me now, but two things changed between my last post and now. First of all, I custom compiled a kernel making sure that the options here were enabled if it said to enable it. Second of all, there was a kernel update to 2.6.30.1, which included some updates to the netfilter support. Could really be either. Also, as a note, I'm now using dns-masq to forward dns-server info and assign ip addresses.
Offline
Hrm, I just noticed this problem with my Xbox trying to run a xbox live test. This had been working fine until I moved and received a new modem/bunch of package upgrades for my router. I as well use the opendns servers. Though the MTU on my router showed 536 on one and 1500 on the other.
I can manually set the MTU to 1500 on the interface, but it gets set back to 536 after a reboot..Strange...
Edit: Just found my problem, it was the Cable modem supplied by my ISP. Supposedly it has problems with MTU. Time to bring another one back!
Last edited by brenix (2009-09-14 17:06:30)
Offline