I'm using an XBox behind a very straightforward pfSense install without
any difficulty. You shouldn't need any special contortions to make it
work except NATing the ports XBox Live wants (it works without them but
it complains). UPnP should also "Just Work" if you enable that.
Chris Flugstad wrote:
So I have a pfsense router in a buidling DHCP'ing pub ip's on the
LAN. I have a user that can connect his xbox 360 online to xbox live
but cannot connect to other players or join parties. He has tried
plugging his xbox directly bypassing his router and giving his xbox a
pub ip. this does not work. i wonder if something would need to be
set in pfsense to allow this to work?
Again, I have public ip's on the inside of my network so i do not have
NAT for any of you who are going to respond with responses that would
point me into doing fw changes for NAT
below is a dump of my config.
Sincerely,
Topher
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<hostname> </hostname>
<domain> .net</domain>
<username> </username>
<password>$.</password>
<timezone>Etc/GMT-8</timezone>
<time-update-interval/>
<timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<port/>
<certificate/>
<private-key/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<ssh>
<authorizedkeys/>
<port/>
</ssh>
<enablesshd>yes</enablesshd>
<maximumstates/>
<shapertype/>
<dnsserver>207.66.128.8</dnsserver>
<dnsserver>207.66.60.8</dnsserver>
<dnsallowoverride/>
</system>
<interfaces>
<lan>
<if>bge0</if>
<ipaddr>216.127.63.65</ipaddr>
<subnet>26</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge/>
</lan>
<wan>
<if>bge1</if>
<mtu/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac/>
<ipaddr>216.127.32.44</ipaddr>
<subnet>29</subnet>
<gateway>216.127.32.41</gateway>
</wan>
</interfaces>
<staticroutes/>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<enable/>
<range>
<from>216.127.63.66</from>
<to>216.127.63.126</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<failover_peerip/>
<gateway>216.127.63.65</gateway>
<ddnsdomain/>
<next-server/>
<filename/>
<staticmap>
<mac>00:21:91:15:90:24</mac>
<ipaddr>216.127.63.80</ipaddr>
<hostname>WBR-1310</hostname>
<descr/>
</staticmap>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat/>
</diag>
<bridge/>
<syslog/>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>block</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os></os>
<source>
<address>216.127.63.80</address>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
<rule>
<type>reject</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<address>216.127.63.80</address>
</source>
<destination>
<any/>
</destination>
<descr>block misch ip</descr>
</rule>
<rule>
<type>block</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<address>216.127.63.116</address>
</source>
<destination>
<any/>
</destination>
<disabled/>
<descr>block misch ip</descr>
</rule>
<rule>
<type>block</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<address>216.127.63.100</address>
</source>
<destination>
<any/>
</destination>
<descr/>
<disabled/>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>Default LAN -> any</descr>
</rule>
</filter>
<ipsec>
<preferredoldsa/>
</ipsec>
<aliases>
<alias>
<name>mischeif</name>
<address>216.127.63.80</address>
<descr>bad peoplos</descr>
<type>host</type>
<detail>Entry added Mon, 18 Jan 2010 16:57:58 +0800||</detail>
</alias>
</aliases>
<proxyarp/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600
snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<wol/>
<installedpackages/>
<revision>
<description>/firewall_rules_edit.php made unknown change</description>
<time>1272412107</time>
</revision>
<rrd>
<enable/>
<category>traffic</category>
<style>inverse</style>
</rrd>
<ezshaper>
<step2>
<download>100000</download>
<upload>100000</upload>
<inside_int>lan</inside_int>
<outside_int>wan</outside_int>
</step2>
<step3>
<provider>Asterisk</provider>
<address/>
<bandwidth>128</bandwidth>
<enable>on</enable>
</step3>
<step4>
<address>mischeif</address>
<bandwidthup>356</bandwidthup>
<bandwidthdown>356</bandwidthdown>
<enable>on</enable>
</step4>
<step5>
<enable>on</enable>
<bandwidthup>20</bandwidthup>
<bandwidthdown>20</bandwidthdown>
<p2pcatchall>on</p2pcatchall>
<aimster>on</aimster>
<bittorrent>on</bittorrent>
<buddyshare>on</buddyshare>
<cutemx>on</cutemx>
<dcplusplus>on</dcplusplus>
<dcc>on</dcc>
<directconnect>on</directconnect>
<directfileexpress>on</directfileexpress>
<edonkey2000>on</edonkey2000>
<fasttrack>on</fasttrack>
<gnutella>on</gnutella>
<grouper>on</grouper>
<hotcomm>on</hotcomm>
<hotlineconnect>on</hotlineconnect>
<imesh>on</imesh>
<napster>on</napster>
<opennap>on</opennap>
<scour>on</scour>
<shareaza>on</shareaza>
<songspy>on</songspy>
<winmx>on</winmx>
</step5>
<step7>
<msrdp/>
<vnc/>
<appleremotedesktop/>
<pcanywhere/>
<irc/>
<jabber/>
<icq/>
<aolinstantmessenger/>
<msnmessenger/>
<teamspeak/>
<pptp/>
<ipsec/>
<streamingmp3/>
<rtsp/>
<http/>
<smtp/>
<pop3/>
<imap/>
<lotusnotes/>
<dns/>
<icmp/>
<smb/>
<snmp/>
<mysqlserver/>
<nntp/>
<cvsup/>
</step7>
</ezshaper>
<shaper>
<schedulertype>hfsc</schedulertype>
<queue>
<name>qwanRoot</name>
<associatedrule>0</associatedrule>
<priority>0</priority>
<parentqueue>on</parentqueue>
<bandwidth>100000</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
</queue>
<queue>
<name>qlanRoot</name>
<associatedrule>0</associatedrule>
<priority>0</priority>
<parentqueue>on</parentqueue>
<bandwidth>100000</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
</queue>
<queue>
<name>qwandef</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<priority>1</priority>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qlandef</name>
<priority>1</priority>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qwanacks</name>
<ack/>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>10%</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qlanacks</name>
<ack/>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>10%</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>128Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>128Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qPenaltyUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>2</priority>
<red>on</red>
<ecn>on</ecn>
<upperlimit>on</upperlimit>
<upperlimit3>356Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qPenaltyDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>2</priority>
<red>on</red>
<ecn>on</ecn>
<upperlimit>on</upperlimit>
<upperlimit3>356Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qP2PUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>1</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<upperlimit>on</upperlimit>
<upperlimit3>20Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qP2PDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>1</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<upperlimit>on</upperlimit>
<upperlimit3>20Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<descr>Penalty IP</descr>
<inqueue>qPenaltyUp</inqueue>
<outqueue>qPenaltyDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<address>mischeif</address>
</destination>
</rule>
<rule>
<descr>Penalty IP</descr>
<inqueue>qPenaltyDown</inqueue>
<outqueue>qPenaltyUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<address>mischeif</address>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>5500-5503</port>
</destination>
<descr>m_P2P HotlineConnect inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>4329-4329</port>
</destination>
<descr>m_P2P iMesh outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>4329-4329</port>
</destination>
<descr>m_P2P iMesh inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6699-6701</port>
</destination>
<descr>m_P2P Napster outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5500-5503</port>
</destination>
<descr>m_P2P HotlineConnect outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>8038-8039</port>
</destination>
<descr>m_P2P grouper inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>8038-8039</port>
</destination>
<descr>m_P2P grouper outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6699-6701</port>
</destination>
<descr>m_P2P Napster inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>28864-28865</port>
</destination>
<descr>m_P2P hotComm outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>28864-28865</port>
</destination>
<descr>m_P2P hotComm inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>8311-8311</port>
</destination>
<descr>m_P2P Scour outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5190-5190</port>
</destination>
<descr>m_P2P SongSpy outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>5190-5190</port>
</destination>
<descr>m_P2P SongSpy inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6699-6699</port>
</destination>
<descr>m_P2P WinMX outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6699-6699</port>
</destination>
<descr>m_P2P WinMX inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6346-6346</port>
</destination>
<descr>m_P2P Shareaza inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6346-6346</port>
</destination>
<descr>m_P2P Shareaza outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>8888-8889</port>
</destination>
<descr>m_P2P OpenNap inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6346-6346</port>
</destination>
<descr>m_P2P Gnutella-UDP inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>8311-8311</port>
</destination>
<descr>m_P2P Scour inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>8888-8889</port>
</destination>
<descr>m_P2P OpenNap outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>4661-4665</port>
</destination>
<descr>m_P2P EDonkey2000 inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6881-6999</port>
</destination>
<descr>m_P2P BitTorrent inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>7788-7788</port>
</destination>
<descr>m_P2P BuddyShare outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>7788-7788</port>
</destination>
<descr>m_P2P BuddyShare inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>2340-2340</port>
</destination>
<descr>m_P2P CuteMX outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6881-6999</port>
</destination>
<descr>m_P2P BitTorrent outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6881-6999</port>
</destination>
<descr>m_P2P BitTorrent inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>7668-7668</port>
</destination>
<descr>m_P2P Aimster outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>7668-7668</port>
</destination>
<descr>m_P2P Aimster inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6881-6999</port>
</destination>
<descr>m_P2P BitTorrent outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>2340-2340</port>
</destination>
<descr>m_P2P CuteMX inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6666-6668</port>
</destination>
<descr>m_P2P dcc outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>4661-4665</port>
</destination>
<descr>m_P2P EDonkey2000 outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6346-6346</port>
</destination>
<descr>m_P2P Gnutella-TCP outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6346-6346</port>
</destination>
<descr>m_P2P Gnutella-TCP inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>1044-1045</port>
</destination>
<descr>m_P2P DirectFileExpress inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>1044-1045</port>
</destination>
<descr>m_P2P DirectFileExpress outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>6666-6668</port>
</destination>
<descr>m_P2P dcc inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>412-412</port>
</destination>
<descr>m_P2P DirectConnect outbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>412-412</port>
</destination>
<descr>m_P2P DirectConnect inbound</descr>
<protocol>tcp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>6346-6346</port>
</destination>
<descr>m_P2P Gnutella-UDP outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>p2pCatchAll outbound</descr>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
</destination>
<descr>p2pCatchAll inbound</descr>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>p2pCatchAll outbound</descr>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
</destination>
<descr>p2pCatchAll inbound</descr>
</rule>
</shaper>
</pfsense>
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
