Rather than looking at a tcpdump of packets that make it through, try looking at blocked packets instead. Add 'log' to any block rules and try 'tcpdump -netttipflog0'.
Walt Elam <wre...@gmail.com> wrote: >One more update: > >I opened up the tcpdump traffic in Wireshark and it appears that the >Xbox >is failing on Kerberos. I see an AS_REQ, then AS_REP, then the traffic >alternates between TGS_REQ and TGS_REP then fails. It seems like the >xbox >is failing to successfully get the ticket from the TGS. > >Are there special rules I need in order to ensure Kerberos works >properly? > >-Walt > > >On Fri, Dec 6, 2013 at 4:13 PM, Walt Elam <wre...@gmail.com> wrote: > >> Thanks Teemu, I gave some similar rules a shot but was unable to get >it >> working. >> >> I'm still tweaking things and trying them, I'll update if I get it >figured >> out. >> >> Thanks, >> >> -Walt >> >> >> On Thu, Dec 5, 2013 at 4:47 AM, Teemu Rinta-aho ><te...@rinta-aho.org>wrote: >> >>> On 5.12.2013 3:16, Walt Elam wrote: >>> >>>> I need to forward ports 88 (UDP), 3074 (UDP/TCP), 53 (UDP,TCP), and >80 >>>> (TCP) to the xbox360. This seems simple enough but I have been >>>> unsuccessful. >>>> >>> >>> Hi Walt, >>> >>> I don't do exactly the same, but almost. Check out my pf.conf at >>> >>> http://www.rinta-aho.org/blog/?p=364 >>> >>> There you can see that I forward certain ports to machine named >"core7". >>> >>> I also use 3 separate VLANs to the cable modem to get 3 (out of 5 >that >>> I pay for) different IP addresses from the ISP. 1 is mapped to PS3, >one >>> to a PC "core7", and the rest share the third IP address. So, there >>> is some extra complexity in my pf.conf. >>> >>> Hope it helps. >>> >>> Teemu >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>