IntroductionThe Xbox 360 configuration screen does not allow you to configure for a proxy. Hence if your organization uses a proxy server, you will not be able to connect to the Xbox Live Service (XBL). The solution illustrated here is for any organization that uses a web proxy server. You will need a Linux machine with iptables and possibly a squid caching service installed. The Linux environment used here is Ubuntu. BackgroundTo begin with, the Xbox Live uses the following port for communication:
Setup Method 1: Using 2 NICs and firestarter to configure iptablesOne PC with 2 network cards is required for setting it up as a router with built-in web proxy server (optional). One card connects to the organization network while the other connects to the XBox. All outbound connection to port 80 will be rerouted to the local web proxy for proceessing. By doing so, Xbox will not realize it is using a proxy. If your organization's web proxy server is a "transparent" proxy, you can just reroute all outbound port 80 connection to [proxy_server:port_number] using iptables or even a router! However, if the web proxy server is not configured to be "transparent", you'll need a install a transparent squid proxy server on the routing PC. Steps1. Install squid and firestarter. Firestarter is a GUI which automatically configures iptables for internet connection sharing. sudo apt-get install squid firestarter 2. Configure squid by modifying the file /etc/squid/squid.conf. Add the following: http_access allow all This is to enable access for everyone. Easy to debug if problem arises. However, you should tighten the access once everything is working. cache_peer [organization_proxy_address] parent [organization_proxy_port] 0 no-query no-digest never_direct allow all The 1st line tells squid to fetch web pages from the organization's proxy server. The 2nd line tells squid not to directly connect to the requested web site, but rather to always fetch it from the proxy server(s) specified in cache_peer. http_port [local_PC_addresss]:3128 transparent This tells squid to behave like a transparent proxy server listening on port 3128. This is for squid version 2.6 and above. If you are using older version, then you'll need to use the configuration below: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on 3. Restart squid server and test it with a browser. Change your browser's proxy server to point to the newly set up proxy. Surf some web. If it's not working, then check if there's any firewall blocking the ports. sudo /etc/init.d/squid restart 4. Once squid installation completes, it's time to set up internet connection sharing with NAT port redirection. In Ubuntu desktop, execute Firestarter and start the firewall. Under the policy settings, allow services for port 1-65535 for LAN. Also, redirect all Xbox services (ports) to the Xbox's IP address. 5. Then add the following iptables rules to /etc/firestarter/user-post: $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 This assumes the Ubuntu machine is 192.168.0.1 with squid listening on 3128. 6. In your Xbox, configure the network:
Debugging1. To check the content of iptables NAT table, execute: sudo iptables -t nat -S 2. There are cases where squid server doesn't run properly after PC restart. Then, a squid restart is required. The problem is that squid loads nameservers through resolv.conf and the NetworkManager re-create resolv.conf during each PC restart. To fix this, append the following line to squid.conf. dns_nameservers [nameserver1] [nameserver2] [...] Tweaking
Setup Method 2: Using Virtual NIC eth0:1 and raw iptablesThis method is for you if you:
In this scenario, you have eth0 as internet gateway to the Internet (IP assigned by your organisation) , eth0:1 as the Ubuntu server router (192.168.0.1) to the private network and the XBox as 192.168.0.2. Please install squid following Setup Method 2 first. To set up a virtual network interface, add the following to /etc/network/interfaces: auto eth0:1 iface eth0:1 inet static address 192.168.0.1 netmask 255.255.255.0 Then for iptables, run the following in sudo: sudo iptables -A FORWARD -o eth0 -i eth0 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -t nat -j MASQUERADE sudo iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 This shall forward all traffics from 192.168.0.0/24 to the WAN. Then the last line route all port 80 from the local network to the transparent squid proxy we set up earlier. Next is to redirect all XBox specific ports from the Internet to the XBox. sudo iptables -t nat -A PREROUTING -p tcp -i eth0 -d [internet interface address] --dport 3074 -j DNAT --to 192.168.0.2:3074 sudo iptables -A FORWARD -i eth0 -p tcp -d 192.168.0.2 --dport 3074 -j ACCEPT Repeat this for UDP port 3074. Next is to enable kernel ipv4 forwarding: sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" To make the setting stay after reboot, add the following to /etc/sysctl.conf: # for ubuntu < 10.04 net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 # for ubuntu > 10.04 net.ipv4.ip_forward=1 Then save the iptables: sudo iptables-save | sudo tee /etc/iptables.sav And add the following to /etc/rc.local before "exit 0": iptables-restore < /etc/iptables.savViSLAB transparent proxy network information is located here. |
Resources > System Administration >