Remove SPI firewall in router RB450G

RomanAlvarado · March 26, 2014, 2:35pm

I have to disable the SPI firewall in the RB450G
How I can do this?

the xbox 360 has incompatibility with SPI Firewall of mikrotik

other routers work well removing the firewall

I need to know how to completely disable the SPI firewall

rickfrey · March 27, 2014, 4:20pm

Goto IP → Firewall and select the Filters tab. Then highlight all of the rules and remove them.

sashavl · March 27, 2014, 8:44pm

No, that’s bad solution. Add new rule with dst-address of xbox and action accept, and put that rule first.

efaden · March 27, 2014, 9:41pm

I have an Xbox working just fine with the firewall. Post your export.

Sent from my SCH-I545 using Tapatalk

RomanAlvarado · March 27, 2014, 10:02pm

the mikrotik has an internal SPI firewall, always works through an internal firewall

I what I want is to disable the SPI firewall router

other routers is possible to disable the firewall

into the mikrotik is not possible to disable it?

need an update for customers who want to disable the internal firewall mikrotik

Xbox 360 does not support mandatory routers that work through a firewall

efaden · March 27, 2014, 10:30pm

You can’t fully disable it. But like I said… I have configured tons of them and have never had a problem if configured properly with XBox 360 or XBox One.

ditonet · March 27, 2014, 10:41pm

I never noticed any problem with my Xbox.
Firewall is enabled and everything works fine.
Remember to enable and configure UPnP.

Regards,

RomanAlvarado · March 28, 2014, 12:54am

UPNP does not work for xbox 360

UPNP only open UDP port 3074
but the xbox 360 also requires ports

3074 tcp, 88 udp, 53 tcp / udp, 80 tcp

RomanAlvarado · March 28, 2014, 1:00am

routers running firewall are not compatible with the xbox 360 or the xbox one

will give open nat but does not work correctly, microsoft recommends disabling firewall

as it might not be possible to completely disable the firewall?

I think this is a mistake

option is necessary to completely disable the firewall for those who want to turn it off

jarda · March 28, 2014, 5:40am

What is so important on xbox that justifies disabling firewall (or just forwarding above written ports)?

Sent from Android by Tapatalk.

RomanAlvarado · March 28, 2014, 8:19am

to host online multiplayer on xbox 360

I have 100 megs FTTH

and play online with Mikrotik never am Host

but with the router that gives me my internet provider I’m almost always the host

because the router can disable the firewall

have much experience in multiplayer on xbox live

from 2005 to xbox live game online

and I said so this works on xbox 360

the router with internal firewall to eliminate impossible not work well on xbox 360

if you work through a firewall lose priority for host in multiplayer games

You can check this in the game gears of war 2

jadiaz · April 11, 2014, 7:55pm

EFADEN

I’ve got the following and still manage to get NAT Type: Strict. I’ve set up a src-address-list because I have both the XBox 360 and the One on the same network. I wonder if setting up a VLan with less strict ruleset would be better?

FILTER

 0   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=88

 1   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=500

 2   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=3544

 3   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=4500

 4   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=3074

 5   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=tcp src-address-list=game-console-addr dst-port=3074

NAT

0   ;;; NAT
     chain=srcnat action=masquerade out-interface=ether1-gateway

 1   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3074 protocol=udp in-interface=ether1-gateway dst-port=3074

 2   ;;; Xbox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3074 protocol=tcp in-interface=ether1-gateway dst-port=3074

 3   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=88 protocol=udp in-interface=ether1-gateway dst-port=88

 4   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=500 protocol=udp in-interface=ether1-gateway dst-port=500

 5   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3544 protocol=udp in-interface=ether1-gateway dst-port=3544

 6   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=4500 protocol=udp in-interface=ether1-gateway dst-port=4500

efaden · April 11, 2014, 8:59pm

jadiaz:

efaden:

RomanAlvarado:

the mikrotik has an internal SPI firewall, always works through an internal firewall

I what I want is to disable the SPI firewall router

other routers is possible to disable the firewall

into the mikrotik is not possible to disable it?

need an update for customers who want to disable the internal firewall mikrotik

Xbox 360 does not support mandatory routers that work through a firewall

You can’t fully disable it. But like I said… I have configured tons of them and have never had a problem if configured properly with XBox 360 or XBox One.

EFADEN

I’ve got the following and still manage to get NAT Type: Strict. I’ve set up a src-address-list because I have both the XBox 360 and the One on the same network. I wonder if setting up a VLan with less strict ruleset would be better?

FILTER
 0   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=88

 1   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=500

 2   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=3544

 3   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=4500

 4   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=udp src-address-list=game-console-addr dst-port=3074

 5   ;;; Allow XBOX Live
     chain=gaming action=accept protocol=tcp src-address-list=game-console-addr dst-port=3074
NAT
0   ;;; NAT
     chain=srcnat action=masquerade out-interface=ether1-gateway

 1   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3074 protocol=udp in-interface=ether1-gateway dst-port=3074

 2   ;;; Xbox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3074 protocol=tcp in-interface=ether1-gateway dst-port=3074

 3   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=88 protocol=udp in-interface=ether1-gateway dst-port=88

 4   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=500 protocol=udp in-interface=ether1-gateway dst-port=500

 5   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=3544 protocol=udp in-interface=ether1-gateway dst-port=3544

 6   ;;; XBox Live
     chain=dstnat action=dst-nat to-addresses=192.168.88.232/30 to-ports=4500 protocol=udp in-interface=ether1-gateway dst-port=4500

Your trying to forward ONE incoming port to two different boxes. Thats your problem…

jadiaz · April 12, 2014, 5:19am

Understood. What would be a possible solution?

efaden · April 12, 2014, 11:54am

Upnp. Although I’m not sure that would work because of it requires specific ports your out of luck.

Sent from my SCH-I545 using Tapatalk