OK, I'm NOT a networking expert...after all I'm a developer, so I can spell TCP/IP and have some vague notion that it helps my applications do stuff like talk to other computers. 

But necessity is the mother of invention; and what greater necessity than playing Halo 2 with my friends on XBox Live?  Yeah yeah I've written networking applications but WHERE'S THE PASSION in that??

Being just slightly paranoid, I run Microsoft ISA Server 2004 as my home firewall.  Kind of like using an M1 Abrams 120mm cannon to drive nails...but hey, I get it free!

Well XBox Live isn't exactly on the ISA Server's list of use cases, so no luck getting Live FAQ's on our own site.

I went to an excellent site, www.isaserver.org, and found a great quick-fix:  http://www.isaserver.org/tutorials/xboxlive.html

BUT it doesn't work for Halo 2, which uses a plethora of ports besides those needed for straight Live connectivity.  Not sure what other games use--though I have played Unreal, Mech, and Gotham without extra work.

Turns out Halo 2 needs some massaging.

Remember the M1 Abrams 120mm cannon?  Well it's a favorite of mine, too.  I'm all for subtlety and elegance in code, but when it comes to getting Halo 2 working I bust out the big guns and let'em rip.  I tried at first to be selective with port openings, clever with secondary connections, etc., etc.  But after hours of frustration and not playing I just got medieval, opening everything in sight.

Here's how I've got Halo 2 working on my ISA 2004 box.  I've got a single external IP courtesy of my cable company.  ISA has 2 NIC's, one external one internal.  I'm using ISA to do NAT, so my internal is one of the non-routable subnets--10.*.*.*

Firewall Policies on ISA 2004 for XBox Live and Halo 2:

  1. Policy "XBoxLiveServer": (this is a server publishing rule)
    1. Protocol "XBoxLive3":  2000-19900 UDP Receive, 20001-65000 UDP Receive
  2. Policy "XBoxLive": (regular access rule)
    1. Protocol "XBoxLive1": 3074 UDP SendReceive
    2. Protocol "XBoxLive2":  3074 TCP Outbound
    3. Protocol "XBoxLive4":  16000-19900 TCP Outbound, 1000-2000 UDP Send, 20001-65000 UDP Send
  3. Other regular access rules:
    1. Kerberos-Sec:  88 UDP SendReceive
    2. DNS:  53 TCP Outbound, 53 UDP SendReceive

Right.  So now it's working, MOSTLY.

I am still unable to connect to my buddy J Sawyer who's also paranoid and using ISA 2004, because ISA uses "strict NAT"; its port assignment policy is, according to the Live help site, "aggressive". 

Can anyone explain what "strict NAT" means? 

Anyway I'm sure this setup is far from optimal, but it works.  When I attempted to decrease the number of open ports, I was surprised to find that Halo 2 seems to use a different set every time I reboot my box.  My initial set was smaller and worked, so I played all night.  But the next night it quit, and when I monitored dropped packets lo and behold, they were on different ports!

This is very different than during the Beta--I think the gods at Bungie did a LOT of work on the networking layer between then and now.  It really shows--it is so polished and lag-free for the most part that I'm happy to spend effort getting it working.

So How's Halo 2?

Brilliant, excellent, engrossing, gorgeous, and fun too.  I've mostly played online but I'm loving the single player too.  I hope more game makers understand the triumph of Halo and Half-Life is NOT how pretty they are--that's nice--but that they are STORIES.  Halo feels like you're the protagonist of a really inventive sci-fi novel.

I won't be surprised if awesome authors like Gregory Benford, Greg Bear, Stephen Baxter, Eric Nyland, and others start working with game studios to define their plot, back-story, etc. just as actors are keen to get video game gigs now.