Steam client difficulty connecting behind pfSense 2.0 release

tekkon

My steam client on windows is finding it difficult to connect on the steam network. WAN on pfSense 2.0 is configured as pppoe and connects via an adsl modem in bridge mode.
By difficult I mean that sometimes I can connect to steam but most of the time i can't connect when behind pfSense. I can connect to steam without issues if I connect my PC directly to the modem, by-passing pfSense.

I've tried the following to solve the problem but so far none worked:

Switched to Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) with static ports enabled.
Turning off UPnP.
Setting rules on inbound and outbound for TCP (27014:27050) and UDP (3478, 4379, 4380, 27000:27030).
Tried MTU settings for WAN with 1500, 1492 and 1464.

Bellow is a sceenshot of a wireshark capture during when steam client failed to connect 4 times:

Unfortunately I can't really understand what is going wrong here. I checked the firewall logs but didn't find the steam ports mentioned above being blocked.

Sleeps

To get Steam to work I created Firewall rules and forgot about MON.  I also used an additional port 27015.

Sleeps

tekkon

Hi Sleeps,

I read you older theard from http://forum.pfsense.org/index.php/topic,32798.0.html and I've added TCP/UDP 27015 to the firewall rule. It too didn't worked.

Finally I set from any ip, any port to any port on my lan ip. The practically removes me from the firewall protection right?
However, I still can't get steam to connect.

I believe this has little to do with the firewall now.

I did another screen capture from Wireshark packet analyzer. It still shows Steam unable to send or receive TCP PSH packets, similiar to my previous screen capture a day ago.

How else can pfSense be preventing the Steam Client from sending and recieving TCP PSH packets?

Sleeps

@tekkon:

Hi Sleeps,

I read you older theard from http://forum.pfsense.org/index.php/topic,32798.0.html and I've added TCP/UDP 27015 to the firewall rule. It too didn't worked.

Finally I set from any ip, any port to any port on my lan ip. The practically removes me from the firewall protection right?
However, I still can't get steam to connect.

I believe this has little to do with the firewall now.

I did another screen capture from Wireshark packet analyzer. It still shows Steam unable to send or receive TCP PHS packets, similiar to my previous screen capture a day ago.

How else can pfSense be preventing the Steam Client from sending and recieving TCP PHS packets?

I've got my IPTV and steam connected to the same VLAN.  I disabled port 53 (DNS) rule and unable to download updates when re-enabled downloads resume's, so add a DNS rule. These rules should be entered into the corresponding interface and not in the WAN.

Sleeps

xtropx

Where are you in your screenshots? Are you on the LAN interface or the WAN interface?

Sleeps

@xtropx:

Where are you in your screenshots? Are you on the LAN interface or the WAN interface?

Rules are on the LAN (IPTV Vlan). Diagram below

Proto      Source    Port    Dst        Port 
UDP        IPTV        *      DNS        53
*            "            *        Lan add  *
TCP        "            *      *            web ports
TCP        "            *      *            Steam Clients
UDP        "            *      *            Steam Client UDP
TCP/UDP  "            *        *            Steam server
*            "            *        *            * (Rule left open for torrent)

Hope this helps

Sleeps

xtropx

Well from what I can see, and maybe I am wrong, your "test all" rule has the wrong source (if that screenshot is on the LAN interface, as you say). You have to think about it like where the packets originate is your "source." So maybe you could try switching your destination and source IP address around there and see if that works.

tekkon

xtropx: The rules screenshot was from my WAN interface. On the LAN interface I have from "Lan net" at "any port" to "any ip" at "any port" opened for LAN traffice to get out.

Sleeps: Steam is on the same subnet as every device on the LAN interface and dns is working.

I suspect it's the TCP push packets being dropped. I have to find out where.

Sleeps

@tekkon:

xtropx: The rules screenshot was from my WAN interface. On the LAN interface I have from "Lan net" at "any port" to "any ip" at "any port" opened for LAN traffice to get out.

Sleeps: Steam is on the same subnet as every device on the LAN interface and dns is working.

I suspect it's the TCP push packets being dropped. I have to find out where.

Enter the rules into the LAN and remove LAN net from the destination field and replace it with any.

Sleeps

tekkon

Because of Steam Client's inconsistency at connecting to it's servers, I had took a long time tracking down the culprit.

Until one of the computers on the LAN went offline. It was apperently running utorrent.
Even though it wasn't using bandwidth heavily, it might somehow intefrere with Steam's ability to connect.

I'm not entirely sure yet, even though I was able to connect to Steam 2 times now after that PC with utorrent went down.
I'll post back after I further succeed at connecting on Steam.