pfSense and Steam

[auswipe]

I just setup a pfSense 1.2.2 box and am having troubles getting Steam up and running behind it.

I've Googled and found the ports that Steam wants to be open and I've enabled those ports on the firewall (no NAT setup, though) and still have not found any joy.

Anybody else with a pfSense box that has gotten Steam up and running? If so, what _exact_ steps did you take? I assuming that I've looked over something minor but want to compare notes.

Thanks!

 

[Dawizman]

Could you post a screenshot of your firewall rules? And you say you've disabled NAT? If so, what steps did you take to do so.

 

[Grentz]

Make sure AON is turned on with static ports.

http://doc.pfsense.org/index.php/Static_Port

pfsense is the only main distro that comes with source port rewritting enabled, no idea why they do it cause it causes a ton of issues for a lot of people.

 

[auswipe]

Here are my current settings as of right now:

And it is still no joy for me.

 

[auswipe]

Could you post a screenshot of your firewall rules? And you say you've disabled NAT? If so, what steps did you take to do so.

What I mean to communicate was that I did not have any NAT rules setup for the Steam TCP/UDP ports.

 

[JTY]

What part of Steam are you having problems with? I'm using Steam, and pfSense without any problems, and without any ports forwarded.

 

[auswipe]

Logging in is my problem.

I specify user account and password and get this:

There is just enough network communication (that I've seen with wireshark) that Steam knows it can contact something and doesn't offer to go into Offline mode.

If I bypass the pfSense box and plug directly into my FiOS router, I'm good to go.

I've had this problem for years with my old FreeBSD IPF firewall and figured it was just something that I botched up but now I don't think that anymore since I'm having the exact same problem with the pfSense box.

To enable offline mode, I have to plug into my FiOS router, login into Steam, and then select Offline mode. Very irritating and due to this problem I didnt' play any Valve games for years.

With my new i7 920 build I wanted to catch up and did so but this problem is still irritating as Hell and I'd like to get it settled once and for all.

 

[auswipe]

Here is a further example of what I am seeing.

I blew away the ClientRegistry.blob file and Steam will update itself just fine. But I still can't log in behind the pfSense box. Go around the pfSense box and I'm golden.

*sigh*

 

[Grentz]

This is really weird, as I am using pfsense as well, and have nothing setup special for steam. Works fine too.

 

[auswipe]

Damn all you people for having systems that work as planned!

I'm wondering if it has something to do with my D-Link DI-604 and my pfSense box (and previous FreeBSD ipf firewall which was completely different hardware)?

My neighborhood was the second neighborhood in Texas to get FiOS so I have an old DLink DI-604 router that does the PPoE stuff as well as the router for the extra coax boxes for VoD and that kind of stuff (I understand that the new installations of FiOS are not PPoE and have an all-in-all router with coax connections and not the seperate RJ45/Coax like my house has).

I have the DMZ zone for the DLink set to 192.168.0.104 which is the external WAN connection for pfSense. I wonder if something is getting garbled there?

I could hook up the pfSense directly to the inbound FiOS RJ45 and enable PPoE and see if I still have the problem.

 

[auswipe]

Ok. The problem lies between the DLink DI-604 and the pfSense box.

When I connected the FiOS RJ45 directly into the pfSense box and setup the WAN with PPPoE credentials I was able to fire up Steam normally.

I even blew away the firewall rules I had created and went back to the stock NAT settings and Steam still fired up.

Now I know what the problem is and now I can solve it once and for all. I need the DI-604 right now for VoD/TV schedules, etc right now but I can put another NIC into the pfSense box and hook up all the FiOS stuff to the new NIC.

I wonder if I can direct connect or will I have to put a hub/switch between the extra FiOS cable box? Hopefully it'll directly hook-up.

Thanks, everybody!

 

[Dawizman]

Ahh. Double NAT does odd things sometimes. Glad you got it figured out.

 

[auswipe]

Since I was using the option of DMZ Host the keyword of NAT wasn't triggered in my brain.

Yeah, double NAT'ing can do some strange stuff.

 

[auswipe]

Just wanted to follow up with my problem just in case somebody else ever has a similar problem.

I eliminated the DLink DI-604 by adding in another 100 Mbit/s NIC (that I got at Fry's today for a whoppin' $1.90. Sure, it's a cheap Airlink Realtek rl0 but it'll never see the high side of 15 Mbit/s max) and added that as OPT1 on the pfSense box.

I made pfSense WAN the PPPoE client and setup OPT1 (which I renamed to FIOSTV) and enabled FIOSTV, setup dhcpd and put a switch between the new NIC and the FiOS TV equipment (in afterthought, I should have picked up a cross over cable. I'll do that later).

I can now access Steam just fine and am now currently literally burning all my downlink bandwidth (15 Mbit/s) pulling down Unreal Tournament III and Bioshock. Web browsing is slow right now. I need more bandwidth! Need to call Verizon and have it bumped up to 20 Mbit/s (I've heard that if you purchased the 15 MBit/s package back in the day that you can get bumped up to 20 Mbit/s if you call. I've just been a slackard).

So all in all, I am very happy with the pfSense box.

I am now planning on building another one to put at my Father's house which is all of three miles away (also with FiOS but at only 15/2 service) and create a VPN and push my nightly backups to his place for offsite backup storage.