Steam "Steamworks" P2P networked games issue

yngndrw · August 17, 2014, 3:54pm

Hello,

I have connectivity issues with Steamworks P2P networked games. I can connect to and host servers for normal steam games using conventional port forwarding. (DestNAT rules)

I’m using a MikroTik RB2011UiAS-RM router (v3.09) and have even tried forwarding the outbound Steamworks ports listed here:
https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711

Using Wireshark, it looks like my router is filtering out the STUN responses. I have tried removing the router altogether and using the Windows PPPoE client which worked perfectly fine.

I have used a STUN client tool to test connectivity and here are my findings:
stunserver.org:3478
http://www.codeproject.com/Articles/18492/STUN-Client
No Router, Windows Firewall - PortRestrictedCone
No Router, No Windows Firewall - FullCone
Router, Windows Firewall - PortRestrictedCone
Router, No Windows Firewall - PortRestrictedCone

Is there anything that I can to do help find the cause of this issue ?

Here is my current Router configuration in case this helps: (192.168.88.235 is a web-server on my network, 192.168.88.253 is my PC, pppoe_client-wan is the router’s PPP client and bridge-local is a bridge for all LAN ports)

aug/17/2014 15:46:18 by RouterOS 6.12

software id = BGXD-6S0Q

/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add chain=input comment=“WinBox Wan Administration” dst-port=8291 in-interface=pppoe_client-wan protocol=tcp
add chain=input comment=“HTTP WAN Admin” dst-port=8080 in-interface=pppoe_client-wan protocol=tcp
add action=drop chain=input comment=“default configuration” in-interface=pppoe_client-wan
add chain=forward comment=“default configuration” connection-state=established
add chain=forward comment=“default configuration” connection-state=related
add chain=forward comment=“Steam (UDP)” dst-port=3478,4379-4380,27000-27050,28960 protocol=udp
add chain=forward comment=“Steam (TCP)” dst-port=27000-27050,28960 protocol=tcp
add action=drop chain=forward comment=“default configuration” connection-state=invalid
/ip firewall mangle
add action=log chain=prerouting disabled=yes dst-port=3478,4379,4380 protocol=udp
add action=log chain=postrouting disabled=yes dst-port=3478,4379,4380 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” out-interface=pppoe_client-wan to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=“Redirect Local Web Admin ([Local]:80 → [Local]:8080)” dst-address=192.168.88.1 dst-port=80 in-interface=bridge-local protocol=tcp to-addresses=192.168.88.1
to-ports=8080
add action=dst-nat chain=dstnat comment=“HTTP Web Server” dst-port=80 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=80
add action=dst-nat chain=dstnat comment=“HTTPS Web Server” dst-port=443 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=443
add action=dst-nat chain=dstnat comment=“Remote Desktop Port Forward” dst-port=3389 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=3389
add action=dst-nat chain=dstnat comment=“Starbound Port Forward” dst-port=21025 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=21025
add action=dst-nat chain=dstnat comment=“Teamspeak Port Forward (UDP)” dst-port=9987 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=9987
add action=dst-nat chain=dstnat comment=“Teamspeak Port Forward (TCP)” dst-port=10011 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=10011
add action=dst-nat chain=dstnat comment=“Teamspeak Port Forward (TCP)” dst-port=30033 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=30033
add action=dst-nat chain=dstnat comment=“BitTorrent Port Forward (UDP)” dst-port=58541 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=58541
add action=dst-nat chain=dstnat comment=“BitTorrent Port Forward (TCP)” dst-port=58541 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=58541
add action=dst-nat chain=dstnat comment=“BitTorrent Sync Port Forward (UDP)” dst-port=12662 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=12662
add action=dst-nat chain=dstnat comment=“BitTorrent Sync Port Forward (TCP)” dst-port=12662 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=12662
add action=dst-nat chain=dstnat comment=“XCom Port Forward (TCP)” dst-port=3074 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.253 to-ports=3074
add action=dst-nat chain=dstnat comment=“XCom Port Forward (UDP)” dst-port=3074 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=3074
add action=dst-nat chain=dstnat comment=“Steam (UDP)” dst-port=3478 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=3478
add action=dst-nat chain=dstnat comment=“Steam (UDP)” dst-port=4379 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=4379
add action=dst-nat chain=dstnat comment=“Steam (UDP)” dst-port=4380 in-interface=pppoe_client-wan protocol=udp to-addresses=192.168.88.253 to-ports=4380

I have also tried adding a “DMZ” rule after the NAT masquerade line but this had no effect:
add action=dst-nat chain=dstnat comment=DMZ in-interface=pppoe_client-wan to-addresses=192.168.88.253

The games I’ve been trying to play are XCom and The Red Solstice.

Thanks,
-Andrew.

Kickoleg · August 17, 2014, 5:34pm

Try at dstnat add dst.address=your_ip_from_isp for all rules …

yngndrw · August 17, 2014, 5:49pm

I tried it with and without the in interface, but had no luck:

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe_client-wan to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=DMZ disabled=yes in-interface=pppoe_client-wan to-addresses=192.168.88.253
add action=dst-nat chain=dstnat comment="Redirect Local Web Admin ([Local]:80 -> [Local]:8080)" dst-address=192.168.88.1 dst-port=80 in-interface=bridge-local protocol=tcp to-addresses=192.168.88.1
    to-ports=8080
add action=dst-nat chain=dstnat comment="HTTP Web Server" dst-port=80 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=80
add action=dst-nat chain=dstnat comment="HTTPS Web Server" dst-port=443 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=443
add action=dst-nat chain=dstnat comment="Remote Desktop Port Forward" dst-port=3389 in-interface=pppoe_client-wan protocol=tcp to-addresses=192.168.88.235 to-ports=3389
add action=dst-nat chain=dstnat comment="Starbound Port Forward" dst-address=83.217.168.87 dst-port=21025 protocol=tcp to-addresses=192.168.88.253 to-ports=21025
add action=dst-nat chain=dstnat comment="Teamspeak Port Forward (UDP)" dst-address=83.217.168.87 dst-port=9987 protocol=udp to-addresses=192.168.88.253 to-ports=9987
add action=dst-nat chain=dstnat comment="Teamspeak Port Forward (TCP)" dst-address=83.217.168.87 dst-port=10011 protocol=tcp to-addresses=192.168.88.253 to-ports=10011
add action=dst-nat chain=dstnat comment="Teamspeak Port Forward (TCP)" dst-address=83.217.168.87 dst-port=30033 protocol=tcp to-addresses=192.168.88.253 to-ports=30033
add action=dst-nat chain=dstnat comment="BitTorrent Port Forward (UDP)" dst-address=83.217.168.87 dst-port=58541 protocol=udp to-addresses=192.168.88.253 to-ports=58541
add action=dst-nat chain=dstnat comment="BitTorrent Port Forward (TCP)" dst-address=83.217.168.87 dst-port=58541 protocol=tcp to-addresses=192.168.88.253 to-ports=58541
add action=dst-nat chain=dstnat comment="BitTorrent Sync Port Forward (UDP)" dst-address=83.217.168.87 dst-port=12662 protocol=udp to-addresses=192.168.88.253 to-ports=12662
add action=dst-nat chain=dstnat comment="BitTorrent Sync Port Forward (TCP)" dst-address=83.217.168.87 dst-port=12662 protocol=tcp to-addresses=192.168.88.253 to-ports=12662
add action=dst-nat chain=dstnat comment="XCom Port Forward (TCP)" dst-address=83.217.168.87 dst-port=3074 protocol=tcp to-addresses=192.168.88.253 to-ports=3074
add action=dst-nat chain=dstnat comment="XCom Port Forward (UDP)" dst-address=83.217.168.87 dst-port=3074 protocol=udp to-addresses=192.168.88.253 to-ports=3074
add action=dst-nat chain=dstnat comment="Steam (UDP)" dst-address=83.217.168.87 dst-port=3478 protocol=udp to-addresses=192.168.88.253 to-ports=3478
add action=dst-nat chain=dstnat comment="Steam (UDP)" dst-address=83.217.168.87 dst-port=4379 protocol=udp to-addresses=192.168.88.253 to-ports=4379
add action=dst-nat chain=dstnat comment="Steam (UDP)" dst-address=83.217.168.87 dst-port=4380 protocol=udp to-addresses=192.168.88.253 to-ports=4380

Also is there any way of neatening the IP addresses ? I could use an address list for the dest address but what could I do for the to-address ? (I’m using static leases on my DHCP server.)

Kickoleg · August 17, 2014, 6:14pm

try to disable all firewall filters rules …

Kickoleg · August 17, 2014, 6:24pm

yngndrw:

/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add chain=input comment=“WinBox Wan Administration” dst-port=8291 in-interface=pppoe_client-wan protocol=tcp
add chain=input comment=“HTTP WAN Admin” dst-port=8080 in-interface=pppoe_client-wan protocol=tcp
add action=drop chain=input comment=“default configuration” in-interface=pppoe_client-wan
add chain=forward comment=“default configuration” connection-state=established
add chain=forward comment=“default configuration” connection-state=related
add chain=forward comment=“Steam (UDP)” dst-port=3478,4379-4380,27000-27050,28960 protocol=udp
add chain=forward comment=“Steam (TCP)” dst-port=27000-27050,28960 protocol=tcp
add action=drop chain=forward comment=“default configuration” connection-state=invalid

where is action= ??? action=accept

add action=drop chain=input comment=“default configuration” in-interface=pppoe_client-wan → ??? blocked all from pppoe ?

yngndrw · August 17, 2014, 6:44pm

I just tried disabling all filter rules but had no luck. I also tried just disabling the drop filters.

That block rule is just for the input chain so that should block connections to the router if they aren’t explicitly allowed by the management rules above, or at least that’s how I understand it. Tried disabling it anyhow but it didn’t help.

The lack of action=accept is just down to the export command. In Winbox they are all set as accept. I assume accept is just the default action.

I also tried setting up 1:1 NAT but still had no luck in-game with the following at the top:
/ip firewall nat
add chain=dstnat dst-address=83.217.168.87 action=netmap to-addresses=192.168.88.253
add chain=srcnat src-address=192.168.88.253 action=netmap to-addresses=83.217.168.87

From some other threads it sounds like the issue people are having with SIP, only I don’t think I can use the SIP helper to resolve this.

Kickoleg · August 17, 2014, 6:51pm

… hmmm … try to disable sip-helper … ip firewall service port … but remember for working need reboot …

yngndrw · August 17, 2014, 7:10pm

I didn’t realise that it required rebooting after disabling service ports.

I’ve just tried that but sadly it didn’t resolve the issue.

yngndrw · October 25, 2014, 2:31pm

Still having these problems with the latest version.

I set a filter rule of accept for the forward chain and setup a dstnat rule with the dest address set to my public IP and the the action set to dst-nat with the to address set to my computer’s IP, but this didn’t help. In this configuration the nat engine should be forwarding everything my computer but clearly it isn’t working as it should.