Recently I tightened up my firewall rules. A while back I got hold of a Watchguard T10, nice piece of kit for the home. Turned the wifi off, as already had some Ubiquiti kit in, and that knocks the socks off in-built router wifi, as you might expect.
With the aforesaid tightening, I expected a few teething troubles, but some have manifested in curious ways. Watchguards are good in that they are set up to default block everything incoming but also outgoing - if it doesn't use a common port (i.e. less than 1023), then it will default block outbound traffic.
Examining the logs, I found that some traffic was being blocked by the HTTP Proxy - although the traffic was going out on port 80, it was being denied with the reason: "Body content type match". A bit of research into the error found that the WG was blocking the traffic due to a strange (i.e. whichever game was trying to update) executable dialling out. This is desirable behaviour, clearly, as you don't want some sneaky virus exe dialling home to start cryptolocking all the things. That said, it took a bit of sorting out, so figured I'd write it up for the other 2 people in the world who run home T10s and play steam games.
Firstly, here are the steam ports:
TCP: 27015 - 27030
UDP: 4830, 27000 - 27030
For completeness, here's Valve's IP address space pulled from ARIN:
162.254.192.0/22
192.69.96.0/22
205.196.6.0/24
208.64.200.0/22
208.78.164.0/22
2620:f9::/44
For completeness, here's Valve's IP address space pulled from ARIN:
162.254.192.0/22
192.69.96.0/22
205.196.6.0/24
208.64.200.0/22
208.78.164.0/22
2620:f9::/44
How to fix the HTTP proxy issue:
- Check the policy properties to see which proxy/content action the policy is using, likely to be HTTP-Client.Standard.
- Go into Setup | Actions | Proxies
- Scroll down the list until you see the proxy action you're interested in.
- Edit, and select 'Body Content Types' from the menu on the left.
- Highlight Windows EXE/DLL and ensure that 'If matched' picklist doesn't say 'Deny', 'Drop', or 'Block'. I've chosen AV scan, as I have an active subscription on the T10, but you can also choose 'Allow'.
- OK out and save the config back.
- Enjoy correctly updating Steam games.
Whilst I'm on it as well, here's the (full) list of ports required by Rainbox Six Siege, as the Ubi support pages don't appear to have a complete list:
TCP : 13000, 13005, 13200, 14000, 14001, 14008, 14020, 14021, 14022, 14023, 14024
UDP : 2070, 3075, 3478, 6015, 6019, 6020, 6021, 6250, 6085, 30000, 30100, 30200
No comments:
Post a Comment