This topic has been locked
dotpk Jul 19, 2016 @ 12:21am
'Required Ports for Steam' clarification.
Hi all,

I have had some dialogue with Steam support about the 'Required Ports for Steam' guide at: https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711. Steam support have asked me to re-post the information here.


The port forwarding guide seems to blur the lines between two distinct topics - port forwarding and firewalling. For example, the following traffic is shown as requiring 'outbound' access (where 'outbound' means traffic originating from the Steam client and bound for the internet):

- UDP 3478 (Outbound)
- UDP 4379 (Outbound)
- UDP 4380 (Outbound)

The following traffic is shown as requiring 'incoming' access:

- UDP 27031 and 27036 (incoming, for In-Home Streaming)
- TCP 27036 and 27037 (incoming, for In-Home Streaming)

There is no indication as to whether the following traffic should be permitted in the 'inbound' or 'outbound' direction:

- UDP 27000 to 27015 inclusive (Game client traffic)
- UDP 27015 to 27030 inclusive (Typically Matchmaking and HLTV)
- TCP 27014 to 27050 inclusive (Steam downloads)


A little discussion about the above:
UDP 4380 is actually listed twice, so it is unclear in which direction it should be passed and/or forwarded. Based on other reading that I have done to get AoEII:HD working, it seems that UDP 4380 should be permitted in the outbound direction and redirected (forwarded) in the inbound direction because it is used for P2P networking.

In the outbound direction, it would seem that UDP 3478, 4379 and 4380, as well as UDP 27000:27030 and TCP 27014:27050 simply need to be permitted (passed) in the outbound direction, rather than port forwarded.

In the inbound direction, it would seem that UDP 27031:27036 and TCP 27036:27037 may need to be forwarded to a specific host if in-home streaming is needed. Further, I suspect that UDP 4380 should also be forwarded based on my loose understanding of Steam P2P networking.



So...my question: Given the uncertainty above, is it possible to get some clarification around the following:
- Which traffic is required to be port-forwarded in the inbound (internet -> local) direction?
- Protocol (TCP and/or UDP)
- Source port(s) (if any?)
- Destination port(s)

- Which traffic is required to be passed in the outbound (local -> internet) direction?
- Protocol (TCP and/or UDP)
- Source port(s) (if any?)
- Destination port(s)

- Is it possible to re-structure the support page to make these requirements a little more clear?


Thanks for your help.

Paul
< >
Showing 1-8 of 8 comments
dotpk Jul 25, 2016 @ 8:35am 
A small footnote...I'd like to volunteer to write some documentation for this FAQ if I can just get the above questions clarified.
dotpk Aug 1, 2016 @ 11:26am 
Just so there is no confusion, here is an example of what I am proposing. I have filled in the information based on my loose understanding of how Steam works, but some information is totally bogus (i.e. the Destination Address column in the outbound direction). I would really appreciate it if someone with actual knowledge of Steam could fill in the appropriate values...


**Outbound traffic**
For correct operation of Steam, ensure that the following traffic is permitted outbound by your firewall/router:
Proto Source Port(s) Dest. Addr. Dest. Port(s) Description
UDP Random <placeholder> 27000 - 27015 Game client traffic
UDP Random <placeholder> 27015 - 27030 Matchmaking and HLTV
TCP Random <placeholder> 27015 - 27050 Steam downloads
UDP 3478 Any 3478 Steam P2P traffic
UDP 4379, 4380 Any 4379, 4380 Steam P2P traffic



**Inbound traffic**
If Network Address Translation (NAT) is in use, ensure that the following traffic is permitted inbound and redirected to your Steam client by your firewall/router:
Protocol Source Port(s) Destination Port(s) Description
UDP Random 27015 SRCDS RCON Port
UDP Random 27015 - 27030 Matchmaking and HLTV
TCP Random 27015 - 27050 Steam downloads
UDP 3478, 4379 - 4380 3478, 4379 - 4380 Steam P2P traffic


Thanks for your time :)

[edit]: Looks like all the formatting (spaces and/or tabs) in the table is removed by the forums, so it's pretty hard to read the table :\
Last edited by dotpk; Aug 1, 2016 @ 11:29am
Darren Aug 1, 2016 @ 5:27pm 
Technically game clients can use any ports they want and while they might typically use specific ones a developer is perfectly allowed to change that for any reason (or none at all).
dotpk Aug 1, 2016 @ 10:52pm 
Sure - that seems perfectly reasonable. What I am trying to better understand is the behaviour of the Steam client itself, not the behaviour of the games that are running through it.

The background to this is that I am trying to configure my router for AoEII:HD. In the process of doing so, I keep seeing references to the Steam port forwarding guide. I'd like to start there and make sure that I am properly configured for Steam itself before looking at game-specific configuration.
aiusepsi Aug 2, 2016 @ 3:09am 
If you're just interested in Steam itself, you can dump all the ones related to games, for example the "Game client traffic" mentioned above, and the SRCDS RCON port too. Also the Steam downloading ones are out-of-date, Steam uses standard HTTP downloading these days.
dotpk Aug 2, 2016 @ 9:10am 
Originally posted by aiusepsi:
If you're just interested in Steam itself, you can dump all the ones related to games, for example the "Game client traffic" mentioned above, and the SRCDS RCON port too.

I have been doing that with tcpdump, trying to figure out why AoE keeps reporting that it is working via a relay because of NAT. The AoE devs reported that the Steam 'port forwarding' guide should work (link: https://www.reddit.com/r/IAmA/comments/1br1cx/we_are_the_age_of_empires_ii_hd_development_team/c9987z5).

In the end I figured that it might be worthwhile actually asking Steam support. As per my first post, they redirected me here...and here we are.

Originally posted by aiusepsi:
Also the Steam downloading ones are out-of-date, Steam uses standard HTTP downloading these days.

Interesting...this is an example of what I was hoping to find. Do you have a reference for that information?
Last edited by dotpk; Aug 2, 2016 @ 9:10am
aiusepsi Aug 2, 2016 @ 9:39am 
Oh, by "dump" I mean, just don't pay attention to those ports. SRCDS RCON for example is used for the Remote CONtrol of SouRCe Dedicated Servers. It's really not applicable for AoE. That's using the Steam P2P stuff.

I don't have a reference to hand, but I have spent a certain amount of time investigating these things. They switched over from their custom protcol that used those new ports to one totally based on HTTP a while ago. Definitely no special firewall considerations required.
dotpk Aug 2, 2016 @ 10:07am 
Originally posted by aiusepsi:
Oh, by "dump" I mean, just don't pay attention to those ports. SRCDS RCON for example is used for the Remote CONtrol of SouRCe Dedicated Servers. It's really not applicable for AoE. That's using the Steam P2P stuff.

Well, allegedly it uses Steam P2P but in tcpdump I see all kinds of strange activity. It seems that AoE isn't really NAT-aware at all, and so it tries in vain to communicate with all the remote hosts as if they were on the local network. This is again why I am here in this thread trying to nail down the requirements for Steam, so that I can then go and understand what the additional requirements are for AoE (or perhaps just to conclude that AoE is plain broken and/or works by magic..).

Originally posted by aiusepsi:
I don't have a reference to hand, but I have spent a certain amount of time investigating these things. They switched over from their custom protcol that used those new ports to one totally based on HTTP a while ago. Definitely no special firewall considerations required.

This is exactly why I'd like to work to have the guide updated. It was a bit confusing before; now it seems to be outright incorrect.

Thanks a lot for your input so far - it's definitely helpful :)
< >
Showing 1-8 of 8 comments
Per page: 1530 50

Date Posted: Jul 19, 2016 @ 12:21am
Posts: 8