Hello there, I´m kinda new to the OPNSense and general firewall topic. Im currently having issues with allowing Steam to authenticate my user.
I have two interfaces:
WAN (192.168.2.236)
LAN (192.168.0.1)
On the LAN I have configured the following rules as stated in the Steam firewall configuration guide (https://help.steampowered.com/en/faqs/view/2EA8-4D75-DA21-31EB)
If I now open Steam I run into an timeout. The connection log from Steam says the following in the .txt file.
I can´t see any blocking on the LAN side, so I think I setup everything correctly there. Even any LAN-Any-Allow rule won´t do it.
On the WAN site I can see alot of blockings from the default deny / state violation. I assume that Steam is sending their authentication over an CDN. This has a different IP and port, so the firewall thinks its a random packet and denys it.
How can I fix this problem?
The RFC1918 WAN IP address suggests that OpnSense is already behind another, maybe ISP-provided router, so you are operating under double-NAT conditions. At least you should be, because if you set up OpnSense without outbound NAT, you would have to provide a route to 192.168.2.0/24 on your front router.
As Steam needs to have opened ports, you will also have to create inbound NAT rules on both OpnSense and your ISP router.
Stuff related to Gaming Online should only need 1:1 Port Mapping in your NAT a.k.a. Static-Port in OPNsense Outbound NAT Rules : https://docs.opnsense.org/manual/nat.html#outbound
Only when you want to Host Servers you will need to actually Port Forward some ports, but I am guessing that's not your problem :)
Even NAT-behind-NAT should not be an issue, but I don't know what kind of stuff your other Router does with the connection so you will have to figure that out on your own...