Bridging two VLAN's together (Steam Local Network Game Transfer)

[HansJ]

Hello,

I have a seperate VLAN for every gamer in our household. (for easy management of who is downloading to much, who needs to go to bed, who is beeing punished :) )

So the VLAN's are not realy for security, but more for management especialy since we have a very slow internet connection (only 95Mbps)

All is working great except for one thing, because of the VLAN seperation, the Steam Local Network Game Transfer feature does not work, and this is very usefull for us, since we have only 95Mbps its very nice if only one PC needs to download a game/update and the other PC's can than transfer it from this PC instead of also downloading it.

I figured I can Bridge the Gamers VLAN's for this. (it is ok if they are not seperated anymore from each other, aslong as all the security to the outside stay's the same.

I am no expert and found some guides about bridging multiple VLAN's but I cant seem to get it to work,
Anyone have a "dummy's" step by step guide for me ?

I created the bridge, added the 3 gamers VLAN's to it, enabled it, and than tried adding firewall rules just allowing everything to everything between the VLAN's but it does not seem to work :(


Any tips are appreciated,


Hans

[craig_]

You shouldn't need to bridge the interfaces. If the VLANs are all setup correctly, traffic should be routable so a few firewall policies should be all you need. Check the users Windows firewall is configured, too.

Have a read of the Steam FAQ regarding the requirements:
The network transfer happens on TCP port 27040 and it needs to be allowed by local firewall software. You also need to open UDP ports 27031-27036 for client discovery.


Are you able to add in a network diagram?

[axsdenied]

You shouldn't need to bridge the interfaces. If the VLANs are all setup correctly, traffic should be routable so a few firewall policies should be all you need. Check the users Windows firewall is configured, too.

Have a read of the Steam FAQ regarding the requirements:
The network transfer happens on TCP port 27040 and it needs to be allowed by local firewall software. You also need to open UDP ports 27031-27036 for client discovery.


Are you able to add in a network diagram?

This!

[petavef405]

Yeap bridging VLANs isn't really the right move here- it tends to break things more than fix them
What you actually need is to let the VLANs "see" each other not merge them. Steam uses local discovery so even if routing works the PCs won't find each other without multicast/broadcast passing through.

So in simple terms:

-Keep VLANs as they are
-Allow traffic between them in firewall
-Enable something like mDNS repeater / multicast forwarding on your router

If your router doesn't support that honestly the easiest way is just to put the gaming PCs in the same VLAN when you're downloading stuff

[LizaM]

Yeap bridging VLANs isn't really the right move here- it tends to break things more than fix them
What you actually need is to let the VLANs "see" each other not merge them. Steam uses local discovery so even if routing works the PCs won't find each other without multicast/broadcast passing through.

So in simple terms:

-Keep VLANs as they are
-Allow traffic between them in firewall
-Enable something like mDNS repeater / multicast forwarding on your router

If your router doesn't support that honestly the easiest way is just to put the gaming PCs in the same VLAN when you're downloading stuff

mDNS/multicast forwarding is the key here. Bridging VLANs causes headaches; better to keep segmentation and just enable proper discovery between networks.

[Seimus]

I have a seperate VLAN for every gamer in our household. (for easy management of who is downloading to much, who needs to go to bed, who is beeing punished :) )

So the VLAN's are not realy for security, but more for management especialy since we have a very slow internet connection (only 95Mbps)

You know you could easily achieve that as well in a single VLAN, by using aliases, DHCP Static binding or Static IPs with DHCP IP exclusion?

In that case you would not deal with this.

Also, because this feature needs the Host Discovery, e,g the Host will announce the service under the UDP with this port board-casting on the network. And broadcast doesn't pass the bridge domain. SO you will need a UDP relay to announce hosts from one Network to another.

Regards,
S.