Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Firewall - Steam Client: Difference between revisions

m
PayPal (1)
No edit summary
m (PayPal (1))
 
(44 intermediate revisions by 2 users not shown)
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is blockedrejected. It is written for gaming systems that will only be using the steam client.
 
 
=Static DNS=
 
Static DNS manages control over which IP's the steam client can use:
By using static DNS we avoid unexpected IP addresses that will be blocked by the firewall:
 
<syntaxhighlight lang=xml>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<host name="a1507api.steampowered.com" ip="23.d205.akamai213.net78"/>
<host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="a1697cdn.store.steampowered.com" ip="23.63.98.26 23.g63.akamai98.net32"/>
<host name="cgpromotion.azurewebsites.net" ip="104.40.183.236"/>
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="a1737cgpromotion.gblob.akamaicore.windows.net" ip="168.61.57.78"/>
<host name="clientconfig.akamai.steamstatic.com" ip="23.63.9998.20826 23.63.99.240 104.86.110.24 104.86.11098.8132"/>
<host name="a1843crash.steampowered.com" ip="208.64.203.140 208.g64.akamai203.net173"/>
<host name="crl4.digicert.com" ip="66.225.197.197"/>
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/>
<host name="api.steampowered.com"
<host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="cdnmedia.akamai.steamstaticsteampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media2.steampowered.com" ip="205.185.216.10 205.185.216.42"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cdn.storemedia3.steampowered.com" ip="8.253.70.30 8.253.70.110"/>
<host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cgpromotionocsp.digicert.com" ip="93.184.azurewebsites220.net29"/>
<host name="paypal.d1.sc.omtrdc.net" ip="10466.40235.183148.23664"/>
<host name="cgpromotionrepo.blobsteampowered.com" ip="23.63.98.26 23.core63.windows98.net32"/>
<host name="s1.symcb.com" ip="1682.6122.57133.78163"/>
<host name="clientconfigs2.akamai.steamstaticsymcb.com" ip="2.22.139.27"/>
<host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/>
<host name="dreamfallchapters.azurewebsites.net"
<host name="steamcloudams.blob.core.windows.net" ip="168.61.58.14"/>
ip="191.238.8.26"/>
<host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/>
<host name="images.akamai.steamusercontent.com"
<host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media.steampoweredsteamcommunity.com" ip="23.63.99.219 23.67.255.202"/>
<host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media2store.steampoweredakamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="store.steampowered.com" ip="20523.185.216.10 205.185.216213.4278"/>
<host name="media3t.steampoweredpaypal.com" ip="173.223.190.173"/>
<host name="www.paypal.com" ip="173.223.190.173"/>
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238"/>
<host name="media4www.steampoweredpaypalobjects.com" ip="23.65.43.145"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="repo.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="steamcdn-a.akamaihd.net"
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="steamcloud-eu.storage.googleapis.com"
ip="216.58.198.208 216.58.198.240 216.58.213.112"/>
<host name="steamcloudams.blob.core.windows.net"
ip="168.61.58.14"/>
<host name="steamclouddub.blob.core.windows.net"
ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net"
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="steamcommunity.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="steamstore-a.akamaihd.net"
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/>
<host name="store.akamai.steamstatic.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="store.steampowered.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
</dns>
</syntaxhighlight>
 
 
=Firewall=
Outbound Rules - Change the MAC address in the source-mac= element to your own:
 
<syntaxhighlight lang=xml>
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule name="Steam OS: NTP"
action="accept"/>
<rule name="CDN: Akamai"
target-ip="23.6332.980.0/2311 23.6764.2550.0/2414 23.195.64192.0/20 23.205.212.0/2212 92.122.2180.0/2315 104.71.17664.0/20 104.86.110.0/2310 173.223.176.0/20"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="CDN: Level 3"
target-ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238 212.73.205.178"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Amazon Web Services"
target-ip="54.231.130.0/24 54.231.131.0/2423 54.231.132.0/24 54.231.133.0/24 54.231.134.0/2422 54.231.136.0/2422 54.231.140.0/24 54.231.141.0/2423 54.231.142.0/24"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Google Cloud Platform"
target-ip="216.58.198.208 216.58.198.240 216.58.213.112"
target-port="80 443"
protocol="6"
protocol="6"
action="accept"/>
<rule name="PaypalPayPal Payments"
target-ip="2.22.133.163 2.22.139.27 23.65.43.145 66.235225.148197.64197 66.235.148.128/3164 93.184.220.29 173.223.190.173"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Valve Software"
target-ip="103.10.124.0/2423 146.66.155.0/24 155.133.245224.0/24 155.133.248.0/2419 162.254.192.0/21 205.196.6.0/24 208.64.200.0/22"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Deny All"
source-mac="408D5C57F303 D8CB8AA2464E"
action="reject"/>
</rule-set>
Inbound Rules - Change the IP address in the target-ip= element to your own:
 
<syntaxhighlight lang=xml>
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
</rule-set>
</syntaxhighlight>
 
 
=Technical Notes=
 
Steam used to have a huge amount of servers (some from Limelight CDN) located around the world and older versions of the software used an inefficient method to connect users to the servers. Steam has made a big improvement on the's game delivery system by usinguses 3 different high performing CDN companies,: Akamai, Highwinds and Level 3.
 
*media.steampowered.com = Akamai
*media2.steampowered.com = Highwinds
*media3.steampowered.com = Level 3
*media4.steampowered.com = Akamai
 
==Origin Server==
Running steam will download a small file from:
 
The origin server is where each CDN will pull files from. The origin server hostnames are:
*client-download.steampowered.com
*cdn-01-origin.steampowered.com
*cdn-01.steampowered.com
 
==Steam Client==
This file contains a list of files with SHA-1 checksums and size in bytes to check if steam is up to date. If steam is outdated, it will need to download the updated files by randomly selecting one of the CDN hosts and that host will be used to serve the files.
 
This documents what hostnames the steam client uses and when.
==Origin Server==
 
On startup:
The origin server is where each CDN will pull the files from. The origin server hostnames are:
*repo.steampowered.com
*client-download.steampowered.com
*media.steampowered.com (Randomly Selected)
*media2.steampowered.com (Randomly Selected)
*media3.steampowered.com (Randomly Selected)
*media4.steampowered.com (Randomly Selected)
*api.steampowered.com
*clientconfig.akamai.steamstatic.com
*steamcommunity-a.akamaihd.net
*store.steampowered.com
*cdn.akamai.steamstatic.com
*steamcommunity.com
*br01.broadcast.fra.steamstatic.com (Randomly Selected)
*br01.broadcast.lax.steamstatic.com (Randomly Selected)
*br01.broadcast.lon.steamstatic.com (Randomly Selected)
*br01.broadcast.ord.steamstatic.com (Randomly Selected)
*br01.broadcast.sto.steamstatic.com (Randomly Selected)
*br02.broadcast.fra.steamstatic.com (Randomly Selected)
*br02.broadcast.lax.steamstatic.com (Randomly Selected)
*br02.broadcast.lon.steamstatic.com (Randomly Selected)
*br02.broadcast.ord.steamstatic.com (Randomly Selected)
*br02.broadcast.sto.steamstatic.com (Randomly Selected)
*br03.broadcast.fra.steamstatic.com (Randomly Selected)
*br03.broadcast.lax.steamstatic.com (Randomly Selected)
*br03.broadcast.lon.steamstatic.com (Randomly Selected)
*br03.broadcast.ord.steamstatic.com (Randomly Selected)
*br03.broadcast.sto.steamstatic.com (Randomly Selected)
*br04.broadcast.fra.steamstatic.com (Randomly Selected)
*br04.broadcast.lax.steamstatic.com (Randomly Selected)
*br04.broadcast.lon.steamstatic.com (Randomly Selected)
*br04.broadcast.ord.steamstatic.com (Randomly Selected)
*br04.broadcast.sto.steamstatic.com (Randomly Selected)
 
Entering the Store:
*cdn-01-origin.steampowered.com
*cdn-01store.steampowered.com
*store.akamai.steamstatic.com
 
Exploring your Queue:
*store.steampowered.com
*cdn.akamai.steamstatic.com
 
PayPal Payments:
*store.steampowered.com
*ocsp.digicert.com
*crl4.digicert.com
*www.paypal.com
*s2.symcb.com
*s1.symcb.com
*www.paypalobjects.com
*paypal.d1.sc.omtrdc.net
*t.paypal.com
 
==Steam Cloud==
 
The steam cloud normally stores saveda gamecopy dataof local saved games, allowing you to use that datathem on another system running the steam client. Here is a list of which hostnames belong to which game:
 
Deponia: The Complete Journey
*dreamfallchapters.azurewebsites.net
*steamcloud-dub.s3.amazonaws.com
 
==IP Reference==
 
This documents what range of IP's belong to which CDN node and steam hostname.
 
cdn.akamai.steamstatic.com:<br>
cdn.store.steampowered.com:<br>
clientconfig.akamai.steamstatic.com:<br>
images.akamai.steamusercontent.com:<br>
media.steampowered.com:<br>
media4.steampowered.com:<br>
repo.steampowered.com:<br>
store.akamai.steamstatic.com:
*a1507.d.akamai.net
*23.63.98.26 (Primary)
*23.63.98.32 (Primary)
*23.63.98.10
*23.63.98.17
*23.63.98.18
*23.63.98.19
*23.63.98.27
*23.63.98.33
*23.63.98.41
*23.63.98.43
*23.63.99.58
*23.63.99.90
*104.86.110.249
*104.86.111.137
 
steamcommunity-a.akamaihd.net:
*a1697.g.akamai.net
*23.63.99.219 (Primary)
*23.67.255.202 (Primary)
*104.86.110.24
*104.86.110.75
 
steamstore-a.akamaihd.net:
*a1737.g.akamai.net
*23.63.99.208 (Primary)
*23.63.99.240 (Primary)
*104.86.110.24
*104.86.110.81
 
steamcdn-a.akamaihd.net:
*a1843.g.akamai.net
*23.67.255.200 (Primary)
*23.67.255.208 (Primary)
*104.86.110.27
*104.86.110.35
editor
426

edits