Web-proxy and traffic shaping blocking steam game downloads

NethServer Version:
NethServer release 6.8
Module:
Web Proxy
Traffic shaping

While in the past steam worked fine through the NethServer firewall, all of a sudden, I have to disable the web proxy and the traffic shaping modules to allow games to download. It blocks downloads to both desktop systems when they are on.

Let me know what logs or info you might need.

Squidguard log could help. Did you change blacklist policies?
We should make a list of interesting logs per modules /cc @dnutan @GG_jr

I guess now would be a good time to suggest some sort of Log Exporter from the WebUI. Unless I’m missing it.

Logs are here:
Squid Logs

There’s none that I know. As a workaround individual logs can be downloaded by some browsers with the “save link as” option.

Any progress with the issue?

Not from my end, no. I might end up switching to PFsense for my firewall and just using nethserver for Nextcloud and other application services.

Right now I have Traffic shaping and Web Proxy turned off, but those are big deals for me, and I’m not going to live without for long.

Hope someone with better eyes then me can see something in the logs that I’m missing.

Can you enable just proxy and not the content-filter? I’d like to figure out if steam is into our categiry

1 Like

Took a look at the logs. Here are some observations, just in case someone else can figure out what’s happening:

/var/log/squid/access.log shows http responses like:

  • TCP_MISS/403 (Forbidden): some .ico, .gif files… (seems irrelevant)
  • TCP_MISS/404 (Not Found): mainly for lots of images
  • TCP_MISS/503 (Service Unavailable): for steam downloads

/var/log/squid/cache.log is showing entries like:

WARNING: Closing client connection due to lifetime timeout
kid1| Open FD READ/WRITE   72 Idle server: 69.241.23.226:80/cdn.comcast.cs.steampowered.com
kid1| Open FD READ/WRITE   15 Idle server: 69.241.77.214:80/cdn.comcast.cs.steampowered.com
kid1| Open FD READ/WRITE   16 Idle client: Waiting for next request
...

If content-filter is enabled and shalla blacklists are in use, games-misc and shopping categories can block steam content.

Did you see any message from the proxy in the steam client?

1 Like

I will make these changes and let you know. Thank you for finding these. I thought I had the content filter off. I will let you know the results.

Ok, preliminary findings are that the Filter has been off. Therefore, my first conclusion would be that there is a bug that can allow the filter to be on even when it is disabled from the webgui.

However, I will get more information after I do some tests with steam. Thank you again.

Ok, I ran tests, but the results were the same as before I posted the issue. The Content filter is not enabled, and traffic shaping is off. What I didn’t mention is in my original post was that the steam will work for a an hour or two after the web proxy is enabled and then it ceases to function.

I was able to get a game downloaded, but the every subsequent game fails to download. Over the time I had the web proxy off I had zero failures, warnings, or issues.

Turned on the web proxy today and…

1 Like

Ok. That leaves the web-proxy alone as the main culprit.
Is caching enabled?
Can you share your proxy settings?

Do you want screen shots, or is there and easier way to get them to you?

Caching is enabled with the default settings…

I ran a test by turning on the Web Proxy, but disabled the cache. I still experienced the issue.

If you don’t mind to try it with caching disabled…

Screenshots are ok. Otherwise you could use db command, something like:

Edit:
db configuration show proxy
or similar, but I don’t remember the exact parameters. Sorry, I cannot test it until a couple of hours.

db configuration show squid
1 Like

You must have posted around the time I posted my results for the cache being disabled. Oddly that command neither erred nor provided results.

Here it is in the screenshot form:

Hi Walter, I’ve been trying this for the last days (transparent proxy, no cache), and tcpdump to capture packets.
Got the same message retrying the download of a ~14GB game (letting a few seconds between retries). The game downloaded fine without the proxy.

This happened once (with 2 consecutive retries), but after that all other steam downloads through proxy went fine (~100GB or more).

Unfortunetly I didn’t thought about tcpdump until it was too late, therefore no dump of failed download (not saying that I could interpret the dump but someone else might.)

Sorry, I know this does not help you much with the problem. Just in case, today I might give it another try.

@filippo_carletti, do you think a packet capture could help to discerne if it’s a proxy problem or a network one (steam servers, response delay…) ?

Probably yes, the traffic flow could reveal the problem.

I appreciate you taking a hard look at this. Thank you.

Tried again. Didn’t find any problem downloading games, but at some point was unable to access Steam’s Store → Explore section till next day:

Error Code: -102
Unable to connect to server. Server may be offline or you may not be connected to the internet.

The packets capture showed multiple connection resets and packet retransmissions, from/to akamai CDN.


Back to your problem, other than playing with some squid timeout options, or a tcpdump capture that someone else can analyze i’m out of ideas.

1 Like