Join Log in
Score:0
Moham Nazir avatar Ubuntu

Proper IPTables setup for Valve Steam Client / How to do proper Process Identifcation?

eg flag
Moham Nazir

The problem:

I decided to run linux on hardware, and this involves bringing some games over. I am also trying to use iptables, specifically, as it has been recommended to me for use as a firewall and to get a better grasp of networking concepts. I am using Ubuntu 18.04.5 Bionic Beaver LTS with a custom XFCE4 desktop session handled by lightdm and openbox.

I was examining my system for open ports using the sudo netstat -tulpn | grep LISTEN method. The output:

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      6741/systemd-resolv  .
tcp        0      0 0.0.0.0:27036           0.0.0.0:*               LISTEN      28122/steam          
tcp        0      0 127.0.0.1:57343         0.0.0.0:*               LISTEN      28122/steam         
tcp        0      0 127.0.0.1:27060         0.0.0.0:*               LISTEN      28122/steam

This would be the standard port useage for playing Star Wars: Knights of the Old Republic 2 on steam. The issue is at the point the game was not running / nor had it been requested to launch by any system I have manually set up (as far as I am aware.)

Investigation:

Entry 1 is, by my understanding, the system-d DNS resolver, listening for DNS related requests on port 53, and of course, the integration for this properly into a standard iptables setup seems to be quite straightforward. I would like to add that, generally, when the command is run, Entry 1 for PID 6741/systemd-resolv is the only entry shown in this list.

However, the other 3 open ports listed are for PID 28122/steam. And on one occasion, I caught my device in the configuration shown above. I then tried to assess why this was the case, to assess if my IPtables would need changed to permit this operation to happen if it required an active network connection, as I assume it might do, using TCP, dependant on what's going on.

I used my LxTask program to trace down the exact commands being executed by this PID.

For every single port listed, the command being executed was steam steam://rungameid/208580. This would be the command used to launch the only game on the system, an unmodded, clean copy of 'Star Wars: Knights of the Old Republic II'

Why any process, would launch this game but not launch this game, is beyond me. I never tried to launch the game in any fashion and it had been closed for over an hour or more.

The last step I took was to quicky fire an nmap scan at the port 27036, 27060, 57343, to confirm from localhost, it was running on localhost. I used the -sV -sC flags to attempt to extract service information from the TCP/IP stack on the ports. The command I used for this was: nmap -p 27036,27060,57343 -sV -sC 127.0.0.1 The output:

27036/tcp  open   ssl/steam   Valve Steam In-Home Streaming service
27060/tcp  open   unknown
57343/tcp  open   unknown

Following this I would have repeated the same scan from an external network to see if the ports were available outside localhost, but i was unable to find an open connection on the ports specified. When i returned to the subject Ubuntu PC, i double checked to see if the ports were still open using the same sudo netstat -tulpn | grep LISTEN method.

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      6741/systemd-resolv  .

It seems the DNS resolver was the only port open in this list. I repeated the nmap localhost scan from my machine on the previously identified ports. Command used: nmap -p 27036,27060,57343 -sV -sC 127.0.0.1 again. The output:

PORT      STATE  SERVICE VERSION
27036/tcp closed unknown
27060/tcp closed unknown
57343/tcp closed unknown

It seems that the ports are closed and PID 28122/steam is no longer running on my machine.

Question:

Can anybody explain what this process was I just witnessed with the present information?

Importantly, can you provide me with the context (if relevant), on how steam / general processes that behave weirdly such as this one should be properly handled in the context of iptables rules, as this is what my end goal is to set up.

If possible I'd like an example relevant to this use case of how to deny these ports the right to open, unless I personally launch the game myself.

Possibly Relevant Notes:

My steam package is: steam/bionic,now 1:1.0.0.54+repack-5ubuntu1 i386 [installed] Built: Jun 8 2021 @ 10:23:41PM Steam API: v020 Steam Package Version: 1623193086

I have steam client installed with 1 game, Star Wars Knights of the Old Republic 2.

The game is not modded, and is a fresh install. It requires no network connectivity.

Thanks for your time.

66
0 + 6
guiverc avatar
cn flag
guiverc
Are you using Xubuntu 18.04? You mention a number of programs that are **not** used by Xubuntu nor Xfce. Xfce uses `xfwm4` (a Xfce program), and doesn't use `lxtask` (that's a LXDE program) as `xfce4-panel` is the Xfce tool; that combination is used by non-Ubuntu OSes (eg. Peppermint) but that's not Xubuntu, nor Ubuntu.
0
Reply
Moham Nazir avatar
eg flag
Moham Nazir
Its still Ubuntu, I just removed gnome because its heavy. My desktop now runs idle with no programs open at <400MB. The distro is Ubuntu 18.04.5 LTS as stated, i just made my own desktop GUI session to log in to from the default tty terminal. Please confirm this means the question is in the wrong place as as far as Im aware this is a standard procedure on a custom, user based system and does not disqualify me from support. All programs mentioned are from the Ubuntu official repos. I have no iptables so i obviously can't click links
0
Reply
Moham Nazir avatar
eg flag
Moham Nazir
The information was provided as contextual information only.
0
Reply
guiverc avatar
cn flag
guiverc
I can understand replacing GNOME with something else, but mixing parts from Xfce4 & LXDE can cause two different libraries to co-exist in RAM wasting RAM (one lib for the LXDE programs, one for your Xfce programs, even a third for end-user programs..) so the combination makes little sense except to waste RAM or as used by Peppermint to get a specific *look* & appearance.. Yes a self-built custom build is on-topic here, but using non-Ubuntu builds/re-spins is not on-topic.
0
Reply
Moham Nazir avatar
eg flag
Moham Nazir
To clarify, its me running LXDE task to check PID commands. You are correct, this is an LXDE specific program. I didn't know, I will change the post. I am honestly unaware of what libs and funtionality I may have added to enable me to run it, I just like using it. However i fail to see any cases where me using it would make steam run three ports randomly, which is my issue, so as respectfully as possible, i feel like you're off topic, but I am pretty new to the Linux scene, so please tell me if im wrong.
0
Reply
Moham Nazir avatar
eg flag
Moham Nazir
[It doesn't seem to be using much memory](https://ibb.co/1Z4jLs6)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.