Steam In-Home Streaming for games to a Qubes VM

[glu...@gmail.com]

I've been using Steam's In-Home Streaming for years and it's worked well. Recently though, I tried to get a Steam client running on a Debian 9 virtual machine in Qubes Q4-rc5 to stream from a Win 10 PC on the same network (Ethernet) that would run the games. However; I cannot get the two machines to see each other. Any advice would be appreciated.

More info:
I set up "Port forwarding to a qube from the outside world" based on The Qubes Firewall documentation. Basically, I set up forwarding of udp 27031, udp 27036, tcp 27036, and tcp 27037 traffic from the Win 10 PC to the Qubes Debian 9 VM. I tested the tcp forwarding with telnet/putty, which worked; but was not sure how to test the udp ports.

[glu...@gmail.com]

Looking at the network traffic, the UDP packets that are not making it through have a destination of 255.255.255.255 (broadcast), so I'm guessing a simple Port forwarding NAT won't work. Would a MASQUERADE work better?

Summary question - how do I forward UDP broadcast (255.255.255.255) traffic from a separate Win10 machine, to a Qubes 4.0 VM running Debian 9?

Also, should I just take this to a networking forum?

[awokd]

On Fri, March 30, 2018 8:30 pm, glu...@gmail.com wrote:
> Looking at the network traffic, the UDP packets that are not making it
> through have a destination of 255.255.255.255 (broadcast), so I'm
> guessing a simple Port forwarding NAT won't work. Would a MASQUERADE work
> better?
>
> Summary question - how do I forward UDP broadcast (255.255.255.255)
> traffic from a separate Win10 machine, to a Qubes 4.0 VM running Debian
> 9?

I'm not sure it's possible to inbound NAT broadcast traffic, have never
heard of a need for it. There's no way to change Steam to send to a
specific IP/port? The ugly hack approach would be to directly attach a
secondary NIC inside the VM you want to receive broadcast traffic but of
course, you lose a lot of layers of protection by doing that.

> Also, should I just take this to a networking forum?

Possibly, maybe some iptables wizard could figure out a way to turn that
broadcast traffic into directed.

[glu...@gmail.com]

On Friday, March 30, 2018 at 2:21:49 PM UTC-7, awokd wrote:

To close the loop on this, awokd is correct that it is not easy to NAT broadcast traffic. I found a couple ways that might work, but it breaks the purpose/design of broadcast. The best solution I found was to set up a VPN between the server machine and the specific qubes VM. In the end, I sacrificed some security and set up mult-boot.