Your not getting how UDP Traversal works yes T-r-a-v-e-r-s-a-l so help me I will teach you.
Steam can't do anything their end its got to be done in the game.
Let starts with something simple like DNS and clear your mind of the vulnerability (by that I mean the DNS ones when we send gaming traffic by this) and keep a open mind as to what is a client and what is a server because with UDP Traversal it solves that.
Also to keep it simple no NAT just a firewall and the rules are outgoing UDP port 53, 3478 and 20000-20100
Two clients IP1 1.1.1.1 IP 2 2.2.2.2 and a server IP 3.3.3.3
The clients have DNS port 53 listening and each client wants to connect to each other now let us say the source port used for IP1 is 20000 and IP2 is 20033.
IP1 1.1.1.1 source port 20000 > IP2 2.2.2.2 = remote port 53 lookup google.com
IP2 2.2.2.2 source port 20033 > IP2 1.1.1.1 = remote port 53 lookup google.com
Yes it does not work because of the firewall WAIT there is more keep reading.
So how can we without making any more firewall rules get the other to reply on outgoing rules? The answer UDP Traversal.
So each client connects to the server on port 3478 and the source port does not matter for that so here is what happens.
IP1 1.1.1.1 source port 59001 > IP3 3.3.3.3 remote port 3478 = my source port is 20000 tell IP2 at 2.2.2.2
IP2 2.2.2.2 source port 56777 > IP3 3.3.3.3 remote port 3478 = my source port is 20033 tell IP1 1.1.1.1
firewall state of outgoing that is allowed in because of the above made by IP1
IP3 3.3.3.3 source port 3478 > IP1 1.1.1.1 remote port 59001 = source port for IP2 2.2.2.2 is port 20033
firewall state of outgoing that is allowed in because of the above made by IP2
IP3 3.3.3.3 source port 3478 > IP2 2.2.2.2 remote port 56777 = source port for IP1 1.1.1.1 is port 20000
So each client now knows the source port of each other but how does that help us watch.
firewall state of outgoing for UDP
IP1 1.1.1.1 source port 53 > IP2 2.2.2.2 = remote port 20033 = Punch!
blocked by firewall at IP2 2.2.2.2 WAIT keep going there is more and it is where it gets interesting.
Then IP2 tries to do the lookup at IP1
firewall state of outgoing for UDP
IP2 2.2.2.2 source port 20033 > IP1 1.1.1.1 = remote port 53 lookup google.com
ALLOWED by IP1 1.1.1.1 under the firewall state of outgoing to allow IN because of the above connection made by IP1
firewall state of outgoing for UDP
IP2 2.2.2.2 source port 53 > IP1 1.1.1.1 = remote port 20000 = Punch!
blocked by firewall at IP1 1.1.1.1
Then IP1 tries to do the lookup at IP2
firewall state of outgoing for UDP
IP1 1.1.1.1 source port 20000 > IP2 2.2.2.2 = remote port 53 lookup google.com
ALLOWED by IP2 2.2.2.2 under the firewall state of outgoing to allow IN because of the above connection made by IP2.
So now do you see how UDP Traversal works by the source port because thats whats clever about it.
Edit wrong source port listing fixed! typo