Hack36.Make Skype Work with Personal Firewalls


Hack 36. Make Skype Work with Personal Firewalls

Skype is rather good at working with firewalls without the need for any additional configuration, but sometimes it needs some help.

Works with: all versions of Skype.

Many VoIP applications simply don't work from behind a firewall or Network Address Translation (NAT) device. And many, if not most, broadband Internet users operate from behind one or the other, or both!

Skype does a good job of transcending these barriers to communication, mostly without any additional configuration, but Skype is not foolproof in this respect. This hack will help you if you're having problems getting Skype to work from behind a firewall.

Firewall problems are most often signaled by Skype error #1102, "Skype cannot be started;" though #1101, 'No connection," and #1103, 'No connection," are also common. These errors mean that your Internet connection is down or misconfigured, you are behind a restrictive firewall or proxy that is blocking Skype's access to the Internet, or your network or Internet service provider is somehow blocking Skype.

Figure 3-15. Using a Skype server to replace two existing regular phone lines


To learn more about the nature of your Internet connection, and how it might be blocking Skype, you can try these tests:


Other Peer-to-Peer (P2P) applications

Are other P2P-type applications also blocked? If the answer is yes, it's more likely that your firewall is blocking all P2P-type traffic, including Skype. Otherwise, it is more likely that the problem is a network problem specific to Skype.


Telnet

From a command or shell prompt, enter "telnet -ex yahoo.com 80". If the screen goes blank, enter 'x", and you should be greeted with a telnet prompt (see Figure 3-16). If you are, you likely have a Skype-specific Internet connection problem.

Figure 3-16. Telnet prompt


Broadly speaking, there are two types of firewall: those implemented in software and which run on your desktop machine, and those implemented as part of some piece of network hardware (router, proxy, etc.). First, I'll discuss the general requirements for all types of firewall needed for Skype to work, and then I'll discuss software firewalls and hardware firewalls in turn.

At a minimum, Skype requires unrestricted access to outgoing Transmission Control Protocol (TCP) ports above 1024, or to ports 80 and 443 specifically. Skype prefers the former, but can live with the latter. Skype's voice quality and functionality will be improved if, in addition, your firewall is open for two-way User Datagram Protocol (UDP) traffic on all ports above 1024. These are the first things you should check.

Whether Skype should try to use TCP ports 80 and 443 is controlled through its options. For Windows, select Skype Tools Options… Connection; for Linux, select Skype Tools Options… Advanced. Neither Mac OS X nor Pocket PC versions of Skype provide for explicit use of ports 80 and 443.


When Skype is installed, it randomly chooses a port above 1024 on which to listen for incoming traffic. You can inspect the port Skype has chosen on your machine by selecting Tools Options… Connection on Windows; Tools Options… Advanced on Linux; and Skype Preferences… Advanced on Mac OS X (this information is not available for Pocket PC). If you dont want to open up all ports above 1024 for Skype, you can open only the specific port Skype has chosen for TCP and/or UDP traffic.

Software firewalls run on your machine and monitor incoming and outgoing Internet traffic for malicious activity. Moreover, applications that connect to the Internet from your machine are also monitored and, indeed, are usually blocked from connecting until you give them explicit permission. Windows XP (SP2) and Mac OS X come with their own firewalls that are turned on by default. Most Linux distributions have a firewall included, though it may not be enabled by default. Moreover, several firewall applications are available from independent vendors and from open source projects.

When you upgrade Skype to a newer version, this may be detected by your firewall and you may be prompted to give permission again for Skype to access the Internet.


Skype has a number of user guides for configuring the following popular software-only firewalls that run on Windows:

  • Windows XP SP2 Firewall

  • Norton Personal Firewall

  • ZoneAlarm Pro

  • McAfee Firewall Pro

You can find these guides at http://www.skype.com/help/guides/firewall.html.

Giving advice on configuring hardware-based firewalls is problematic because of the sheer variety of equipment in existence. Really, the advice comes down to opening the correct ports for Skype to use and making sure that port 80, if used, is not set to pass HyperText Transport Protocol (HTTP) only. Skype doesn't use HTTP. For the specifics of how to open ports and filter protocols, you will have to refer to the documentation for your firewall hardware.

Another known issue arises when your machine becomes a Skype super node, which is something over which you have no control. Super nodes are regular Skype clients that change their behavior, and in the process consume more network resources, to make Skype's global network work properly. Without super nodes, Skype would not work as well as it does, or perhaps not at all. But this may be of little comfort if you are one of the super nodes! The problem arises when a super node has so many incoming network requestsspecifically, large numbers of TCP connectionsthat your router/firewall is overwhelmed. This is particularly true if your hardware has fairly minimal onboard processing power.

3.13.1. See Also

  • Additional guidance on router/firewall configuration is available at http://www.skype.com/security/guide-for-network-admins.pdf.




Skype Hacks
Skype Hacks: Tips & Tools for Cheap, Fun, Innovative Phone Service
ISBN: 0596101899
EAN: 2147483647
Year: 2005
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net