Hack 36. Make Skype Work with Personal Firewalls
Skype is rather good at working with firewalls without the need for any additional configuration, but sometimes it needs some help. Works with: all versions of Skype. Many VoIP applications simply don't work from behind a firewall or Network Address Translation (NAT) device. And many, if not most, broadband Internet users operate from behind one or the other, or both! Skype does a good job of transcending these barriers to communication, mostly without any additional configuration, but Skype is not foolproof in this respect. This hack will help you if you're having problems getting Skype to work from behind a firewall. Firewall problems are most often signaled by Skype error #1102, "Skype cannot be started;" though #1101, 'No connection," and #1103, 'No connection," are also common. These errors mean that your Internet connection is down or misconfigured, you are behind a restrictive firewall or proxy that is blocking Skype's access to the Internet, or your network or Internet service provider is somehow blocking Skype. Figure 3-15. Using a Skype server to replace two existing regular phone linesTo learn more about the nature of your Internet connection, and how it might be blocking Skype, you can try these tests:
Figure 3-16. Telnet promptBroadly speaking, there are two types of firewall: those implemented in software and which run on your desktop machine, and those implemented as part of some piece of network hardware (router, proxy, etc.). First, I'll discuss the general requirements for all types of firewall needed for Skype to work, and then I'll discuss software firewalls and hardware firewalls in turn. At a minimum, Skype requires unrestricted access to outgoing Transmission Control Protocol (TCP) ports above 1024, or to ports 80 and 443 specifically. Skype prefers the former, but can live with the latter. Skype's voice quality and functionality will be improved if, in addition, your firewall is open for two-way User Datagram Protocol (UDP) traffic on all ports above 1024. These are the first things you should check.
When Skype is installed, it randomly chooses a port above 1024 on which to listen for incoming traffic. You can inspect the port Skype has chosen on your machine by selecting Tools Options… Connection on Windows; Tools Options… Advanced on Linux; and Skype Preferences… Advanced on Mac OS X (this information is not available for Pocket PC). If you dont want to open up all ports above 1024 for Skype, you can open only the specific port Skype has chosen for TCP and/or UDP traffic. Software firewalls run on your machine and monitor incoming and outgoing Internet traffic for malicious activity. Moreover, applications that connect to the Internet from your machine are also monitored and, indeed, are usually blocked from connecting until you give them explicit permission. Windows XP (SP2) and Mac OS X come with their own firewalls that are turned on by default. Most Linux distributions have a firewall included, though it may not be enabled by default. Moreover, several firewall applications are available from independent vendors and from open source projects.
Skype has a number of user guides for configuring the following popular software-only firewalls that run on Windows:
You can find these guides at http://www.skype.com/help/guides/firewall.html. Giving advice on configuring hardware-based firewalls is problematic because of the sheer variety of equipment in existence. Really, the advice comes down to opening the correct ports for Skype to use and making sure that port 80, if used, is not set to pass HyperText Transport Protocol (HTTP) only. Skype doesn't use HTTP. For the specifics of how to open ports and filter protocols, you will have to refer to the documentation for your firewall hardware. Another known issue arises when your machine becomes a Skype super node, which is something over which you have no control. Super nodes are regular Skype clients that change their behavior, and in the process consume more network resources, to make Skype's global network work properly. Without super nodes, Skype would not work as well as it does, or perhaps not at all. But this may be of little comfort if you are one of the super nodes! The problem arises when a super node has so many incoming network requestsspecifically, large numbers of TCP connectionsthat your router/firewall is overwhelmed. This is particularly true if your hardware has fairly minimal onboard processing power. 3.13.1. See Also
|