Making Skype work with LnS, what do we do?

Discussion in 'LnS English Forum' started by MrGump, Sep 11, 2011.

Thread Status:
Not open for further replies.
  1. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    I am able to use Skype with LnS and the Phant0m rule-set installed, however, I have a feeling that the quality could be better when video chatting. Are there any best practices regarding Phant0m rules + LnS? *puppy*
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Do you see several ICMP packet blockings when using Skype?
     
  3. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    cleared logs then started Skype and stopped it after a few moments. the attached image is what I see.
     

    Attached Files:

    • gg.PNG
      gg.PNG
      File size:
      116.8 KB
      Views:
      26
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    UDP packets with source port 19348 seems Skype related..., you experiencing slowness connecting to Skype server or something else? If something else, please detail, thanks.
     
  5. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    my call quality hasn't be great and I feel like it may take a bit longer to sign in than usual. I guess I'm just not sure and I wanted to be coddled haha :p
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Create this rule and try logging back into Skype, other things you can try is disable Windows Firewall, Look 'n' Stop doesn't do this automatically.
     

    Attached Files:

  7. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    done, thank you.

    should i move it down below the "stop UDP broadcasts" rule?
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Not until you have tested it, does it speed the Skype connecting process up?
     
  9. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    I think I am getting fewer logs created, it seems like there is still some lagg when Skype home is loading, and it happens at the same time those logs are created. I guess it's something with Skype Home.
     

    Attached Files:

    • ff.PNG
      ff.PNG
      File size:
      60.5 KB
      Views:
      10
    • ss.PNG
      ss.PNG
      File size:
      50.3 KB
      Views:
      114
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You forgot the the block / stop sign on newly created rules, you need to change that attribute to make it green. ;)
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Also on that rule you made, change 'In range A:B' to 'All'
     
  12. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    think i got it right :)

    seems to connect more quickly and I get few logs created so far.

    FYI, i added Skype as an application to the Skype rule, hope that was fine.
     

    Attached Files:

    • hh.PNG
      hh.PNG
      File size:
      21.2 KB
      Views:
      114
    • nn.PNG
      nn.PNG
      File size:
      58.7 KB
      Views:
      9
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    see the packets with https entries? they are part of Skype, you need to remove the range check to also allow those.
     
  14. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    alright, i right clicked both https logs and allowed the 443 UDP rule, i then added Skype as the application. Did I do good? *puppy*
     

    Attached Files:

    • nn.PNG
      nn.PNG
      File size:
      51.8 KB
      Views:
      111
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    The other entries are for NAT Port Mapping, if other Skype connections are slow, create this rule, if you see TCP packets with the same dest port 5351, change the rule IP Protocol from UDP to TCP or UDP
     

    Attached Files:

  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Only if you had the one rule to apply to 443, and even better if you have it looking like mine...

     

    Attached Files:

  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Disregarding Skype packets using https port, if the destination ports always above 30000 we could shorten the port range from 5000 - 65535 to 30000 - 65535.

    You would have to enable logging on the original Skype rule and monitor for the next few uses.
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Here’s the Skype importable rules file, to be imported via ‘Import’ button on the Look ‘n’ Stop - ‘Internet Filtering’ screen / Tab. It contains the two Skype rules plus the NAT Port Mapping rule.

    I don't have Skype, so I couldn't associate Skype application to Skype Internet rules, you'll have to-do that.
     
    Last edited: Sep 12, 2011
  20. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    thank you very much :argh:

    Skype definitely loaded much faster but I am getting some logs. I'm starting to understand why some people prefer app based blocking but who really knows what kind of connections are being made. I guess a user wants to allow just enough connections as to allow the app to work properly, i wonder if all these connections are really needed.
     

    Attached Files:

    • mm.PNG
      mm.PNG
      File size:
      101.7 KB
      Views:
      9
    Last edited: Sep 12, 2011
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    that is because the dynamic ports isn’t the range 5000-65535, and especially not 30000-65535 but 1024-65535

    Updated the Skype importables rules file and attached it to this here post.
     

    Attached Files:

  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Locate the rule 'ICMP : Error Messages' and associate Skype application to this rule. :)
     
  23. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    .txt file works and eliminated most of the logs


    I added Skype to the ICMP rule but it still comes up
     
    Last edited: Sep 12, 2011
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  25. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    394
    still getting the alert
     
Thread Status:
Not open for further replies.