Rules set up for SKYPE

Discussion in 'LnS English Forum' started by rogervernon, Jan 25, 2007.

Thread Status:
Not open for further replies.
  1. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    I am evaluating LnS at present and my query is to do with setting rules to allow SKYPE calls to connect without loss of quality.

    SKYPE support have relied to my question regarding call quality.

    Their primary advice is " Please, make sure your firewall/router is not blocking Skype in any way. Try opening UDP traffic both ways to both ports found in Skype's top menu: Tools > Options > "Connection" window; tick the option to use the ports 80 & 443"

    Being unfamiliar with the GUI can anyone tell me (simply please!) exactly how I configure LnS to allow specific ports?
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  3. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi rogervernon :)

    The firewall filtering is not the only factor of Skype's audio quality...

    The main problem with Skype is exactly there: it is not a "standardised" VoIP protocol. The actual behaviour of this VoIP programs is to used not only a limited set of documented TCP/UDP ports but any ports...

    The Skype's recommendation to used the HTTP/80 port and the HTTPS/443 port is an example of this. Instead of using a limited and documented set of port they used anyone including well known registred TCP / UDP ports...

    Actually the best setup for Skype, in their "point of view", is to allow Skype to all local and remote ports without restrictions...

    See this for example:
    http://www.securiteam.com/securityreviews/6K00M2ABFM.html


    1- Used the "Enhanced rule set": in the internet filtering tab, load this rule set, save and apply.

    2- The minimal rule for skype is:

    Protocol UDP
    Address: @IP (your IP address)
    Local port : 21047
    Remote ports : ALL
    Application: skype

    3- Please note that this rule is specific to Skype and not a general rule, so the program skype.exe must be included in the rule editing, "applications..." button, in the left list of the application window...

    4- This rule must be placed in the UDP rules before the last UDP rule, the one used to block any remaining UDP packets ...

    5- It's also possible to add an optionnal rule. which, as far as I know, give a better "throughput" to the Skype's communications...

    Prococol TCP
    Local port : 21047
    remote ports : ALL
    application: skype

    This rule is a "Server" rule and it must be placed immediatly before the rule used to block incomming TCP connexion with the flag SYN...

    I joint these rules here. Remove the extension .txt, copy or move the file in the LNS folder, go to internet filtering tab, import it, place the rules in the right place in the list , save and reboot ...

    Hope this help.
    :)
     

    Attached Files:

    Last edited: Jan 25, 2007
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi rogervernon :)

    A picture of this ...
     

    Attached Files:

  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi rogervernon :)

    An other picture:
    this is a specific rule so the program must be included in the rule ...
     

    Attached Files:

  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Phant0m :)

    There is somethings strange with this LNS rule: :blink:

    "This rule allows using Skype on port 54977"

    But the Skype's default port is 21047 ...
     

    Attached Files:

  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Superb job Climenole.

    Often such programs change their default port settings for different versions.
     
  8. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Phant0m :)

    You're right! May be the default port vary from one version to an other...

    Anyway... it's simple to change it in Skype or in the LNS rule.

    Have a nice day !

    :)
     
  9. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    Thank you for your replies.
    Merci beaucoup!
     
  10. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    The most important question before using any program is:
    "Can I trust this specific piece of software?"

    Well, in regard to Skype you should read this first:
    http://www.pagetable.com/?p=27

    Or in simple words: When using Skype, it seems you don't need a firewall (like LnS) at all ;)

    Thomas :)
     
Thread Status:
Not open for further replies.