I have read the FAQ and been searching for a good two days, but still unable to find a solution to my problem.

I have a server with APF installed; I have opened the ports that were required in the FAQ (for the server side). I have read that the client uses a random port to connect though; does that mean I’m unable to use a firewall for teamspeak unless I open the random port range?

I found one post here that creator said he was finally able to run teamspeak behind APF, unfortunately I didn’t understand his fix that well. Is anyone else successfully using teamspeak with APF?

I have a server with APF installed; I have opened the ports that were required in the FAQ (for the server side). I have read that the client uses a random port to connect though; does that mean I’m unable to use a firewall for teamspeak unless I open the random port range?
The client will get the answer from the server on a random port (as many other client software does as well). If you block all incomming ports (independat of the status of the conenction), you'll have a problem with a lot of applications (webbrowsers,...)

sry, but what is APF (I understand it is a firewall, but which one, I don't know that term ?) :o
advanced personal firewall or.....

While I’m not going to doubt you and I’m sure there are a lot of applications that use random ports. This is actually the first application I have run into that seems to not have a solution for running securely with a firewall. Since if all incoming ports must be free, what is the point of having a firewall in the first place. Maybe, I’m just a nub though but I have used a lot of server applications and they all worked with a firewall under certain ports only.

Anyways thank you for your help. APF stands for Advanced Policy Firewall.

Hey,

this is a very common way for an application to establish a connection (probably the most common one):

Client sends (from a randomly chosen port) to the server (on a fixed, server specific [configurable] port). The server answers from the fixed server port to the random port, and everything works fine.

Q & A:

Concerning the client side:
Q: Why does the Client not connect *from* a fixed port?
A: Because there might be multiple clients running at the same time (from the same user or even from different users in a multiuser environment), and only one application can "own" the port at any given time. So using a fixed port on client side would only allow one client to run on this computer.

Q: You say random, are you really throwing dice?
A: No, because we don't really care what port we get (just some port that is free), we just tell the operating system just that "gimme any old port that happens to be free", these functions exist because the use case I am describing is so common.

Q: So, how do firewalls cope with this?
A: Normal (personal) firewalls are usually what I know under the term "stateful", which means they can identify incoming and outgoing packets as to what connection they belong to. Now, most firewalls are configured to allow the user to initiate outgoing traffic (they might ask you if it's ok for this application to send data to the internet). So, the firewall knows the TS2 client is allowed to send data out (NOTE: this is not bound to a port, but only to the application name). So no matter what port the client chooses, the firewall sends this data out to the server port (which you specify in the client when you connect). Now when the server answers, the firewall (because it is stateful) sees that this is just the answer to a connection that was already initiated, and accepts the data.

Q: As a bottom line, what do I need to change on my router and firewall when running the TS2 Client?
A: You usually do NOT have to configure your firewall or your router to allow the TeamSpeak2 Client to work safely and normally. The only thing that might be necessary (depending on your firewall) is to hit "Yes" on a box that pops up the first time you connect saying "TeamSpeak Client wants to connect to the internet, is that OK?".

Concerning the server side:

Q: So do I have to change my router and firewall when hosting a server?
A: The server listens on a fixed, configurable port (or multiple ports if you host multiple vservers). As routers and normal firewalls do NOT accept incoming packets they can't find an existing connection for, you need to adjust your router and firewall settings when hosting a server.

Q: What do I have to change on the router when hosting a server?
A: On the router you specify that all packets sent to $YOUR_CONFIGURED_SERVER_PORT have to be forwarded to $YOUR_LAN_PC_IP_WITH_THE_TS_SERVER. Once the router is taken care of there still might be a firewall on the pc that hosts the TS Server, so you need to configure that too.

Q: OK what about the changes to the firewall when hosting a server?
A: On the firewall side you tell the firewall that all packets going to port $YOUR_CONFIGURED_SERVER_PORT should be accepted.

Your server should be working fine now, and - as you may have noticed - we didn't care about the fact that the packets arriving at the server come from "random" ports on the client side.