I'm behind a couple fire walls and must give explicit instructions to the administrators as to what ports to open.

I read the FAQ and found the following information:

the whole 1024-65535 (udp) range for source port and sends to port 8767 (udp) unless indicated otherwise.

That is somewhat helpful, but I am told I must specify the ports to open in the following format:

Initial UDP Outbound: ip address port list of ports


Subsequent UDP Outbound: ip address port list of ports


Subsequent UDP Inbound: ip address port list of ports

Can I safely say the following:

Initial UDP Outbound: xxx.xxx.xxx.xxx port 1024-65535

Subsequent UDP Outbound: xxx.xxx.xxx.xxx port 1024-65535

Subsequent UDP Inbound: xxx.xxx.xxx.xxx port 8767

Are there any other ports that must be opened to use the client?

Hi!

I'm not really sure, if i got you right, so please correct me if I did!

First, NEVER forward portranges unless you need them!
Just the ones you really need!
Second, if you are just using the client, you don't need forwarding anyway!
The firewall has to be configured to accept outgoing traffic for the needed port!
Default 8767 UDP! That's it!

Regs
R3

I had the following opened at the firewall:

Open the following:

Initial UDP Outbound: xxx.xxx.xxx.xxx port 8767
Subsequent UDP Outbound: xxx.xxx.xxx.xxx port 8767
Subsequent UDP Inbound: xxx.xxx.xxx.xxx port 8767

Where xxx.xxx.xxx.xxx is the IP address of the Teamspeak server. I verified w/ the server host operator they are using port 8767 and that the server is up and running. I did a tracert to the IP address and can resolved fine w/ 87ms response time.

I am using the 2.0.28.40 Teamspeak client on a 1GB/933MHZ win98 machine. I have a SMC Barracade router/firewall between my computer and the site firewall (site firewall of unknown make); local SMC firewall turned off for testing since this is under my control.

The error message is:

No reply from server
Maybe the server is offline
or maybe teamspeak is not running on it

I have verified with others that the server is indeed up and running.

I have RTFM'd, read this forum and have tried to self medicate. Any help anyone could give me here is appreciated.

Any help would be appreciated.

I believe your initial post was correct.. I believe initial outbound has to be that complete port range.. (as its the source port range.. that tryed to contact the server port at 8787..)

OK, based on the help above I requested the person who controls the firewall to allow the following:

Initial UDP Outbound: xxx.xxx.xxx.xxx port 1024-65535
Subsequent UDP Outbound: xxx.xxx.xxx.xxx 1024-65535
Subsequent UDP Inbound: xxx.xxx.xxx.xxx port 8767

He informed me that rather than get another request from me he did the following:

Initial UDP Outbound: xxx.xxx.xxx.xxx port any port
Subsequent UDP Outbound: xxx.xxx.xxx.xxx any port
Subsequent UDP Inbound: xxx.xxx.xxx.xxx port 8767

I still get the same error message which is:

No reply from server
Maybe the server is offline
or maybe teamspeak is not running on it

I have set the TS2 client connection parameters use IP address as the server name (note: DNS resolution is fine, but did this just-in-case.) I have verified w/ ping (92 ms average across 100 packets this AM) and tracert (6 hops) that I have a route to the server with acceptable latency.

Anything more I should be doing? Obviously, otherwise it would be working :confused: )

Thank you in advance for any help. If you need more information to trouble shoot this, let me know what you need and I'll obtain the information asap.

Bob Crumb

bumping to see if there is any help for someone seriously trying to get teamspeak client to work....

Little annoyed with your previous message. . but i did a search on our forum for you anyway...

http://www.teamspeak.org/forums/showthread.php?threadid=1035&highlight=SMC

also a couple other results.. might be worth checking out aswell.. just search for SMC*

1) use a port scanner to test if you can reach the destination (TS server) under its port (8767). Ping is ok, but is the port open to you ?

2) shouldn't be Inbound 1024 - 65535 and Outbound 8767 ???

Hi,
I am the admin of Bob's network. Please let me know if I am understanding this (as it appears to be the opposite of what is posted):

If you are running a server, you must allow
Inbound UDP on port 8767
Outbound UDP on port >= 1024

If you are running client, you must allow
Outboud UDP on port 8767
Inbound UDP on port >=1024

On the client side, most firewalls (NAT routers) will not require special mapping for the client to work as the outbound connection to the server will allow the subsequent inbound connections.

In our case, we are sitting behind a Cisco 2611 with a pretty tight access-list and it cannot allow inbound UDP based on an existing connection (thank you cisco) so we need to alow ports >=1024 from the server IP for this to work.

Does that sound right?

Justin

Hi Justin

this indeed sounds correct to me:

server is listening on port 8767 (default, you may change it) => Inbound 8767
server is sending to >= 1024 => Outbound >= 1024

same with client (as you describe it).
And what you say about NAT covers, what I belive to know about it :D


Cisco:
I only hava a little bit of experienxe with Cisco 2600 Gateway. But I belive to remember that cisco was always strong in source based routing. Of course this will only work if you connect to allways the same TS server with a fix IP and with only one client. In this case, the NAT Table has some advantages :-)

Otherwise opening all the ports, which is probably not an alternative...:(

Ok, I just installed TS server on my linux rig.... Now here is the deal. I've got it to work just fine on my internal network but for some reasons my firewall/router seems to be blocking connections from outside. I've done a port forward on 8787 but still not luck... Am I missing something???

Sam

Originally posted by JustinG
Hi,
If you are running a server, you must allow
Inbound UDP on port 8767
Outbound UDP on port >= 1024

If you are running client, you must allow
Outboud UDP on port 8767
Inbound UDP on port >=1024
...
In our case, we are sitting behind a Cisco 2611 with a pretty tight access-list and it cannot allow inbound UDP based on an existing connection (thank you cisco) so we need to alow ports >=1024 from the server IP for this to work.

I don't know the Cisco, but I'll talk about how I would approach this with iptables (the firewall/routing tool for Linux 2.4). IP tables lets you set rrules on both the source AND the destination port--for both inbound and outbound packets.

On this basis, I woud probably allow the following:
Outbound traffic with a source port of 8767
Inbound traffic with a destination port of 8767

However, If you are limited to always setting the destination port, then what you have is likely the most correct rule you can manage.

On the client front, what you can do depends a lot on whether the clients are NAT'ed. If they are NAT'ed, you can only get one client working without getting creative. If you can use the more flexible rules, I would allow the following:

Inbound traffic with a source port of 8767 (and a destination port >= 1024)
Outbound traffic with a destination port of 8767

If you are limited to strictly the destination port, your rules are again, the most correct available. In either case, the rules permit only one client with NAT

If you aren't using NAT, you need to repeat the rules as appropriate for all the client machines.

If you are using NAT, the only sure-fire way I can see to get multiple clients working would be to write a proxy that did the connection tracking for the firewall. Given, it wouldn't be fun (and would force all clients going through the proxy to use the same server), but it could be done. I would probably look to buy a new router before writing such a proxy.

I am probably telling you what you already know, but if you wanted validation from someone who likely has fewer credentials, you have it ;).

Originally posted by samw5
Ok, I just installed TS server on my linux rig.... Now here is the deal. I've got it to work just fine on my internal network but for some reasons my firewall/router seems to be blocking connections from outside. I've done a port forward on 8787 but still not luck... Am I missing something???

Sam

I'll make some assumptions here:

(1) The Linux box is both the network sharing box and the TS server
(2) There aren't any interfering rules on the router.
(3) The external interface is named eth0.

If all of this is true, I would try the following:

/sbin/iptables -t filter -A INPUT -p udp --destination-port=8767 -j ALLOW

Note that I set up the forwarding for port 8767--this is the default port for TeamSpeak, instead of the 8787 you cited.

If these assumptions don't hold or what I suggest doesn't work, more information would be helpful. Be sure to READ THE WARNING, one thing that might be handy would be the output of the following commands:

/sbin/iptables -t filter -L
/sbin/iptables -t nat -L

WARNING: This output may provide more information about your network than you want to reveal to strangers. If you decide to post it, take care to cleanse it of any information (IP/network addresses--especially the external ones) you do not want strangers to see. Also, before deciding to post, consider that it is easy to miss something in such a clean-up.

If you choose not to post this information (I'd mull it over some and sanitize it carefully), it would help to know the basic structure of your network (especially what device has the external IP, and where the TeamSpeak server is in relation to that device).