Firewall (once again...)

[woodie1]

Please give me the correct info.. I can't believe the the teamspeak client, can listen on all 64511 (1024 -65535) port, waiting for info from the server. I am not willing to open all this ports up, just for this app the work.... How can the server decide what port to use.. This doesn't make sence....

The client tries to connect to 8767, then the server must respond on 8767.. Not some thumb suck port.. My first question in Why???

It seem that noboby really knows how this work... Please explain to me, what I must configure om my firewall, NAT, so that teamspeak can work.. Please don't tell me to go and read the manual, because the manual doesn't explain... And there is no way I'm opening all that ports... What is the use of the firewall then...

I'm calling on the #1 Tecnhincal Support guy.. Please speak to me..

[Bastian]

I'm calling on that guy, too. He should come and delete this thread.

If you don't believe what the manual tells you, go away.
In addition, you should try thinking before posting.

Your client is able to connect to more than just one server in the world and not every server is running on the standard port. A TS server hoster would need thousands of IPs for every server if it wasn't possible to have TS servers on different ports.

And if you don't want to open all those ports, you won't be able to join all servers running on these ports. If that's not a problem for you, you are free just to open port 8767 and leave the others closed.

[woodie1]

I understand the part of the servers running on certain ports, and I need to open them.. But, I only want to connect to one server, running on port 8767.. But it doesn't work..

It seems like there is some sort of authentication involved, that doesn't run on this port.. If I open my firewall, i can connect, then I close all the other port, and it still works..

But when it is locked, I can't connect.. Is there some other ports used for Authentication???

[Brain]

Unfortunately I can't help you since I don't know the way a Teamspeak Client connects to a server.

In simple terms a client->server connection works like this (for argument's sake let's assume the client's IP address is 1.1.1.1 and the server's IP address is 2.2.2.2):

The client sends a message to the server. It needs the Operating System to assign it a port to which the server can respond. This temporary port is drawn from a pool known as the ephemeral range which is between 1028 and about 3000. I say about because it varies from OS to OS, also you can set it manually on most non-M$ Operating Systems.
1.1.1.1:1425 -> 2.2.2.2:8767

The server receives the message and sends one back:
2.2.2.2:8767 -> 1.1.1.1:1425

So far, so good.
Now, we must take into account that you have router doing network address translation (NAT). That means it maintains a table of which external port is mapped to which internal IP address and port.
Let's see the same scenario with a NAT router in-between:

Client wants to send a message to server.
1.1.1.1:1425 -> 2.2.2.2:8767
Since the server is not on the LAN the request gets forwarded to the default gateway which in this case is the NAT router. Let's say its internal IP is 1.1.1.100 and its external IP address is 3.3.3.3
Router sees this destination: 2.2.2.2:8767 and this source: 1.1.1.1:1425
It replaces the source with its own external IP address and assigns a free external port. It saves the information in its translation table.
It sends the original message with modified header:
3.3.3.3:20034 -> 2.2.2.2:8767
The Translation table:
external port 20034 <-> internal ip and port 1.1.1.1:1425

The server receives the message and answers:
2.2.2.2:8767 -> 3.3.3.3:20034

The NAT router receives the message and looks up the port 20034 in its translation table:
2.2.2.2:8767 -> 1.1.1.1:1425
and once again modifies the header and puts the message on the local network.



That's the way things work in essence.
Now, if the NAT router receives an incoming packet with a destination port that is NOT in its translation table it will simply drop it, unless you specified a DMZ host. In that case the packets that would normally be dropped will be modified and sent to that host on the network.

If Teamspeak adheres to this way of establishing a connection from the inside to the outside then you don't need any port forwardings at all. You only need port forwardings if someone wants to establish a connection from the outside without you "inviting" him in the manner as shown above.
That's why often NAT is advertised as a security feature, which it really isn't.

I'm using a NAT router myself and i don't need any port forwardings to connect to any TS server on any IP address/port. I assume you either have a very strange router or simply misconfigured something.

[woodie1]

Brain..

It seem like you know what you are talking about.. GREAT!!!... Can you please try to assist me...

I use ISA server on 'n windows2003 box... I don't use port forwarding, because i don't have any server on my lan.. I only wish to connect with a client to the outside...

I've configure my ISA server, to allow the port 8767, but for some reason, it doesn't work.. All other protocols I've configured, does work...

Funny finding : I've open all ports on my Firewall, then I was able to connect to TS. While I was connected, I closed all ports, and only allowed 8767. To my shock... The connection still worked!!!.

So, i seems that opeining the port 8767 is part of the solution. I think there must be some other port(TCP, i guess), the is used for authentication.

I want to connect to IVAO servers. (online flying)... Don't know if there is any catch...

Any ideas???

[Brain]

I don't know what an "ISA Server" is supposed to be, and what do you mean by "opening ports"? And what firewall are you talking about?
It looks like you're talking M$ here, my last ties to M$ are Win98SE and FS2004. Sorry you're on your own.

[woodie1]

You know, I don't have a clue what you are pondering.. But i will figure it out.. Thanx in any case for the help...

[guldi]

Funny finding : I've open all ports on my Firewall, then I was able to connect to TS. While I was connected, I closed all ports, and only allowed 8767. To my shock... The connection still worked!!!.

So, i seems that opeining the port 8767 is part of the solution. I think there must be some other port(TCP, i guess), the is used for authentication.

Are you aware about the differenze of "incoming" and "outgoing" ports ?

[Hiawatta]

Woodie,did you get it to work eventually?
I use ISa server too and still can't get it to work. A solution would be appreciated.

[-=EM=-DavE]

Hi i have a rooter also....
everything in teamspeak works good, I have a server running all the time and i now use it for my gamers clan... the thing is that our clan have friends that we re scrimming with and when this happen we have to connect on their ts server (that hven't the same ports working than mine...i think) and i dunno why i tryed to open several ports by the firewall of my rooter even by an other way to open port that d-link(yes this is my rooter a d-link) calls application with multiple ports and nothing works... i have to connect myself direct to the modem connect to their server and once done quickly plug the cables back to rooter and to modem in order to be able to connect to their ts server.
if i try to connect without writing the port it says "bad login/password " and if i write port it says "[10:56:01] No reply from server
Maybe the server is offline
or maybe teamspeak is not running on it"

i join here my logfile after i run it on debug....

Code:

---------------------------------------------------------------
-------------- log started at 22-04-04 10:35 -------------
---------------------------------------------------------------
22-04-04 10:36:01,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:40:43,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:41:15,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:41:50,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:42:09,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:42:27,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:43:58,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:44:50,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:45:14,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:45:39,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:47:14,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:48:10,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:50:01,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:50:27,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:50:27,2700,WARNING,All,procedure TDICallBack.execute,"The operation had no effect." or "The device buffer overflowed and some input was lost." or "The device exists but is not currently attached." or "The change in device properties had no effect."
22-04-04 10:51:46,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:52:55,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait
22-04-04 10:56:01,324,ERROR,ProcedureInfo,Client Open,Exception: Timeout on recv LoginStep2 wait

i dunno what to try now the only way i have to connect on their server is to connect direct into my external modem connect to their server and (doing it quick) plug the cables back to my computer and rooter...
Do you know what have i wrong configured and why this is the only server(i think) where i have this trouble?
Do you also have any suggest to configure my rooter properly?

P.S.: I rad this guys thread about the manual... I'm not going to give him any credits becaus everything is in this manual it's with his(the manual) help that i already have done all what you can read in my message and i'm pretty sure my solution is inside of it somewhere... I'm just too st***d to find it....So complains about this manuals that he did sounds more like :"I'am to lazy to open my eyes and read a complete manual i prefer to set faults on manual and write some ltl letters..."

so thx for help if i have some...

[pim]

I use ISA server on 'n windows2003 box... I don't use port forwarding, because i don't have any server on my lan.. I only wish to connect with a client to the outside...

Woodie, you confuse me here. Are you using w2k3 as a client then. I thought this release was meant to be a server

Bear in mind that portforwarding does NOT have anything to do with having a server or not. As soon as you are behind any kind of router, firewalled (dsl-) modem or use any of the software firewalls, you will definitely need portforwarding

Don't knoe too much about ISA servers, I only use them but don't configure them,but if you do a search here on "ISA"' 5 will give you ten that you will find something

[pim]

@ Dave,\\yours is uniquely a router and/or firewall problem

Either the d-link doesn't behave right or is misconfigured. Search on D-link and you will find some fellow-users. Alternatively check the D-link site

Also check if yo have any firwalls running. Especially Zone-Alarm and PC-cillin are notorous for still blocking traffic although they are disabled or switched off

[hoergen]

youd dont have to disable the firewalls. You only have to go deep in the system settings (same in outpost firewall) and decheck Block incoming UDP requests.

If you´ve done so, it will work fine.