?
Solved

ICQ Shared Files and Firewall

Posted on 2003-03-11
10
Medium Priority
?
3,674 Views
Last Modified: 2013-11-29
I am using ICQ 2003a and have set up a shared folder service.  I am also using Gnet IP0008 router which has a firewall built into it.  People can access my shared folder if they are NOT using a router firewall but if someone is using a router with firewall we can't send/receive files or access shared folders (chat works fine).  I have tried most of the settings in the connections (General, Server, Firewall and User) configuration but can't seem to get it right.  Also I not sure if I should be using proxy settings or how they work.

Does anybody have any insight into this?

Thanks,
Jeff
0
Comment
Question by:jpanderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 7

Expert Comment

by:jatcan
ID: 8113035
Open ports 2000-4000 should resolve the problem, these ports must be open on BOTH firewalls..I'm checking right now to see if any other ports hafta be opened but I don't think so..try the above for now.

Cheers.
0
 
LVL 7

Expert Comment

by:jatcan
ID: 8113100
Hey,

Found this at the following url:

http://www.icq.com/icqtour/firewall/netadmin.html


====================================
For ICQ to successfully work behind a firewall the following system configurations must be set by the System Administrator for the systems network.

Client to server Communication:
This is done via port 5190 TCP to login.icq.com (please note- allow a bi-directional connection to the port for login.icq.com and not any specific IP address, since it stands for more than one IP address).

Client to client communication:

Client to client connection is done using the TCP protocol, using port range 1024-65535. This means that the client needs an open listening port within the mentioned range-- 1024-65535.
=========================================
So you need 5190 open to communicate with the ICQ server and any range of ports open on the firewall to transfer files, BOTH firewalls must use the same range. The ones I mentioned in my above post, I beleive, are the default ports used by ICQ so you won't do to bad by opening that range on both firewalls. AND, this is why I sue an ftp server to transfer file snad simply leave one port open for chat...to insecure to do file transfers through these chat programs.

This may also be of some use to you also:

http://www.icq.com/icqtour/firewall/#configure

Cheers,

J
0
 
LVL 4

Author Comment

by:jpanderson
ID: 8113554
I have read all that stuff but it didn't help me.

On my router I have a section called Special Applications, is this where I would put it?  It has three sections: ID-Trigger, Incoming Ports and Enable (check box).  So would I put the 5190 in the ID-Trigger and leave the Incoming port empty and obviously check the box to enable.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 4

Author Comment

by:jpanderson
ID: 8113559
Ths is the help text for above:

Help - Special Applications

Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony and so on. Due to the firewall function, these applications can not work with pure NAT router. Special Applications makes some of these applications to work with NAT router. The settings are:
Trigger The outbound port number issued by the application.
Incoming ports When the trigger packet is detected, the inbound packets to the specified port numbers are allowed to pass through the firewall.
0
 
LVL 7

Expert Comment

by:jatcan
ID: 8114058
I just found this:

In ICQ under "Preferences & security", "Preferences" and Connections, click on "I am behind a firewall or proxy" then click on "Firewall Settings". Then select "I don't have a SOCKS Proxy server on my firewall" or "I am using another Proxy server". Click Next.  Click "Use the following TCP listen ports for incoming event" and set the TCP ports for 20000 to 20019 for the first user, 20020 to 20039 for the second user,  20040 to 20059 for the third user, etc.
OUT   UDP     4000
IN    TCP     20000   20019 for one user
OR
IN    TCP     20000   20039 for two users
OR
IN    TCP     20000   20059 for three users, etc.

here:

http://www.practicallynetworked.com/sharing/app_port_list.htm

Of course after you do this you will have to open those ports on the firewall/router, the first being the trigger.

Hope it hepldes. I personally do not like ICQ ahd haven't got it installed, so it's just a matter of finding "already" posted information.

Cheers,

J
0
 
LVL 7

Expert Comment

by:jatcan
ID: 8114087
I just found this:

In ICQ under "Preferences & security", "Preferences" and Connections, click on "I am behind a firewall or proxy" then click on "Firewall Settings". Then select "I don't have a SOCKS Proxy server on my firewall" or "I am using another Proxy server". Click Next.  Click "Use the following TCP listen ports for incoming event" and set the TCP ports for 20000 to 20019 for the first user, 20020 to 20039 for the second user,  20040 to 20059 for the third user, etc.
OUT   UDP     4000
IN    TCP     20000   20019 for one user
OR
IN    TCP     20000   20039 for two users
OR
IN    TCP     20000   20059 for three users, etc.

here:

http://www.practicallynetworked.com/sharing/app_port_list.htm

Of course after you do this you will have to open those ports on the firewall/router, the first being the trigger.

Hope it hepldes. I personally do not like ICQ ahd haven't got it installed, so it's just a matter of finding "already" posted information.

Cheers,

J
0
 
LVL 7

Accepted Solution

by:
jatcan earned 1000 total points
ID: 8114277
OK-I've done a little reading on your unit.:found here.:


http://practicallynetworked.com/review.asp?pid=331

What I understand about it is that you actually need 3 entries for ICQ:

1.) ICQ-Connection to the ICQ server

TCP-open port 5190

2.) ICQ-Chat capabilites

TCP-open ports range 2000-2400

3.) File Transfers and everything else ICQ

UDP-open port range 20000-20039

AND also this set of instructions for tips on opening ports for special applications:

found here:

http://www.practicallynetworked.com/sharing/app_ports.htm


Use a fixed IP address for the computers that are the targets of your port mappings.  
If you use a DHCP server to assign your Client computer IP addresses, your Port maps will stop working when your Clients obtain different IP addresses from the DHCP server.  
(Of course, if you assign a fixed IP address, make sure you enter the proper Gateway and DNS information into the Client's TCP/IP properties.)
(NOTE: If you are using a NAT router that supports triggered maps, you can ignore this step.)

Set up the mapping using the IN port and protocol information.
If you see a single number, like this:
                   IN      TCP     113
that's a single port.  
If you see two numbers like this:
                   IN      TCP     113 120
it means you need to map a port range from port 113 to 120.

Make sure you enter both the TCP and UDP information in separate mapping entries if your router allows you to specify the protocol used.  
If it doesn't allow you to specify TCP or UDP, then enter separate mappings for both the TCP and UDP table entries, but only if they are different port numbers.

Example 1
The application port information looks like this:
IN      UDP     1140    1234
IN      TCP     1140    1234
Your router doesn't let you specify TCP or UDP, so you make one mapping for port range 1140 to 1234.

Example 2
The application port information looks like this:
IN      UDP     51200   51201
IN      TCP     51210
Your router doesn't let you specify TCP or UDP, but the port ranges are different, so you make two mappings: one for port range 51200 to 51201; the other for port 51210.

If your router doesn't support triggered maps
(most don't) first don't enter the OUT information.  However, if the application doesn't work, try adding the OUT  information to your mapping.

If you don't find your application's information in the list below,
consult the application's Help files or Web site FAQ.  The information is usually in a section about Firewalls, or Proxies.

To access your mapped application, remember to use the IP address assigned by your ISP.
Don't use the private, non-routable address that your router assigns (example: 192.168.0.X).  The ISP-assigned address might be assigned dynamically and could change from time to time, which can make it difficult to connect to your special application.  You can use a Dynamic DNS service to prevent this.

================================
I successfully setup MSM for chat and file transfers using these methods and specific ports as triggers, then port ranges for file sharing..so I know it can be done. Just I have never actualy done it for ICQ and/or Nexland routers.

Anyways, thast loads of info and if worse comes to worse you can always put in an allowable range of 1024-65536...? Which would open ALL those ports for whatever trigger is working, I'd try 5190 first, then 2000, then 20000. One of them HAS to work for you.

Cheers,

j
0
 
LVL 4

Author Comment

by:jpanderson
ID: 8115349
Thats why I love this site...ask a question and get the answer.

Made the changes in ICQ for the the TCP Port settings and then changed the router and its working good.  One problem is that the connection is getting dropped for brief periods of time but I should be able to figure that out.

Thanks jatcan...great work.
0
 
LVL 7

Expert Comment

by:jatcan
ID: 8118296
Your welcome!

Thanks for the grade!
0
 
LVL 4

Author Comment

by:jpanderson
ID: 8141658
I figured out why the connection was being dropped intermidately and it is because I have another computer running another icq number that I had left the port setting at 5190 on the server tab in connections connected to the same router.  I changed it by hitting the Auto Configure button and it seems to work fine although I am just testing on intranet and not the internet.  I wrote a litle help file that can be sent to anyone if they send an email to jeff@jpanderson.com with "ICQ and Router Settings" (without the quotes) in the subject line.  If anyone wants to test it I will give them the icq number for that machine.  Please get the help file first and have icq installed.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question