cancel
Showing results for 
Search instead for 
Did you mean: 

Speedtouch 510 Firewall

ESL
Grafter
Posts: 70
Registered: 05-08-2007

Speedtouch 510 Firewall

Hi Guys,

I am a complete firewall novice but feel comfortable with a CLI.

Could someone advise me how to open the relevant ports on a Speedtouch 510 v4, to allow MS Messenger audio and video?

I can communicate via normal typed messages, but the AV won't work.

Many Thanks in advance.
8 REPLIES
Brickinit
Grafter
Posts: 450
Registered: 06-08-2007

Speedtouch 510 Firewall

hi
i found this on ths msn help site, it's not where i was tring to get as another help site of theirs i was on the other night gave more in-depth help but the link seems to be broke at the moment

malc


FirewallsYou can use the Voice features of MSN Messenger if you are behind a Universal Plug and Play (or UPnP) firewall or are using Universal Plug and Play (or UPnP) Network Address Translation (NAT) with your home PC. An example of an UPnP firewall\NAT is Windows XP ICS (Internet Connection Sharing).

If you have a personal firewall installed on your PC, please:

Verify with the manufacturer of your PC that the firewall is UPnP compliant.
Try disabling your firewall and making a PC-to-PC/PC-to-Phone call. If you are able to complete your call successfully with your firewall disabled, it is likely that your firewall is not UPnP compliant.
Check with the manufacturer of your firewall to see if a UPnP version is available. If it is not, you will be unable to access the PC-to-PC/ PC-to-Phone voice features with your current firewall.

One exception to the UPnP firewall requirement is for users behind an ISA Firewall Server. This is a corporate class firewall and you should either consult your corporate Helpdesk or consult your ISA Firewall Server documentation for more information.

If you have any questions on whether you are behind a firewall or what type of firewall it is, please contact your ISP or corporate Helpdesk.



Network Address Translation (NAT)

MSN Messenger PC-Phone features should work behind most Network Address Translation (NAT) devices or software. There is, however, a chance that certain implementations of the NAT standard by some manufactures could be broken.

To ensure the best results when using NAT, make sure you have the latest version of both the firmware and software. These should be available from your NAT manufacturer's Web site. For more information on updating your device or software, please refer to the documentation that came with your NAT.
Brickinit
Grafter
Posts: 450
Registered: 06-08-2007

Speedtouch 510 Firewall

Link

found this website which should help

[Moderators note (by Thomas): Display text added to link, so it doesn't disrupt the page layout.]
N/A

Speedtouch 510 Firewall

Interesting that "happyhound" mentioned UPnP, for the SpeedTouch 510 v4 is a UPnP compliant router, so with UPnP switched on (which it is by default), no manual intervention should be necessary. What happens, though, should you have something else (software firewall / some other device) between the PC application and the SpeedTouch, I don't know -- would the intermediary "consume" the UPnP message, or would it be forwarded to the SpeedTouch, so it knows it needs to configure itself to allow the incoming traffic expected by MSN Messenger?

The alternative to UPnP is to do it the good old-fashioned way (manually). The problem is, you first you have to know which ports/protocols need to be opened!

If you have a software firewall on your PC you might like to try an experiment in which you configure the PC as the "DMZ" host (look on the router's Advanced/NAT page). This is called the "Default Server" in the latest firmware.

Incidentally, revised firmware (version 4.2.5) and documentation for the SpeedTouch 510 has recently been posted on the support website. See http://www.dslsupport.co.uk/st510.asp. The firmware is easy to install using the upgrade utility which may be started from the menu of options displayed when the product CD is loaded in a drive. Router settings are retained across the upgrade, and the web interface has additional options (including a tab for setting UPnP on the Advanced/NAPT screen). A worthwhile upgrade in my view!
Brickinit
Grafter
Posts: 450
Registered: 06-08-2007

Speedtouch 510 Firewall

the text in my first posting i pasted in from MSN's help site, it means very little to me i'm afraid. the reason i was looking at it in the first place was that when i have been trying to recieve large file(20 megs) being transfered through MSN it takes an age, in their help files it tells you to open asmanyTCP ports between 6891 and 6900. but i can't find out how to enable this. any pointers?
ESL
Grafter
Posts: 70
Registered: 05-08-2007

Speedtouch 510 Firewall

Hi Guys,
Thanks for the responses.

Yeah, I would have thought that a UPnP router would automatically route UPnP requests too. To be honest, the guys I am trying to connect to is using another type of router (I have yet to find out what...) and it may be that the problem is at his end, not mine! So we still have a little working out to do.

I think that Messenger uses port 1440 from what I have been able to find out, and to be really honest, I am using this little task as a means of learning a little more about the firewall. I have been able to find the CLI commands to turn it on and off, so that wil help me find out if it's my firewall or his.

I'll have a go at loading the new firmware and see if it is useful. Although I must admit, I wish someone would get around to publishing a useable web interface to the Firewall!
N/A

Speedtouch 510 Firewall

If you save your router's settings as a configuration file, view it (any editor will do) and then scan down for the [ pfirewall.ini ] section, you'll probably see there's just one rule relating to forwarding packets:
rule create chain=forward index=0 srcintfgrp=wan dstintfgrp=wan action=drop

In other words, if a packet arrives from the router's public interface and the routing table indicates it should also leave the router through the public interface (ie it's not a packet which will be forwarded to your LAN), then the packet will be dropped. Anything else, and the packet will be accepted.

So, unless you've changed the rules, it's not the firewall which is stopping traffic for your LAN from reaching you, it's NAT. Add some NAT entries and the traffic will be forwarded without the firewall getting in the way.

The 6891 - 6900 ports were referred to by Microsoft in the context of file transfers, if I remember correctly. I saw nothing about audio and video.

The Command Line Interface Guide (the latest version is on the webpage indicated in my earlier post) gives details of the commands which may be used for all router functions.

I find an easy way of configuring the router is to save the current configuration in a file on my PC, and then edit a copy of this file. The new configuration file may then easily be loaded back in. If it doesn't work, it's easy to return to the original configuration by loading the file downloaded at the start.
ESL
Grafter
Posts: 70
Registered: 05-08-2007

Speedtouch 510 Firewall

As a matter of interest (and as I am just getting to grips with routers et al), does the new firmware allow viewing the router access or Firewall logs - to the degree necessary to see if it has been dropping packets where the port is closed?

I must admit, I am only used to using a software firewall like Zonealarm. Router firewalls are a steep learning curve :?
N/A

Speedtouch 510 Firewall

There is a "systemlog" feature under the "Basic" menu. From what I can make out, this should report firewall activity, but none appears in mine!

The "systemlog" screen can be seen in the new User Guide (PDF). The systemlog feature is documented in the CLI Reference Guide (PDF). As far as I can make out firewall events should be logged to the systemlog, and I don't know why mine aren't. The firewall rule stats command certainly shows plenty of activity, but I don't see the details in the systemlog.