Blog

Blog

Web Design Check List South Florida Tech Events

Optimizing Skype to Work in a LAN with Routers and Firewalls

Under: General - February 18th, 2010

Skype Network Settings
Network administrators can improve the quality of Skype calls by tuning the network’s handling of (TCP) and (UDP) packets for best Skype performance.

Configure settings on Firewall, Router or NAT device.

1. Outgoing TCP connections should be allowed to remote ports 1024 and higher.

2. Outgoing TCP connections should be allowed to remote ports 80 and 443.

3. Outgoing UDP packets should be allowed to remote ports 1024 and higher. For UDP to be useful
to Skype, the NAT must allow for replies to be returned to sent UDP datagrams. (The state of UDP
“connections” must be kept for at least 30 seconds, and Skype recommends that these translations
be maintained for as long as an hour, if possible.)

4. The NAT translation should provide consistent translation, meaning that outgoing address translation
is usually the same for consecutive outgoing UDP packets.

Skype relies heavily on UDP packets to help maintain the best possible quality of connection among peers because UDP packets
can be transmitted quickly and require very little overhead to manage.

However, for UDP communications to work properly for Skype through NAT, the translation rules for
UDP packets must be consistently handled, meaning that UDP packets set from one
external network address and port number must be consistently translated to an internal
network address and port number without varying either the network address or
port number.

Although the use of UDP is optional — meaning Skype will work fi ne without the ability
to transmit UDP messages — the call quality experienced by Skype users will be much
better, on average, if the caller is able to send UDP packets to the called party and
receive UDP answers in reply.

Tip: Checking your network for P2P friendliness
Many of our customers have told us that they use a freeware program called “NAT
Check”, written by Bryan Ford, to see if their network’s UDP translation is compatible
with P2P protocols including Skype. The NAT Check program is available for free
download from the program’s website at http://midcom-p2p.sourceforge.net and
is available in a precompiled form for platforms running Microsoft Windows, Mac OS X
and Linux. (NAT Check is not Skype software.)

UDP RESULTS:
UDP consistent translation: YES (GOOD for peer-to-peer)
UDP loopback translation: YES (GOOD for peer-to-peer)
UDP unsolicited messages filtered: YES (GOOD for security)

In the result of NAT Check shown above, we see that the network’s UDP translation is
applied consistently (“consistent translation”), that the input and output ports are identical
except in the event of a confl ict (“loopback translation”) and that unsolicited UDP
packets sent to the network are discarded (“unsolicited messages fi ltered”).

Although not strictly necessary, it is preferable for the network’s fi rewall or NAT gateway
to support IP packet fragmentation and reassembly. In addition, the fi rewall must
not block an attempt to send parallel UDP packets or TCP connection attempts to
multiple ports at the destination address. Some fi rewalls misclassify such behavior as
port scanning and therefore block the host altogether. Such behavior could not only
impact the ability of Skype to run but would likely impact other legitimate network applications
running on the same host computer.

Skype and proxies
Skype fully supports SOCKS5 and HTTPS/SSL proxles, including optional authentication.
For SOCKS5, the proxy must allow, at a minimum, unrestricted TCP connections to
at least port 80, or port 443, or high-numbered ports, meaning those numbered 1024
and higher. For HTTPS/SSL proxies, the proxy must allow unrestricted TCP connections
to port 443.
On Microsoft Windows platforms, Skype uses the proxy settings in Microsoft Internet
Explorer to determine what proxy settings, if any, to use. However, the Skype user can
set the SOCKS5 or HTTPS/SSL proxy manually, including any needed username and
password for proxy authentication.

Comments (0)

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Spam Protection by WP-SpamFree

Contact us
Attracting ready-to-spend traffic cenango customer Interaction Customer Relationship date delete Design E-mail Email marketing Entertainment Florida Florida Businesses Florida Web Design Forum Software Google health iPhone Macromedia Contribute Malicious Insider Attacks Management Miami Miami Web Design Online Marketing Tricks Open Source Software Forums password PHP Programming prestashop price match reset Search Engines SEO Social Networks South Florida SXSW Technology TED TEDx TEDxBrickell Ubiquity User Experience Web Design Web Designing Tips Web Development website design Website Redesign