[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM connection issues



florian mosleh wrote:
> Essentially, the problem I'm having is that a client that connects to the
> internet through the new firewall (pf on openbsd 3.6) has problems establishing
> a connection to AIM (login.oscar.aol.com). I have performed severl ethereal
> packet sniffing sessions and can confirm that there is a successful connection
> established between the server and the client and then it just drops. Usually
> after about an hour or two of stubborn retrying and waiting it eventually
> works.
The first thing I'd do is check that the firewall was allowing packets 
to the correct destination ports. One site tells me that iChat and AIM 
use the same ports for transactions, so this page might be interesting:
	http://docs.info.apple.com/article.html?artnum=93208
If you've allowed most of the ports needed, but not all, then the 
connection will go nicely until the client suddenly uses a service that 
requires a forbidden port, and then it all goes bad. (I've had a similar 
problem in the past getting Steam and Counter-Strike:Source to work over 
firewalls.)
However, I've no idea why, if that is the problem, the connection would 
suddenly take and hold after an hour of trying. And I'm afraid I know 
nothing about the effect bonded T1 lines would have on a firewall setup.
By the way, iChat (and seemingly AIM) seem to need a large number of 
ports open to work. I wouldn't be keen on that. Make sure that you don't 
allow incoming packets that don't match stateful inspection, unless you 
absolutely have to. (If an application requires me to leave ports open 
from the outside, I ban that application on my network.)
-- 
Bob