AIM & Firewall

[jfiorini]

I am currently running Freesco 0.2.7 and my friend is using a D-Link DI-704 router. We are trying to direct connect and/or send each other files. We have both opened port 5190, but to no avail. Anyone have any ideas?

Joe
"The Cannabilistic Native from the Land of Oz"

 

[jfiorini]

bump

 

[riddelrp]

bump to get some info

-Ryan

 

[jfiorini]

bumpity bump

 

[ojai00]

Special Port list

Take a look at that list. According to it, try opening up TCP port 4099 to send data out. Hope this helps.

 

[CSoup]

bump.

 

[Kadarin]

In AIM's preferences, there is a Port setting for File Sharing, and another Port setting for File Transfer. Set the desired one to a port you have open in the router. It should work, but if not, try your router's DMZ functionality.

 

[CSoup]

<< In AIM's preferences, there is a Port setting for File Sharing, and another Port setting for File Transfer. Set the desired one to a port you have open in the router. It should work, but if not, try your router's DMZ functionality. >>



Tried both of those already. I think I kind of know what is going on and think that there is no solution other than if the router firmware was changed to handle it. I think the reason that DMZ and port mapping does not work is that the ip AIM sends to tell the other user to connect to is the local ip instead of the ip of the external internet connection (like 192.168.*.* instead of the true ip).

Anybody found a successful solution?

 

[sml]

i know from dealing with AIM at work that it seems to be fairly resiliant; i've filtered 5190/tcp and watched it go out on 21/tcp - as for your NAT situation, I don't see why your router would differentiate between sending a NAT'd AIM packet vs any other kind. remember, all NAT does is re-write the src/dst IP - AOL's servers should not know/care the difference between a NAT'd and non-NAT'd host. HTH.

 

[CSoup]

<< i know from dealing with AIM at work that it seems to be fairly resiliant; i've filtered 5190/tcp and watched it go out on 21/tcp - as for your NAT situation, I don't see why your router would differentiate between sending a NAT'd AIM packet vs any other kind. remember, all NAT does is re-write the src/dst IP - AOL's servers should not know/care the difference between a NAT'd and non-NAT'd host. HTH. >>



I'm not saying that NAT is changing anything about the packet. In fact I think that the packet might need to be modified to get it to work with AIM file transfer. Chat works fine when both people are behind a firewall because all messages are routed through AOL servers that most people connect to on 5190. The problem with file transfer is that it relies on a direct connection between two clients. This means that at least one of the clients needs to know the ip of the other client. This is fine when one or both the clients have a direct connection to the internet. When both are behind a NAT box though, they both have local ips such as 192.168.*.*. This means that in the file transfer message that gets sent, the ips of both clients are non-reachable and thus even if you open all ports, the file transfer can not happen. If they instead get the ip from the initial connectio to 5190 that is used for chat then mapping ports would work, but it does not appear so. If I have time I will analyze the packet stream to see what ip address is being sent out to confirm my hypothesis.

 

[riddelrp]

perhaps forwarding a certain port (say 5190/tcp and/or 21/tcp) will allow for it...

I will check into this tomorrow when my friend is awake

-Ryan

 

[riddelrp]

tried my above idea to no avail

-Ryan

 

[jfiorini]

I d/led EtherBoy packet analyzer today, so as soon as I figure out how to read the data, I'll see if I can figure anything out.

 

[jfiorini]

Well, I figured it out. I did a direct connection with my roommate (I'm behind the firewall, he isn't), and sure enough the source IP was 131.238.220.128 (his IP from the school's DHCP server) and the destination was 192.168.0.5 (my IP from my router). I wonder if that means that if I try to connect with someone whose computer has the same IP as one of mine behind a firewall, if I'll try to connect with that computer...
I'm going to look for a solution to this problem. I'll get back in a little bit.

 

[CSoup]

<< Well, I figured it out. I did a direct connection with my roommate (I'm behind the firewall, he isn't), and sure enough the source IP was 131.238.220.128 (his IP from the school's DHCP server) and the destination was 192.168.0.5 (my IP from my router). I wonder if that means that if I try to connect with someone whose computer has the same IP as one of mine behind a firewall, if I'll try to connect with that computer...
I'm going to look for a solution to this problem. I'll get back in a little bit. >>



Thanks for confirming what I suspected all along. There is no reason AOL can't change their code to make file transfer work with mapped ports. All they need to do is get the ip from the original login connection instead of using the client's internal ip which is the one given by the router.

 

[jfiorini]

From the AIM website:
If you and your buddy are each behind a different firewall, then none of the features which require a direct connection will work (including: IM Images, File Transfer, Talk, Buddy Icons, Send Buddy List, and Games/Add-Ins). This is a function of your firewall software doing its job, and is not a bug in AIM.

Damn it... can't even get help!

 

[Laguna]

Has anyone gotten around this problem?

 

[RemyCanad]

So your router is a proxy also?