 |
 |
Firewall Support for Network Administrators |
The following pages are intended for Network Administrators who would like some assistance about how to
operate the ICQ program from behind a firewall.
If you are an ICQ user who needs help please click here.
Due the large number of firewall versions it is sometimes difficult to find a solution to every problem.
At ICQ we are continuously investigating solutions to firewall problems. If you are a Network Administrator
and you still have difficulties configuring ICQ to work behind your System's Network after reading these
pages, then you can contact the ICQ Support Team.
If you wish to share any comments you have on this issue, you can also post them on the ICQ Message Boards.
|
Firewall Settings Requirements: |
For ICQ to successfully work behind a firewall the following system configurations must be set by the System Administrator for the systems network.
Client to server Communication:
- This is done via port 5190 TCP to login.icq.com (please note- allow a bi-directional connection to the port for login.icq.com and not any specific IP address, since it stands for more than one IP address).
Client to client communication:
- Client to client connection is done using the TCP protocol, using port range 1024-65535. This means that the client needs an open listening port within the mentioned range-- 1024-65535.
|
If your Network firewall settings meet the above requirements, you do not to need to configure ICQ to work behind a firewall.
|
|
In the event that your systems
network has difficulty setting the above
ICQ firewall requirements you
may wish to check some of the
possibilities below for finding a solution
to your firewall problem:
|
- The TCP Listening Port range is too large
Minimize the range. you can open a smaller range on your firewall,
and then you must
configure ICQ to work through the specific port range
you have dedicated.
- In the event you cannot open any TCP listening port
If you cannot open the TCP listening port but you can open a bidirectional TCP connection to the internet,
configure ICQ to work with no listening port.
Note: Communication between LAN users and any Internet user who cannot open a listening
TCP port cannot be accomplished. To prevent this from occurring use Socks4.x.x
or Scoks5.x
compatible firewalls. This requires the use of a proxy server (Socks4.x/Socks5.x.x).
The ICQ client must have access to the Socks4.x/Socks5.x.x
server, and the server must have full access to an Internet connection, including opened
listening TCP ports.
The Socks server acts like a bridge to the Internet and ICQ is the pedestrian.
Otherwise, HTTPS will not be able to carryout peer to peer connection.
This means that a web proxy (client) may relay a request to the
web servers, but it will not be acknowledged by the servers, therefore no answer will be
given to the information request.
- Your connection to the Internet is done using IP-Masquerading
This means you cannot open any listening ports, and you need to use the
basic firewall configuration.
Once again,using this option your users will not be able to communicate with any user who cannot open
a TCP listening port. To solve this problem use
Socks4.x or Socks5.x Proxy server.
View ICQ with Socks4.x configuration
View ICQ with Socks5.x configuration
View ICQ with HTTPS configuration
If you wish to share any comments you have on this issue,
You can post them on the ICQ Message Boards.
|
Back to ICQ Firewall center
|
|
