Re: Oh fie...if it ain't broke, don't fix it... by N
N
Mon Jul 05 03:50:32 CDT 2004
In article <MPG.1b52848f65cdabc498a12a@msnews.microsoft.com>, N. Miller
says...
> No Japanese character input (I am running on Windows Me, U.S. English, and
> my next O.S. will most likely not be Windows XP; of any flavor). I couldn't
> see any indication that file transfer was playing UPnP with my Netgear
> FR114P router; looks like no SIP. I decided I was going to go back to the
> way things were; MSN Messenger 5.0, and forget about file transfer, and
> voice; things which Yahoo!'s messenger does very well on this box. Only...
Okay, I am somewhat mollified; after a couple of hours of cursing MSFT...
Japanese character input; not possible with MSFT's JAIME. However, the $99
wonder program that never worked with MSN 5.0 does work with MSN 6.2; NJStar
Communicator 2.30. It won't display properly in Trillian, where JAIME in MSN
5.0 would, but if it does display properly in remote MSN 6.2 clients then I
will be happy.
File transfer was a bit rough to sort out. Although the Netgear FR114P is
UPnP capable, I only saw "You are connected to the Internet through a non-
UPnP IP restricted NAT." It took me a while of playing with Kerio Personal
Firewall (more cursing at them for a database of rules that gets jumbled if
one gets careless in reordering them; arrrrrgggggghhhhh!) to figure out that
I was blocking a port 80 connection from the client to the router.
Lassies and laddies; if you are running a software firewall to control
outbound connections, mind your ports.
You will need to allow UDP in both directions between local ports in the
range of 1024 to 65535 and remote port 1900 on your LAN subnet. It looks
like you can just limit the remote IP address to the computer on which the
client is running. Yes, not very intuitive; it looks like a loopback
connection to the SSDP services.
You will need to allow TCP from your local IP address (your computer) on
ports 1024 to 5000 out to your router's IP address on port 80.
You will need to allow UDP in both directions between local ports 1024 to
5000 and remote ports 9, and 7001, for remote IP addresses 64.4.12.200 and
64.4.12.201. Also note, those IP addresses could be subject to change; if
you use IP addresses for configuring rules, you may want to run an ARIN
whois and widen that range. The TCP/IP port list I checked call those ports
"Discard" (port 9) and "Callback" (port 7001), but I don't really know what
MSFT is doing with them.
You will need to allow TCP from your local IP address (your computer) on
ports 1024 to 5000 out to port 443 (TSL/SSL) on MSFT IP addresses from
65.54.179.192 to 65.54 231.248. I don't know if those are the limits,
though, and a wider range may be necessary. ARIN whois shows:
NetRange: 65.52.0.0 - 65.55.255.255
CIDR: 65.52.0.0/14
You will need to allow TCP from your local IP address (your computer) on
ports 1024 to 5000 out to port 1863 on MSFT IP addresses from 207.46.0.0 to
IP addresses 207.46.255.255; which is 207.46.0.0/16 in CIDR notation (or
subnet mask 255.255.0.0).
With these permissions set in Kerio Personal Firewall, I am able to get the
desired "You are connected to the Internet through a UPnP IP restricted
NAT."
I am still torqued at MSFT, though...
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint