Has anybody else seen UDP port 30568 being dropped on a firewall when a user tries to launch video/audio portion of Skype? Everything works fine, but it is filling up my firewall logs.
16-07-2011 17:27 - edited 16-07-2011 17:34
his would be a firewall issue that you should address -- it is possible that your firewall is simply logging warning messages rather than logging errors
it's not a problem with Skype itself, but the port that Skype has chosen (editable in Skype Options) was randomly chosen when Skype was initially installed
you can change it to just about anything you like, but if your firewall does not automatically handle connections using that port transparently, you need to configure it to do so in your router setup
you could forward this port to the private IP address of the computer on which you are running Skype
Skype does not expect most users to know how to do this and tries a number of methods to avoid the necessity, but success can vary, depending on the particular firewalls involved
I understand what you are referring to, however, the correct firewall ports are allowed. And yes, my Cisco ASA firewall has it's logging level set to warnings.
The issue is the UDP port 30568 that is being dropped is the source port. It is as if the remote computers make a good connection to my user's desktop on UDP/30568, but the firewall is dropping the return connection.
Is there a work around since this is filling up my firewall logs?
21-07-2011 21:06 - edited 21-07-2011 21:07
In your case, please make sure in any case that you do step 3.
Please follow these Steps:
1. Only do Step 1 if you are on WIN7:
Be sure that Compatibility Mode is not enabled (right-click on Skype shortcut icon/launcher and select Properties >> Compatibility) - for Windows 7 users only.
Try to launch Skype.
2. If Step 1 fails or you are NOT using WIN7 do:
Open an Internet Explorer browser, and go to msn.com, what happens?
If it fails, Please do the instructions below. Using your Windows Control Panel, please do:
Internet Options -> Advanced Tab Please click the "Reset" button.
Then, Go to the Connections Tab.
Make sure that the only checkbox checked is "Automatically detect settings", then click the "OK" button.
Close any open Internet Explorer browser windows, open a new IE browser window and try msn.com again. What happens? If it works, please stop/start Skype What happens?
3. If Step 2 does NOT solve the problem:
Please install the beta version using the instructions below:
You can install the Current beta release by doing this from the top of this page:
Get Skype -> Windows -> Choose the beta release, please do NOT remove what you already have installed, simply, install over.
These instructions have worked for many and is the quickest thing to try to resolve issues such as this.
Also, what operating system are you on?
What is the Make and Model of your computer?
Do you have all Windows updates and updates to any hardware devices by the manufacturers?
if yours has this feature (and it would not surprise me if it does), then you must allow such outgoing connections, likely by port and application -- in other words, the fix is in your router/firewall setup, not Skype
enabling UPnP in the router would help (assuming that it is supported and this will likely be the case), but many consider enabling UPnP to be a security risk in the general case (I happen to be one of the ones that recommends that UPnP be disabled)
having said all this, it still would be bad to do the things suggested by TheOberOverLord
I have tried numerous changes, and I am still dropping the return connection on UDP 30568. I have changed the port (default UDP 3056 in the settings to use port 80 and 443 with no luck. The firewall is seeing the return packets with the same source port as spoofing.
I have tried different versions of Skype as well as change the default port it listens for connections on. Have any other network engineers ever seen firewall drops like this before?