To use Skype with (K)Ubuntu with a firewall installed you need to do the following:
In Skype's menu:
Tools->Options->Advanced choose a port to use (default 1226 but you can/should* choose another one. See /etc/services for unused ports) and uncheck "using ports 80 and 443". Save and exit.
* As 1226 is the default port in Skype's config it's quite possible that someone will try to scan and explore vulnerabilities on that port. Choosing another one doesn't defend you of possible attacks but should be enough to avoid worms that attack known standard ports.
Firewall config:
Outbound policy:
Normally your firewall allows every outbound connection so there's nothing to change in there.
Inbound policy:
Authorize "unknown service" for everyone on the port you defined on Skype's advanced options.
Further help:
I tested it both with Firestarter and Webmin's Simple firewall and it works fine. I can not go into the explanation of how to do it with every single firewall out there but I can help you with those two.
Security:
No guaranties. It's proprietary software, an inbound port must be open, etc. I think you see the picture...
Nevertheless many of us use it and are willing to take the risk so up to you to make the choice.
Testing your firewall setings:
I firmly recomend you check the efectiveness of your firewall setings. To do so use this site:
http://scan.sygatetech.com/
Best regards,
A.Correia
In Skype's menu:
Tools->Options->Advanced choose a port to use (default 1226 but you can/should* choose another one. See /etc/services for unused ports) and uncheck "using ports 80 and 443". Save and exit.
* As 1226 is the default port in Skype's config it's quite possible that someone will try to scan and explore vulnerabilities on that port. Choosing another one doesn't defend you of possible attacks but should be enough to avoid worms that attack known standard ports.
Firewall config:
Outbound policy:
Normally your firewall allows every outbound connection so there's nothing to change in there.
Inbound policy:
Authorize "unknown service" for everyone on the port you defined on Skype's advanced options.
Further help:
I tested it both with Firestarter and Webmin's Simple firewall and it works fine. I can not go into the explanation of how to do it with every single firewall out there but I can help you with those two.
Security:
No guaranties. It's proprietary software, an inbound port must be open, etc. I think you see the picture...
Nevertheless many of us use it and are willing to take the risk so up to you to make the choice.
Testing your firewall setings:
I firmly recomend you check the efectiveness of your firewall setings. To do so use this site:
http://scan.sygatetech.com/
Best regards,
A.Correia
Comment