Optimizing Skype to Work in a LAN with Routers and Firewalls

Skype Network Settings Network administrators can improve the quality of Skype calls by tuning the network’s handling of (TCP) and (UDP) packets for best Skype performance.

Configure settings on Firewall, Router or NAT device.

1. Outgoing TCP connections should be allowed to remote ports 1024 and higher.

2. Outgoing TCP connections should be allowed to remote ports 80 and 443.

3. Outgoing UDP packets should be allowed to remote ports 1024 and higher. For UDP to be useful to Skype, the NAT must allow for replies to be returned to sent UDP datagrams. (The state of UDP “connections” must be kept for at least 30 seconds, and Skype recommends that these translations be maintained for as long as an hour, if possible.)

4. The NAT translation should provide consistent translation, meaning that outgoing address translation is usually the same for consecutive outgoing UDP packets.

Skype relies heavily on UDP packets to help maintain the best possible quality of connection among peers because UDP packets can be transmitted quickly and require very little overhead to manage.

However, for UDP communications to work properly for Skype through NAT, the translation rules for UDP packets must be consistently handled, meaning that UDP packets set from one external network address and port number must be consistently translated to an internal network address and port number without varying either the network address or port number.

Although the use of UDP is optional — meaning Skype will work fi ne without the ability to transmit UDP messages — the call quality experienced by Skype users will be much better, on average, if the caller is able to send UDP packets to the called party and receive UDP answers in reply.

Tip: Checking your network for P2P friendliness Many of our customers have told us that they use a freeware program called “NAT Check”, written by Bryan Ford, to see if their network’s UDP translation is compatible with P2P protocols including Skype. The NAT Check program is available for free download from the program’s website at http://midcom-p2p.sourceforge.net and is available in a precompiled form for platforms running Microsoft Windows, Mac OS X and Linux. (NAT Check is not Skype software.)

UDP RESULTS: UDP consistent translation: YES (GOOD for peer-to-peer) UDP loopback translation: YES (GOOD for peer-to-peer) UDP unsolicited messages filtered: YES (GOOD for security)

In the result of NAT Check shown above, we see that the network’s UDP translation is applied consistently (“consistent translation”), that the input and output ports are identical except in the event of a confl ict (“loopback translation”) and that unsolicited UDP packets sent to the network are discarded (“unsolicited messages fi ltered”).

Although not strictly necessary, it is preferable for the network’s fi rewall or NAT gateway to support IP packet fragmentation and reassembly. In addition, the fi rewall must not block an attempt to send parallel UDP packets or TCP connection attempts to multiple ports at the destination address. Some fi rewalls misclassify such behavior as port scanning and therefore block the host altogether. Such behavior could not only impact the ability of Skype to run but would likely impact other legitimate network applications running on the same host computer.

Skype and proxies Skype fully supports SOCKS5 and HTTPS/SSL proxles, including optional authentication. For SOCKS5, the proxy must allow, at a minimum, unrestricted TCP connections to at least port 80, or port 443, or high-numbered ports, meaning those numbered 1024 and higher. For HTTPS/SSL proxies, the proxy must allow unrestricted TCP connections to port 443. On Microsoft Windows platforms, Skype uses the proxy settings in Microsoft Internet Explorer to determine what proxy settings, if any, to use. However, the Skype user can set the SOCKS5 or HTTPS/SSL proxy manually, including any needed username and password for proxy authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *