Some types of Timbuktu Pro connections via TCP/IP may appear to be blocked because of firewalls.
Firewalls in General
For security reasons, network managers on TCP/IP networks usually want to restrict external access to their networks. Most of the time they will open only TCP or UDP ports to allow Telnet, FTP, and some other common services access. To do that, they configure their TCP/IP routers—sometimes referred to as gateways—to filter out access to different ports. These filters are called firewalls, and they can be configured to prevent Timbuktu Pro connections. In order for Timbuktu Pro to access these networks, the network manager must open the TCP ports which Timbuktu Pro requires.
Firewalls and Timbuktu Pro
Beginning with Timbuktu Pro version 8, Timbuktu Pro uses single-stream TCP connections by default. If you are running Timbuktu Pro through a firewall, you now need to open port 407 only. Service-specific ports are no longer required unless you are connecting to an older version of Timbuktu Pro.
Before Timbuktu Pro version 8, Timbuktu Pro used a well-defined UDP port, 407, for connection handshaking and then switched to other TCP ports for each kind of service. This connection protocol is still supported to allow Timbuktu Pro version 8 computers to connect to computers running older versions of Timbuktu Pro.
Service |
TCP Port |
Control |
1417 |
Observe |
1418 |
Send Files |
1419 |
Exchange Files |
1420 |
Notify |
Dynamic TCP/IP ports above 1023 |
Chat |
Dynamic TCP/IP ports above 1023 |
Intercom |
Dynamic TCP/IP ports above 1023 |
These ports are used during access from registered users. Any or all of these ports can be protected by a firewall to keep out unauthorized users. Some network managers firewall all ports but 407 and 1419, which allows anyone on the Internet to send a user a file via Timbuktu Pro.
The network administrator can reconfigure the ports that Timbuktu Pro uses by using Timbuktu Pro Administrator’s Toolkit to set up a particular site. Timbuktu Pro also supports attended access, in which a remote user admits a temporary guest on a one-time basis without requiring a password. Timbuktu Pro normally uses a dynamic port assignment for this type of connection. Temporary guest access can be allowed through some firewalls that do not allow registered user access.
Only computers receiving a connection use registered port numbers. The users who initiate connections use dynamic—random or ephemeral—port numbers. Such ports have numbers above the 256 reserved ports and are usually above port 1023. Most Internet sites follow the convention of allowing ports greater than 1023 to be assigned to TCP/IP applications dynamically. If these dynamic ports are firewalled, Timbuktu Pro will not be able to complete a TCP/IP connection.
How to Handle a Firewall
The network manager will need to reconfigure the firewall permissions to permit dynamic TCP and UDP port assignments. Refer to the firewall or router documentation for details.
Note: Using the Timbuktu Pro Administrator’s Toolkit, Timbuktu Pro Enterprise customers can designate which TCP/IP ports are to be used for Timbuktu Pro services. For more information, please contact your local Netopia salesperson or visit our Web site at