You are here: Home » Reply

Reply To: WindowXP firewall (which ports)

#12131

rpedde
Participant

@gsallen wrote:

I’ve got an interesting problem.

Installed Firefly on a Windows 64 box.
Ports 3689 TCP and 5353 UDP are passed by the firewall.

Linux machine can connect just fine.
Windows XP laptop can’t connect. It can see the share, but can’t connect to it.

Disable firewall on windows 64 machine, suddenly the laptop connects.
If I use the iTunes sharing, the laptop connects perfectly.

Here’s the log from the firewall of a connection attempt:
2007-08-21 18:51:26 OPEN-INBOUND TCP 192.168.1.2 192.168.1.100 4330 3689 – – – – – – – – –
2007-08-21 18:51:40 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 – – – – – – – RECEIVE
2007-08-21 18:52:36 CLOSE TCP 192.168.1.100 192.168.1.2 3689 4330 – – – – – – – – –

Anyone have any clues? Are there some magic ports I don’t know about?

That drop is DHCP, so that isn’t it. If you could what’s dropped, that might help. Also, pushing logging up to 9, trying to connect, then examining the log might help also.

As far as firewall goes, it sounds like you have it. You need:

Inbound TCP 3689 for web admin and daap transfer
Outbound UDP to 224.0.0.251 dport 5353 for mdns advertisements
Inbound from 224.0.0.251 dport 5353 for mdns queries

That’s it. Sometimes firewall rules get set up only for local hosts and forget 224.0.0.0/4 (being multicast) should be a local net, but that’s the only real gotcha I can think of.

— Ron