Firewall woes

[cliffskier118]

I recently installed CA Personal Firewall (part of the Internet Security Suite) on my client computer. (Already had it on the host computer.) Now when I try to do backups, Retrospect reports error -519, (network communication failed).

 

If I disable the firewall on the client computer, the backup proceeds just fine, which makes me think the problem is with the firewall. I have allowed TCP/UDP In/Out on port 497 in the firewall on both computers, and I have given the Retrospect Client unrestricted access to the network and internet on the client computer. In the client configuration menu, Retrospect reports that it is able to communicate with the client.

 

If I turn on firewall reporting, it reports that all communications involving Retrospect were allowed. The only odd thing I have noticed is that the client computer firewall reports that the remote (host) computer is trying to gain access through a different port than 497. The number changes each time. On the host computer, the firewall reports that port 497 was used.

 

Any ideas about what is wrong? I sent a message about this to the firewall vendor, and they did not reply.

 

I am using Retrospect Professional 6.5.382. Both computers have Windows XP Professional SP2.

 

Thanks,

Cliff Lewis

[Mayoff]

It is true that we use two ports, but they are random (usually the first available ports on the system). IANA registers all ports below 1024 as "well known", meaning that they are permanent, fixed, and cannot be used by anyone else for anything (according the "law" of the internet, anyway). Ports obove 1024 are for general use.

 

The way it works is that we get the two ports, one for transmission, and one for responses. In our multicast/subnet broadcast transmission, we tell the client which port we are listening on. The client then responds with a udp packet back to that port.

 

So in addition to port 497, you would need to have at least one port available above 1024.

 

More info at

http://kb.dantz.com/article.asp?article=5582&p=2

[cliffskier118]

So if they are random, how do I tell the firewall which port(s) to allow, without opening everything up? Granted, it is all behind a router with its own firewall, but I would still like to keep some security on the computer, especially since it is a notebook that I sometimes use in other places.

[mauricev]

Quote:

---

If I disable the firewall on the client computer, the backup proceeds just fine, which makes me think the problem is with the firewall

 

---

 

It sounds like the client end is blocking despite its claim otherwise...

 

Quote:

---

If I turn on firewall reporting, it reports that all communications involving Retrospect were allowed.

 

---

[cliffskier]

I still have not been able to solve this problem. What is puzzling is that Retrospect is able to find the client, and it begins to do the scanning step, but then it stops and reports a network communication error (519) partway through the scan. The log reports "Scanning incomplete." It almost seems as if there is a particular file that is tripping it up when it gets to it. As always, the problem does not occur if I disable the firewall on the client computer.

 

Is there any way I can see more detail on what is happening during the scan? Does this symptom suggest any possible causes?

 

Thanks,

Cliff Lewis

[blm14]

Maybe try a different software firewall?

[dnpeters]

Per Robin's response, have you tried opening up port 1025?