This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google Talk blocked via Android Devices

I am running into a unique issue that I have not been able to figure out by toying around with settings, port forwarding, etc.

I am able to access google talk on any computer system inside the Astaro network. The moment I try to access Gtalk through my Android devices, it blocks the connection and says the servers cannot be reached. I opened the Web Filtering live log and tried to see whats happening, but none of it really makes sense.

Has anyone else ran into this problem?

My goal is not to block Gtalk, but allow it for all the devices on the network.

Any help, suggestions, or backhanded comments would be really appreciated!

This thread was automatically locked due to age.

0 BarryG over 13 years ago

Hi, you should look at the IPS log, but probably you have the P2P/IM blocking enabled, so I would check that first.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 snaketek over 13 years ago in reply to BarryG

Thanks for the suggestion! I checked to see if I may have had P2P/IM blocked and I have the Jabber and Google Talk ports open in the firewall. I took a screenshot to see if we are on the same page.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 13 years ago

I was actually talking about the P2P/IM filtering section; in 8.2 it seems to have been moved to Web Security - Application Control.
Please look there to see what's filtered.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 snaketek over 13 years ago in reply to BarryG

Thanks for the assistance! I looked there and I had application control disabled. I enabled it thinking that maybe by having it disabled it might cause the issue. After enabling it and making sure Google Talk and XMPP were both allowed, it did not seem to have any effect.

Do you think I am missing something else?

Thank you again for the help!
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 13 years ago

Nope, disabled should be OK.

Have you already looked at the IPS and PacketFilter logs?
You said the live log didn't make sense; can you post entries from the logs here?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 juergen852 over 13 years ago

Same problem here with me.
Google Talk works for PC's, but not for my Android phone.
Connecting from Android using UMTS works perfectly, but not when connected to a WLAN (same IP range as PC's) behind an Astaro 8.301, registration of talk is not possible.

If P2P-settings or Firewall were wrong, it should not work on PC's connected to the network.

Adding a Firewall Rule Any Any Any made my Android connect to GT, but Any IM Any does not work.

Logs:
AppContol: nothing
WebFilter: just "info" with "pass"
Firewall:
20:01:37 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:38 Default DROP TCP
192.168.40.40 : 60920
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:37 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:38 Default DROP TCP
192.168.40.40 : 60920
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:40 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:40 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:44 Default DROP TCP
192.168.40.40 : 60920
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:44 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:44 Default DROP TCP
192.168.40.40 : 60920
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:44 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:46 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:46 Default DROP TCP
192.168.40.40 : 47333
→
169.254.194.236 : 49152

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:47 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:47 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:53 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:53 Default DROP TCP
192.168.40.40 : 38342
→
173.194.70.188 : 5228

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:55 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:55 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:58 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:01:58 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:02:04 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:02:04 Default DROP TCP
192.168.40.40 : 60921
→
216.34.140.195 : 7275

[SYN] len=60 ttl=63 tos=0x00 srcmac=50:cc:f8:aa:cc:bb dstmac=0:30:18:aa:cc:xy
20:02:12 DNS request UDP
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 13 years ago

If P2P-settings or Firewall were wrong, it should not work on PC's connected to the network.

I don't know, but my guess is that the PC program works differently than the Android, and that you need to open some additional ports for the Android.

Are you using Astaro Web Security? In Standard mode?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Echel0n over 12 years ago

I had this same issue and couldn't find an answer anywhere. I was finally able to fix it by doing this:

Go to Definitions & Users > Service Definitions.
Look for the Instant Messaging (IM) Group and click Edit
You'll see that there's already a definition for Google Talk IM using port 5222. Android seems to use port 5228 for this. I added a new definition called "Google Talk Android" using TCP Port 5228. Clicked Save and it started working :- )

Hope this helps!
Cancel
Vote Up 0 Vote Down

Cancel
0 Sascha Paris over 12 years ago

I had this same issue and couldn't find an answer anywhere. I was finally able to fix it by doing this:

Go to Definitions & Users > Service Definitions.
Look for the Instant Messaging (IM) Group and click Edit
You'll see that there's already a definition for Google Talk IM using port 5222. Android seems to use port 5228 for this. I added a new definition called "Google Talk Android" using TCP Port 5228. Clicked Save and it started working :- )

Hope this helps!

TCP5228 should help. It's AFAIK also used from google play to work.

Geschrieben auf meinem Galaxy Nexus mit Astaro.org
Cancel
Vote Up 0 Vote Down

Cancel