Blog

My recent experience with Sametime tunneling, firewalls and ports


Tags :


With Sametime being the tricky beast that it can be for networks, it is no surprise that I should be posting some thoughts on tunneling setups.  I did bounce some quick ideas off of Carl, to verify my days of work were for naught.  Basically we have a customer that wanted a tunneled Sametime server behind our firewalls, that also accepted direct connections if the client could do so.

First we ran into the Sametime server binding to the wrong NIC card.  This was causing the MUX to act like a person in the mall that forgot where they parked the car.  They knew it was in the garage somewhere, but were busy looking on level 2 instead of level 1.  This lead to it thinking the port was stolen.  Much like a person would think  their car was also.  The solution for now was to disable that second NIC card.  The sametime.log file then showed that the MUX was binding to the right IP address and NIC card.  Then that card is NAT to the Internet .

This is where the firewall comes into play.  So what we are looking for as the final result is that the MRC (meeting room client) of Sametime will download to the meeting attendee and try the standard ports to access the Sametime server for the meeting.  If those ports are not available through their network, or we are preventing them from getting in via the firewall, then the MRC should try port 80 for a tunneled connection.  However this is where you can have awesome success or some failure.  So here is where it stands on how to do it.

Install your 6.5.1 server as tunneled, if you did not you can always make the changes manually.  Quite simply too.  Then open the firewall for ports 80, 8081, 554 and 1533.  This will allow tunneling and also attempts at direct connect for screen sharing, whiteboarding, chat and broadcast meetings.  This has nothing to do with audio/video tunneling.  That is a whole other topic.

Make sense?