Ps - a port number of 1707 should not be dynamically allocated by the OS as it's not in the dynamic range.
Thanks - dave David Thielen www.windwardreports.com 303-499-2544 x1185 Cubicle Wars - http://www.windwardreports.com/film.htm -----Original Message----- From: Mike Dimmick [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 16, 2007 3:45 PM To: David Thielen; wix-users@lists.sourceforge.net Subject: RE: [WiX-users] Set firewall exception OK, so I see that your port (1707) is registered with IANA, so you could do it by opening this port, although other applications could get a surprise if they are allocated this port by the OS. Presumably you're broadcasting in order to find a licensing server? As I recall, you don't need to open a firewall exception if you don't bind your UDP socket to a particular port number - the firewall will then set up a short-duration dynamic rule to allow responses. If your licensing server then connects back to the add-in over TCP (i.e. the add-in implements a TCP listener), then you do need the firewall exception. However, I think this is a poor design: you should have the licensing server respond with a yes/no answer in a UDP packet sent to the client, or if you need a longer conversation than will fit in a single UDP packet, have the licensing server respond to the client with its address, then have the client connect to the server over TCP (the server listening for connections) to proceed with the licensing handshake. Outbound connection requests are not filtered by Windows Firewall. UDP gets a bit of a poor reputation, which isn't really deserved - for small amounts of data, where there won't be more than one packet's worth of data in response, it's fine. DNS is perfectly happy with UDP although it supports both for larger responses. Kerberos likewise supports both; you are supposed to use UDP for the initial ticket request. In LAN environments you can use a payload of up to around 1400 bytes (to allow for VPNs) - any more and you risk packet loss due to fragmentation. If the client is broadcasting to find a licensing server, you necessarily require that the licensing server is present on the same subnet as the clients. This might be a problem for some enterprises. Others may have firewalls or NATs in between different parts of their networks; in the case of the NAT the server will not see the client's true IP address and will be unable to connect back to the client. I realise this has drifted a long way from WiX, but I felt it was still useful to have others' input. -- Mike Dimmick (maintainer of a UDP-based thin-client application server which really ought to be using TCP now that messages regularly exceed 500 bytes) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Thielen Sent: 16 January 2007 22:06 To: Tony Hoyle; wix-users@lists.sourceforge.net Subject: Re: [WiX-users] Set firewall exception Our copy protection is a UDP broadcast and a TCP reply to limit the totally number of AddIns in use to what is licensed. So we definitely want that port opened no matter what :) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
