Open firewall ports for MSN Messenger and ICQ

Posted in Networking and Windows -

If you have a firewall running you may not be able to connect to MSN Messenger or ICQ instant messaging servers. If you are using a personal firewall on your Windows PC (such as Kerio Personal Firewall or Zone Labs ZoneAlarm) you normally just need to attempt a connection to using your instant messaging software and allow the connection once the popup dialog appears asking you whether or not you want to allow a connection.

If you are using a remote firewall solution, such as one built into an ADSL router, you will need to manually configure the router using its configuration application to allow access to the MSN or ICQ instant messaging servers. If your router has the firewall turned off or has a low level of security you may not need to make any changes (although we would recommend you set a high level of security and configure these sorts of settings yourself manually).

MSN requires TCP ports 1863 and 443 open for outbound connections through your firewall. ICQ requires TCP port 5190 open for outbound connections. According to their firewall support for network administrators page you also need to open ports 1024 to 65535 for client connections but this only appears to affect things such as client to client file transfers. If you do not want to leave this port range open there appears to be no actual requirement to do so in order to connect to ICQ instant messaging servers.

An example of opening these ports in shown in the following screenshots using the web based configuration utility for a Dynalink RTA220 ADSL router. Note that the process is the same for opening both ports 1863/443 and 5190 although the screenshots show doing so for 1863 only.

On the RTA220 select "Configuration" then "Security" and hit the "Create a New Filtering Rule" button. You will then see a screen similar to the one shown in the screenshot below.

Opening
MSN and ICQ ports on a RTA220 firewall

The two sections highlighted in red are the most important on this screen. Make sure the "Protocol Type" is set to "TCP" and set both of the port ranges to 1863 and 443 or 5190 (if you were wanting to open up ports 1024 to 65535 for ICQ client connections you need to set the start port range to 1024 and the end port range to 65535). Only the "Outbound" direction setting should be set to "Allow"; you should not need "Inbound" opened to be able to connect to these instant messaging servers. Save the changes by clicking the "Apply" button.

The list of ports will now include TCP port 1863 and 443 or 5190 for both outbound connections as shown in the highlighted section in the screenshot below.

List of current firewall settings showing the port opening for MSN
Messenger

At this point you should now be able to connect to MSN or ICQ instant messaging servers. Most routers will only store this in memory so remember to use the option to save it to non-volatile memory (on the RTA220 this is under "System" then "Save Configuration"). By doing this your settings will be remembered if the router has to restart.

Update 12 June 2007
Thanks to Neil for letting me know port 443 is also required to be open for MSN to work. This has been updated at the appropriate points in the text above.



Related posts:


Comments