Users cannot make Timbuktu Pro connections via TCP/IP.
Users cannot make some or any of the Timbuktu Pro for Macintosh connections via TCP/IP across different networks, or across the Internet.
Or
Users cannot make Timbuktu Pro 5.2.x for Macintosh connections via TCP/IP across different networks, or across the Internet. Connections with previous versions were successful.
For security reasons, network managers on TCP/IP networks usually want to restrict external access to their networks. Most of the time they will only open TCP/UDP ports for Telnet, FTP and some other common services. To do that, they will configure their IP routers (sometimes referred to as gateways) to filter out access to different ports. These filters are called "firewalls." TCP/IP security firewalls may be configured in a way that does not allow Timbuktu Pro connections. In order for Timbuktu Pro to access this kind of network, the network manager must open certain TCP/UDP ports which Timbuktu Pro requires.
Beginning with version 5.2, Timbuktu Pro for Macintosh uses well-known TCP port 407 for connection handshaking as well as for each of the services. Previous versions of Timbuktu Pro for Macintosh used a well-known UDP port 407 for connection handshaking. Once the UDP connection was established, then Timbuktu Pro used TCP ports for each of the seven types of Timbuktu sessions.
Timbuktu Pro 5.2x uses TCP port 407 for both contact and for all services, except for the Intercom, Chat and Notify services which use additional dynamic TCP ports.
Connection (handshaking) - UDP Port 407 (alternate UDP Port 1419)
Service Ports:
Control - TCP Port 1417
Observe - TCP Port 1418
Send Files - TCP Port 1419
Exchange Files - TCP Port 1420
Chat- Dynamic TCP Port
Notify- Dynamic TCP Port
Intercom- Dynamic TCP and UDP Ports
Clipboard Exchange - Dynamic TCP Port
Previously, Timbuktu Pro for Mac used UDP ports for contact and negotiated TCP ports for the actual service data. By default, it used specific registered port numbers for some services, dynamic ports for other services and dynamic ports for all attended-access connections. Although this allowed some degree of service-by-service port filtering, it proved nearly impossible to adapt to operation over proxy servers and address-translating routers.
New Timbuktu hosts (version 5.2x and higher) accept all connections on TCP port 407 and do not negotiate other ports, with two exceptions. The intercom service still negotiates dynamic UDP ports to carry the sound data, and the protocol used for drag&drop during screensharing negotiates dynamic TCP ports.
To support old clients, new Timbuktu hosts also support incoming connections from old clients using the previous UDP/TCP protocols. To support old hosts, new Timbuktu clients will attempt to make contact using both the old UDP ports 407 and 1419 as well as the new TCP port 407 at the same time. If the host is new TCP will succeed, if it is old UDP will succeed. If both succeed, it will use TCP.
This last behavior can cause a problem when a new client tries to connect to a new host over a firewall that is configured for the old UDP port 407, but not the new TCP port 407. In this situation, the UDP contact will succeed, but the TCP contact will fail. The problem happens because the UDP response tells the client that the host supports TCP contact. Since TCP is preferred, the client will wait for the TCP stream to open, which will never happen and the client times out.
For new Timbuktu versions the network manager simply needs to reconfigure the firewall to permit connections to TCP port 407. Refer to the firewall or router documentation for details. To handle intercom and drag&drop, dynamic TCP and UDP ports must be permitted, but few firewall administrators are likely to do this.
For old versions, the network manager will need to reconfigure the firewall to permit connections to UDP 407 or 1419, the service-specific TCP ports listed above, and dynamic TCP ports if other services are required.
If the default TCP port assignments are not the preferred ones, a Timbuktu Enterprise network administrator can use the Timbuktu Pro Administrator's Toolkit to designate which TCP/IP ports are used for Timbuktu Pro services throughout the site.
All streams are opened from the guest to the host. The host does not initiate connections. The packet sent from the guest is sent from a dynamic port on the guest to TCP port 407 on the host. The port used by the host for response does not change. If the guest initiates additional simultaneous connections, even to the same host, the guest will use another dynamic port. The port used by the host remains TCP port 407. Note: If you are connecting to a system connected to router (using NAT), acting as a firewall, please visit the following URL for additional information: