In article , wrote: :I am trying to more clear my question to you:
Sorry, I find your sentance construction difficult to understand at times, so I do not always understand your question clearly.
:Lets think If we are sitting behind the firewall and want to do :browsing then I just write the DNS of the site and page will open but :the same way if I want to talk to the other person and still now I am :behind the firewall. then why firewall feature comes to Limelite.
The first part of your premise is not correct.
When you want to browse a web page, your system consults its internal tables of IP addresses, and if necessary consults whatever name resolution service has been configured for it, with the goal of finding the IP address from the hostname of the web page.
If you are using Windows (as is implied by your references to Instant Messanger and Skype), then there are different ways that the name resolution service can be configured; the order can include contacting a WINS server [internal or external], contacting a local PDC (Primary Domain Controller) [internal] or BDC (Backup Domain Controller) [internal], having your system attempt to contact NETBIOS name resolution service on some machine (with rules about which machines are tried) [via UDP 137 or TCP 445] -- or, as is the case for non-Windows machines, contacting a DNS (Domain Naming Service) host [internal or external.]
If your system attempts to contact an internal system for more information, then that particular transaction will not touch the firewall -- but that internal system might attempt to contact external systems for information, which gets into the case below.
In each of the cases involving contacting an external host, your firewall has to be configured to allow the transaction attempt. It is possible, for example, that -your- host is blocked from placing Domain Naming System (DNS) enquiries to anywhere outside, but that your firewall has been configured to allow your DNS server to place such queries (and probably not to place http requests...)
Most consumer firewalls, and a number of company firewalls, are configured to allow all outgoing requests. Higher quality firewalls deployed at locations with better security policies, only allow outgoing requests that they have been configured for.
When your system has, through some mechanism or other, determined the IP address of the remote web page, it will attempt an http or https transaction.
If your system has been configured to send requests through a proxy server, then it will send the request to that server [internal or external] and that server will handle the request and report back on the result. The most common proxy server port is TCP 3128 ("squid"). Again, if the proxy server is external then the firewall must be configured to allow through the proxy request; if it is internal, then the firewall must be configured to allow the proxy server itself to place http/https requests.
If your system has been configured so that it will attempt to place the requests directly, then it will attempt a connection on TCP port 80 (http) or 443 (https), or whatever port the URL specifies {if any.} The firewall must have been configured to allow those requests through. Again, many consumer and small businesses firewalls allow all outgoing requests but bigger companies may only allow requests to some sites -- especially so for ports other than 80 and 443.
The situation is no different for Skype. To contact the Skype servers, your firewall must be configured to allow the access... whether that's because it's a cheap firewall that allows everything or because your site's security administrators have deliberately opened the ports or have not chosen to block the necessary ports.
The same situation holds for Netmeeting: you can initiate a call if and only if your firewall configuration allows you to do so.
Why is Netmeeting more commonly blocked than Skype? The answer is that because [as explained last message] Netmeeting has no single central server, in order to allow other people to place Netmeeting calls to you, your firewall must have been configured to allow incoming connections from all the places you wish to be able to contact you. That's noticably more configuration work than allowing an outgoing connection to a single server (Skype.)
As indicated earlier, Netmeeting -could- have been designed the way Skype was, but it was instead designed to only involve the equipment of the systems that wish to connect together, without involving any third-party site (e.g., Skype's main servers, or any of the random hosts around the world that Skype might delegate to.)
:1) " What is the significance of firewall in VOIP application" Why did :we :bother about firewall in skype". Can u briefly explain and provide me :some link if u have?
Firewall configurations are involved in both cases. -More- firewall configuration is involved for typical VOIP applications than is the case for Skype, because of the difference in design goals.
Communicating directly, point to point, is always more efficient than routing through a third party, so protocols that use direct connections can achieve higher quality connections, better audio quality, larger video, and better frame rate, than if an intermediate is used.
Another factor that applies in locations such as mine here, is that our link to our main headquarters goes through a line that we pay a small flat yearly fee for, but Skype is not on that private network and it is unlikely that any system that Skype might delegate to would be on that private network either. We have to pay bandwidth usage charges (about $US500 per month at present) for "commercial" traffic -- so a point to point protocol such as Netmeeting that travels directly over our private link is a lot less expensive for us to operate than Skype over the public network.
:2) If the significance is essential means in skype instant messanger :then how can we over come?
Sorry, I found that question particularily difficult to understand. I will answer as best I can make out:
a) Unless you have some unusual legal constraint (e.g., you are inside a hospital network or at a Top Secret defence labratory), you are not REQUIRED to use a firewall at all. A firewall is a *tool*. You can skip the tool, if you don't care if your network gets broken into, or if you have developed some other protection mechanisms, or if the cost to you to repair your network after a break-in is less than the cost to purchase/construct and maintain the security tool.
b) If you *choose* to use a firewall, then if it is a consumer firewall, it is going to let everything out by default, and you can use any VOIP-like application that operates a switching service that allows both sides to contact it and have it exchange packets for the two sides.
c) The firewall considerations for Skype and HTTP are nearly the same, but firewall administrators are more likely to allow HTTP requests out than to allow Skype. That's a matter of security risk assessment, not of technology.
d) If you choose to use a point-to-point communications protocol such as when you use Netmeeting, then at least one of the two sides must not have a firewall or must have configured the firewall to allow incoming connections.
e) If you allow outgoing Skype connections, then firewall reconfiguration isn't necessary for Skype because Skype will connect you directly if it figures out it can do so, but it will otherwise tell both systems where to contact to find a system that will act as a go-between.
f) Point to point communication services such as Netmeeting *could* have been designed the same way but weren't, and there are various good reasons why they weren't (e.g., security, maximum quality, possibility of different link economics.)
: and provide me some link if u have?
Sorry, I can't be bothered finding links. I've already posted links to discussions that included links to the Skype mechanisms. The Netmeeting protocols are well defined standards such as H.323 and SIP; you can research those as easily as I can.
I am not particularily aware of any sites or books that discuss the advantages and disadvantages of various communications protocols. Those might exist, but I have never bothered to look for them.