Hi,
Also in the UK. (Not that it important in this)
OK. (The Ports and then how to open them)
The Internet conections you have are made up of what are called ports.
There 65535 of them.
Most routing devicdes have the first 1024 ports open by default.
Web Browsing on port 80 and secure logins like Banks and Apple Discussions use port 443
Mail servers use a whole host of port and depending on how many accounts you have your Mail app maybe using up to 20 ports (25 for out going STMP stuff, 110, 567, 568, 995 and 996 are common and 443 again is not unusual) Google for instance uses port 993 for their IMAP server 995 for their POP server and 25 for STMP with 465 and 587 as backups)
If you are running a web site and using an FTP app to upload the stuff it is likely this is using port 20 and 21 to start with.
So all these are using ports below 1024 and will therefore work with the router Out-of-the-Box.
Games and IM apps in particular use port above 1024
Apple have several Docs about the ports iChat uses.
http://support.apple.com/kb/HT1507 lists those used by iChat 3 (Bonjour, Jabber, AIM and A/V stuff is listed)
Video was over 4 ports at this time and the SIP Invite/Connection Process started on port 5060
Table Of Ports
Bonjour |
Jabber |
AIM |
iChat AV |
TCP |
5298 |
5220, 5222, 5223 |
5190 |
UDP |
5297, 5298, 5353 |
None |
5190 |
5060, 5678, 16384-16403 |
ALL |
5060, 5190. 5220, 5222, 5223, 5297, 5298, 5353, 5768, 16384-16403 |
At iChat 4 Apple changed the SIP Invite/Connection Process to be one of the Ports that the Video or Audio chats would use and changes in the Processing of Video allowed one port for In and Out, Audio and Video to be used.
These changes are noted here http://support.apple.com/kb/HT2282 (This does not list the Bonjour Ports or those for Jabber (Google and Facebook inlcuded).
It give you these ports.
iChat 4 and 5 Ports for iChat
|
Service |
TCP Ports |
UDP Ports |
iChat over AIM |
5190 |
5190 |
Bonjour |
5298 |
5297, 5298, 5353 |
Jabber |
5220, 5222, 5223 |
No ports |
A/V Ports |
No ports |
5678, 16393-16402 |
Note this is the iChat 4 and 5 Range Port 5060 has gone and the "group of 20" is now only 10 ports.
Also missing is anything about Screen Sharing
Testing iChat connections with Little Snitch show that the Screen Share is a random undocumented port (it is in fact a VNC connection like Apple Remote Desktop or the Screen Sharing app invoked from the Finder's Go Menu > Go to Server [it is actually based on the ARD engine])
Routers and Methods to open ports
Almost all routers can do Port Forwarding.
You list a Port and an IP for it to go to on the LAN (repeat for as many ports as the app uses)
You end up with a table like this
This pic would aopen the ports to the IP 192.168.1.100 on the LAN
This is only one compter and no other computer or device could use those ports.
You cannot not Forward a Port to two IPs. (Some devices have issues with port 5190 for Login on TCP and File sharing on UDP being "forwarded" twice - one reason for moving the AIM login in earlier versions)
DMZ (Demilitaried Zone) is like and Extreme form of Port Forwarding.
Although it is an Enable/Disable settiing it open all 65535 ports to one IP.
Some devices use Port Triggering (Sometimes called Special Applications)
This sets "Listening" ports that in turn open other when something is "heard".
For iChat this needs to be done for the SIP invite and Audio Video Ports in particular.
Example of that same Linksys You will notice that the Visible Invite (port 5678) triggers the SIP port for iChat 3 (5060) and that in a separate line triggers the Video/Audio ports (16384-16403) (This device needed this round robin method, others can list combined single ports and groups (5060, 16384-16403) together)
Neither Port Forwarding or Port Triggering allow for the random ports used by iChat 4, 5 and 6 for Screen Sharing.
DMZ is too insecure in that all the ports are open to one device plus it can also restrict what can be done on other computers.
Add to that the fact on some devices the table can only contain so many entries. (Some makes and models only have 12 places in their tables where as iChat 3 uses 30 ports)
UPnP (Universal Plug and Play)
This allows the apps on the computer to control the ports the router has open and how long they stay open.
This is somewhat like the Mac Firewall in Leopard and above except you don't have to list the apps allowed.
On the Mac if the Firewall is ON and a App is Allowed then it gets "Certified" that it is allowed though the firewall. The app tells the firewall part of the OS which ports it will be using. (Hence you can change the Login ports for Buddy Lists).
UPnP works similarly in that apps can use UPnP to talk to the router.
This way ALL the ports a app uses can be allowed with a simple Enable/Disable setting.
Apple Base Stations have something that is similar called Port Mapping Protocol
This is found in the NAT tab (Internet icon) and need to simply Enabled - no ports need to be set.
UPnP also works for Multiple computers and devices.
Being that FaceTime uses similar ports to iChat and is on Phones and Touches as well as computers you tend to need UPnP.
It also appears that Port Forwarding (DMZ) and Port Triggering use NAT on the router to achieve their function.
It appears that this is less so with UPnP to the extent that in some cases using UPnP will enable Video Chats (or Audio) which Port Forwarding does not on some routers.
Summary.
Routers have some ports open by default although not all by a long way.
iChat uses ports above this threshold port.
This means opening the ports in the router that iChat uses.
There are different methods of Opening the ports
Of those only UPnP is secure enough to use every day (Or Port Mapping Protocol in an Apple Base Station)
I hope this helps
8:33 PM Monday; February 13, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously