Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > Which ports to enable on Firewall to allow ichat?

Which ports to enable on Firewall to allow ichat?
Thread Tools
littlegreenspud
Senior User
Join Date: Feb 2001
Location: The Sunny Isle of Wight
Status: Offline
Reply With Quote
Jul 30, 2003, 04:43 PM
 
Hi,

Which ports should I enable to allow iChat to work?

I currently have all blocked.

thanks
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Jul 30, 2003, 07:09 PM
 
UDP 5060 for SIP

UDP 16384-16403 for the range of ports a data channel can be brought up on.

Apple KB article
     
littlegreenspud  (op)
Senior User
Join Date: Feb 2001
Location: The Sunny Isle of Wight
Status: Offline
Reply With Quote
Jul 31, 2003, 09:21 AM
 
thanks kampi.

I can never find anything in the knowledge database!
     
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Nov 30, 2003, 11:24 PM
 
Do you have to open up all of those 163xx ports? I have only spots for 10 ports.

Can I just open up 5060 and some from that 16384-16403 range as the triggers for all the rest of those ports? (I have everything set as UDP, not TCP, but I did come across some info about TCP with some local network ports or something.) I assume no, because I tried it and it didn't work. Below is a picture of my NAT translation page:



And it's definitely the router's firewall, since iChat works fine if I turn off the firewall.

Or would I be able to make it work with other ports open?

Failing that, what routers are known to work with this? I may just buy a new one if necessary. My local network involves a PC and a Mac. (I don't want to buy an Airport though.)
     
Landos Mustache
Professional Poster
Join Date: Dec 2002
Location: Partying down with the Ewoks, after I nuked the Death Star!
Status: Offline
Reply With Quote
Nov 30, 2003, 11:33 PM
 
". All iChat AV traffic is UDP except for ports 5190 and 5298, which need to be open for both TCP and UDP."

http://docs.info.apple.com/article.html?artnum=93208

"Hello, what have we here?
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Dec 2, 2003, 09:14 PM
 
That whole range of high ports may or may not need to be open. 5190 is for AIM, 5298 for Rendevous (if you need it).

Based on what I've seen trying to troubleshoot an earlier iChat AV issue there is a negotiation of sorts regarding what high port in that range will be used for the data channel involving an Apple server. 5060 is for a control channel. I haven't used the AV functions in awhile but that is what I recall.

Also, iChat AV functions don't like a multiple NAT situation, or the one I was working on anyway. For instance, I have a friend who uses a cable router, and off that router is a wireless router hooked to a switch port on the cable router. Wireless users PAT to an address on the inside of cable router, and the cable router PATs to the public address of the cable router. Didn't work out too well.

Forgot to mention, I don't open any ports on my network firewall, my default deny policy is still in place. I do however modify my host firewall.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:57 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,