 |
|
|
|
Next: iChat : insufficient badnwidth - connecting 2 mac..
|
| Author |
Message |
External
Since: Jun 15, 2005
Posts: 17
|
(Msg. 1) Posted: Fri Feb 10, 2006 7:55 pm
Post subject: iChat firewall question
|
|
|
A coworker and I tested two iSight cameras at work with iChat. He used
his .mac account and I used my AIM account and we connected fine. He
was running 10.4.4 on a G4 tower and I had 10.3.5 on a G4 laptop.
He said when he has tried in the past he cannot make an iChat connection
to his son's .mac account when he is at work and his son is at home, it
never makes the connection.
So it made us wonder:
1. Does the firewall at work affect the iChat connection if one of the
viewers is outside the firewall, but not if both viewers are inside?
2. When we are able to connect inside the firewall is all the video data
packets going up to the Mac and AIM servers? We are concerned about
security and having proprietary information outside the company.
3. Can Windows users connect to a Mac user who is iChat? Is there iChat
for Windows or something similar.
4. My last question I just answered on my own, which is I can use my
Sony Camcorder with iChat, it doesn't have to be an iSight camera.
Any help would be appreciated, as you can tell I'm new to iChat.
Thanks |
|
| Back to top |
|
 | |
External
Since: Oct 11, 2003
Posts: 1430
|
(Msg. 2) Posted: Sat Feb 11, 2006 9:41 pm
Post subject: Re: iChat firewall question [Login to view extended thread Info.]
|
|
|
bloomite writes:
>
> 1. Does the firewall at work affect the iChat connection if one of the
> viewers is outside the firewall, but not if both viewers are inside?
Probably.
Firewalls typically block all incoming connections, but allow most
outbound connections.
When you're text-chatting you typically connect to AOL's AIM server, as
does the other party. So you're both making outbound connections.
When you set up a direct-AIM text connection, or any kind of audio or
video chat, one party opens a connection directly to the other party.
Which means someone needs to have a firewall rule in place to allow the
inbound connection.
I think the protocols are smart enough to attempt the connection with
either party playing the role of server, to allow the service to work as
long as one party is not firewalled. If both are, however, the
connection probably won't go through.
> 2. When we are able to connect inside the firewall is all the video data
> packets going up to the Mac and AIM servers? We are concerned about
> security and having proprietary information outside the company.
Audio and video should be going through direct connections. But if
you're not sure, it should be easy to use a packet sniffer of some kind
to be certain.
> 3. Can Windows users connect to a Mac user who is iChat? Is there iChat
> for Windows or something similar.
There is not, but AOL makes Instant Messenger for Windows. It is
compatible with iChat. I know text chats work just fine. It's my
understanding that they also support audio and video (but only
two-way chats, not multi-way.)
> 4. My last question I just answered on my own, which is I can use my
> Sony Camcorder with iChat, it doesn't have to be an iSight camera.
Don't know for sure about this. It's my understanding that third-party
cameras don't work out of the box, but they can be made to work with
some minor software installation.
-- David |
|
| Back to top |
|
| |
External
Since: Feb 13, 2006
Posts: 1
|
(Msg. 3) Posted: Mon Feb 13, 2006 1:55 pm
Post subject: Re: iChat firewall question [Login to view extended thread Info.]
|
|
|
I am currently running OSX 3.9 in New York. I frequently audio/video
chat (using iChat and an iSight camera) with members of my family in
Wisconsin running Windows XP. The Triton version of AIM will not work
with Apple, but AIM version 5.9 (for Win XP) DOES.
David C. wrote:
> bloomite writes:
>
>>1. Does the firewall at work affect the iChat connection if one of the
>>viewers is outside the firewall, but not if both viewers are inside?
>
>
> Probably.
>
> Firewalls typically block all incoming connections, but allow most
> outbound connections.
>
> When you're text-chatting you typically connect to AOL's AIM server, as
> does the other party. So you're both making outbound connections.
>
> When you set up a direct-AIM text connection, or any kind of audio or
> video chat, one party opens a connection directly to the other party.
> Which means someone needs to have a firewall rule in place to allow the
> inbound connection.
>
> I think the protocols are smart enough to attempt the connection with
> either party playing the role of server, to allow the service to work as
> long as one party is not firewalled. If both are, however, the
> connection probably won't go through.
>
>
>>2. When we are able to connect inside the firewall is all the video data
>>packets going up to the Mac and AIM servers? We are concerned about
>>security and having proprietary information outside the company.
>
>
> Audio and video should be going through direct connections. But if
> you're not sure, it should be easy to use a packet sniffer of some kind
> to be certain.
>
>
>>3. Can Windows users connect to a Mac user who is iChat? Is there iChat
>>for Windows or something similar.
>
>
> There is not, but AOL makes Instant Messenger for Windows. It is
> compatible with iChat. I know text chats work just fine. It's my
> understanding that they also support audio and video (but only
> two-way chats, not multi-way.)
>
>
>>4. My last question I just answered on my own, which is I can use my
>>Sony Camcorder with iChat, it doesn't have to be an iSight camera.
>
>
> Don't know for sure about this. It's my understanding that third-party
> cameras don't work out of the box, but they can be made to work with
> some minor software installation.
>
> -- David >> Stay informed about: iChat firewall question |
|
| Back to top |
|
| |
External
Since: Oct 11, 2003
Posts: 1430
|
(Msg. 4) Posted: Sat Feb 18, 2006 8:55 pm
Post subject: Re: iChat firewall question [Login to view extended thread Info.]
|
|
|
bloomite writes:
>
> 1. Does the firewall at work affect the iChat connection if one of the
> viewers is outside the firewall, but not if both viewers are inside?
FWIW, I got an iSight this week and had to configure my personal
firwewall for video chatting. After consulting some Apple docs, I
determined that the following ports need to be open:
5060 - the SIP protocol for initiating A/V sessions
5190 - this is the AOL IM server's preferred port. If you're not
using AIM to locate buddies, this can be blocked.
5220, 5222 - These are used by Jabber. If you're not using Jabber
to locate buddies, this can be blocked.
5678 - Apple calls this "SNATmap". I don't know what it does, but
it has to be open for audio/video chats.
16384-16403 - Audio/video chats use ports in this range to move
their data.
If your ports are open for outbound-only connections (e.g. behind a home
router's NAT service), you can still connect if the other party has the
ports open. If both sides have them closed to inbound connections,
however, you shouldn't be able to establish audio/video chatting. (I
wasn't anyway.)
-- David >> Stay informed about: iChat firewall question |
|
| Back to top |
|
| |
External
Since: Feb 10, 2006
Posts: 5
|
(Msg. 5) Posted: Sun Feb 19, 2006 11:00 am
Post subject: Re: iChat firewall question [Login to view extended thread Info.]
|
|
|
In article , shamino DeleteThis @techie.com (David C.)
wrote:
> bloomite writes:
> >
> > 1. Does the firewall at work affect the iChat connection if one of the
> > viewers is outside the firewall, but not if both viewers are inside?
>
> FWIW, I got an iSight this week and had to configure my personal
> firwewall for video chatting. After consulting some Apple docs, I
> determined that the following ports need to be open:
>
> 5060 - the SIP protocol for initiating A/V sessions
>
> 5190 - this is the AOL IM server's preferred port. If you're not
> using AIM to locate buddies, this can be blocked.
>
> 5220, 5222 - These are used by Jabber. If you're not using Jabber
> to locate buddies, this can be blocked.
>
> 5678 - Apple calls this "SNATmap". I don't know what it does, but
> it has to be open for audio/video chats.
>
> 16384-16403 - Audio/video chats use ports in this range to move
> their data.
>
> If your ports are open for outbound-only connections (e.g. behind a home
> router's NAT service), you can still connect if the other party has the
> ports open. If both sides have them closed to inbound connections,
> however, you shouldn't be able to establish audio/video chatting. (I
> wasn't anyway.)
>
> -- David
I had a problem with outbound iChat ports through a firewall. We found
that after much trial and error, several ports never mentioned by Apple
had to be opened to get it to work, so be prepared to experiment beyond
Apple's documentation.
William Clark >> Stay informed about: iChat firewall question |
|
| Back to top |
|
| |
External
Since: Oct 11, 2003
Posts: 1430
|
(Msg. 6) Posted: Sat Mar 11, 2006 12:55 am
Post subject: Re: iChat firewall question [Login to view extended thread Info.]
|
|
|
art writes:
> Although not mentioned in the Apple tech notes, "consistent NAT"
> capability IS required for proper A/V operation under some
> configurations such as between two nodes with firewalls. The links in
> my original post detail the exact reasons for this in PTP-style
> communications.
>
> As part of my testing between two nodes with Sonicwall firewalls
> (TELE2 and SOHO2) running NAT/DHCP on the WAN side, I opened up all
> ports in both directions on both units. Still no A/V
> capability. Neither have "consistent NAT" capability as verified by
> natcheck.
Sounds like Sonicwall is fatally broken.
> The Apple iChat user forums also attest to the frustrating user
> experience with this program. Very un-Mac like. Without the countless
> hours of support by volunteer posters like Ralph Johns and others, I
> doubt if many "average" users would be able to configure iChat for
> successful A/V operation.
Support forums very rarely have people posting success stories. People
with working systems don't usually need tech support.
As for "average" users, the typical cheap gateway router sold comes with
UPnP turned on, and iChat works just fine without configuration.
If you're running a more sophisticated network, then you should know
enough to deal with the problems this will necessarily entail
-- David >> Stay informed about: iChat firewall question |
|
| Back to top |
|
| |
| Related Topics: | iChat question - I'm currently residing abroad and would like to video chat with my dear old mum back in Blighty. Inevitably, she doesn't have a mac, only a WinXP laptop. Can anyone with experience suggest effective (and preferably free) solutions to this problem? I..
Stupid iChat and proxy question - On the corporate net here we have a proxy that is limited to http, ftp, and telnet. Can I use iChat with this setup? Thanks, Greg
Ichat - Using Ichat on a new G5 imac. after talking to my sister for 5 minutes the video of her image locks/freezes she see's me find and audio works both ways. this is repeatable every time we connect. any help as she is my only chat buddy can some one do a....
iChat - Can iChat 3.1 be set up to auto answer? I am having problems, due I suspect to the firewall on a 3com wireless router, and want to leave my own computer on-line while I call from the remote iMac G5 with the problems. It is very hard to test out iChat..
iChat connectivity issues - I keep iChat running whenever I'm on my computer so I can talk to my daughter who's away at college and a few friends. Lately, I've noticed that iChat spontaneously disconnects. I haven't determined any specific interval or CPU activity that would.. |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
