Ralph Johns

iChat Information Pages

 


Setting Up Your Router

With a bit about the Mac Firewall to get you Started

This page is designed to tell you the ports needed possibly in routers and firewalls if On and their function within iChat. I have tried to give some background information for those of you that have never set up ports for On-line games or any other IM application.

I hope the layout I have here proves useful. As some of these pages have lots of information and some of this is in the form of asides or background info I have used drop down panels to contain some of these.

Essentially this page becomes so long due to the number of variances there are in LAN set up and the devices involved.

Overview

At the base level iChat is an AIM Instant Message Client.
This means it can join the AIM service to contact Buddies.
It does this by contacting a server run by AIM called "Oscar" (login.oscar.aol.com).
This means it is going out over the Internet. In turn this means it has to be allowed through any firewall or any other setting in a router or modem that might effect this.

At iChat 3, Jabber is added which in turn needs more ports through the Mac Firewall and possibly your modem and/or router.

Ports

Ok. So now you want to know all about ports. Well, I am not going into all that here (well ,not too much). Suffice it to say that a computer can be contacted through several software means by different applications. These connections are through ports. They are numbered and can use several different protocols. Some of these protocols are used over the internet. HTTP, for web browsing normally on port 80, FTP, for file transfers on port 21 and so on.

Note: just to clarify these ports are not the same ones that any ethernet cables or phone/cable service leads plug into on the backside of the device, which are also called "Ports" generally.

If you are using iChat with it's Rendezvous/Bonjour (hold the mouse over the words for more info) capabilities you will need all the ports listed here, on this page, to be open. In some cases (the ports), this means opening them to two internet protocols, TCP and UDP, for iChat to communicate with the outside world.
You can have them open in your Mac's Firewall if that is required by you to be On. Most likely (read this as "almost certainly") you will need to open them in your Router or Modem (or combined) device.

Click for Some Clarity on Modems and Routers

A word or two about Routers and Modems.

For the sake of clarity about which device we are talking about when. A Modem is the device that connects your internal network to the internet. This can be a Cable service or Broadband over your local telephone system (ADSL). In some cases it is over a Satellite connection or wide area WiFi. See Pic 1

A router is a device that is between your modem and your computer(s) and can arrange for the right data to reach the right computer.

Sometimes these two functions can come in a combined device as some modems can route. (This can be irrespective of whether it has enough ethernet ports to plug cables into. See red note above).

Generically both tend to get called Routers.

Also you can break your local network into a Wireless and/or wired parts. The important thing when doing this is to keep them all on the same Local Area Network (LAN) and not accidentally sub divide them (Subnets). Subnets can also be created with two routing devices handing out IP addresses to other devices and computers. The thing to avoid is overlapping subnets. See Pic 2



Ports for Modems, Routers and the Firewall

READING

Start by reading this,
Apple Article: HT1507 (formerly Doc 93208)
and this, Apple Article: TS1629 (formerly Doc 93333).
Then I will try to explain which ports do what. For Leopard also read what ports have changed from the above list (Apple Article: HT2282 (Formerly Doc 306688).

Note: Apple Article: HT1507 has been updated to correct errors. It used to miss port 5223 (used for GoogleTalk over the Jabber side in iChat 3) as being directly listed. See Apple Article: TS1629 Note 10 at the bottom.

  • It is important to remember that as Modems can often route, that the word Router can mean either, according to your set up.

The second Article link, which can be accessed from the first, shows you a list of routers that Apple says work "out of the box" with iChat AV.
(Please read the Notes under the table as some still need tweaks.
In fact you could look at it like this:-
If some in the list need tweaks then other devices can be made to work with suitable tweaks.
)



What is Set up Already on your Mac

See also the info to the right

If you read the Apple Article: HT1507 (formerly Doc 93208) then you will have seen that it also talks about the Ports being opened in the Mac Firewall (Tiger and Panther) as well as any modem or router. You will need this bit if the Mac Firewall in On.

Ports for iChat AV over Rendezvous/Bonjour are already set up in the Panther and Tiger Firewalls.
(Go to System Preferences.
Select Sharing Pane.
Select Firewall tab.
Scroll down the list to iChat Rendezvous/Bonjour.)
This will show you the two ports listed in the document (Apple Doc Article: HT1507- Formerly 93208) above that Rendezvous/Bonjour uses - 5297 and 5298


The Info to the right in brief

iChat logs on to the AIM Service on port 5190

A/V chats use different ports and are separate from the AIM Login and Text Chats.

Depending on your iChat version the ports used change somewhat but are essentially negotiated via a server run by Apple for iChat A/V chats.

All version send a visible Invite on port 5678

iChat 2 & 3 then involves a behind-the-scenes SIP invite on port 5060 whilst Leopard moves to use port 16402. For more on SIP see here

Via the Apple run Server (SNATMAP), the ports iChat will use for the Video and Audio parts are negotiated as part of the SIP process.

iChat 2 & 3 use 4 ports (Vid In, Vid Out, Audio In and Audio Out), at a time, from a range of 16384-16403.

iChat 4 moves to using just one port for all A/V data. The first choice is port 16402 but there are some back up ones (16393-16402).

To Explain Some of the iChat Ports a Little Further.

iChat starts with ....
Port 5190 is the port used for logging in to the AOL Instant Messenger server "oscar". This is done on the TCP protocol and is connected at the AIM end to other servers where your Buddy (and everyone else's) list is kept. This return info comes back on the UDP protocol to update your Buddy List with who is on-line, their Status Messages and Buddy Pics.

(Note: Your Buddy list is not kept on your computer !! Make a backup using Address Book. See Adding Buddies)

This port allows all the changes to who is on line, changes in Buddy icons to be sent to you and some of the Text chatting to happen.

See further down for Jabber.

A/V chats start here.....
Port 5678 is not clearly documented as to it's use in the Apple Articles. It is in fact where the invites are sent and received.
A server called "SNATMAP" (snatmap.mac.com to give it it's full name) also becomes involved at this point.
This server does one job during Audio only and Video chat invites. When you send an invite, this server does the negotiating between the two computers and tells them which ports are available for use. As soon as you click on the invite window to make a choice of Accepting, Blocking or Text chatting it immediately hands over to Port 5060 in Panther and Tiger (iChat 2 and 3).
In Leopard it moves to Port 16402

Ports 5060/16402 are used during introductions to potential chatters, via a server called "SNATMAP". This server does one job during Audio and Video chat invites. When you send an invite on port 5678, this server does the negotiating between the two computers and tells them which ports are available for use. The server drops out of the link once it has been established. (You can set yourself to off line whilst in the middle of a live chat). iChat uses the SIP protocol that is used by Voice over Internet (IP) phones and software applications that provide 'soft-phone' actions.

 NOTE: These SIP ports were Internationally set and were in fact in a range (5060-5063). Things have changed a bit since Panther and Tiger came out and SIP is a bit more varied now hence the different port in Leopard.

This group of ports, 16384-16403 (16393-16402 in Leopard) provide the actual Audio and Video connections. 4 ports are used at once to carry Audio in, Video in, Audio out and Video out. (Or Audio over 4 ports). (Leopard uses one port for all Video and Audio Data so hence less ports). Which 4 ports are used is organized by the negotiating that happens on port 5060/16402. When the connection is successful the connection is Peer to Peer over these 4 ports and the others (5678 and 5060) are not in use. (In fact you can Log Out of AIM at this point).

The Other Buddy Lists needs....

Ports 5297 and 5298 are used by iChat over Rendezvous (Bonjour if iChat 3). If your Local Area Network (LAN) uses a router these ports will need to be open as well.

Port 5353, This port is listed by Apple as being used for "Local" traffic but also appears in the list of router ports you might need to make changes to. If you use Rendezvous/Bonjour to chat with Audio and Video through a router on a Local Area Network (LAN), you will need to have this port open. To quote Apple ArticleTS1629 (Formerly Doc 106439) is it is for:-

    "Multicast DNS (MDNS) - Bonjour (formerly "Rendezvous") (mDNSResponder)"

Jabber comes into use at iChat 3 and uses TCP ports 5220, 5222 and 5223. The 5222 is the normal login but some older style servers and also GoogleTalk use port 5223 for login.

With Jabber and another Jabber Buddy using iChat it will also use the A/V side of iChat to Video chat. This means that both of your are using iChat and have set up Jabber accounts in iChat.
It does not mean that iChat can Video or Audio chat to PCs using the GoogleTalk application.

What to Set Up on your Routers, Modems and Combined Devices.

Oh My!! Where to Start ??

These devices can work in several ways. The way the ports are opened can vary according to the type, make, model and capabilities of the devices you have.

Your ISP provides you with an IP address. This connection has all it's ports open. (Well - This is becoming less true as certain ISPs block port 5060 for their own VoIP services). Your Modem has several hundred ports open as it comes from the factory. On some it will be all ports (0-65535) but on many it will those ports below but including port 1024. This will allow you to contact most everyday web services such as browsing, email and FTP straight out-of-the-box.

If your device does not have the ports required for iChat open (See the Mac Firewall details above) it will effectively be a hardware Firewall.

There are different ways that some modems and routers open the ports. In fact, sometimes it seems that there is a way that is different for each and every device out there. What you actually get is based on how modems have developed over the years.

  • First you start with the original phone coupling device. This has all ports open and nothing in the way of security. (internal and external Dial-up modems)
  • Next you get ADSL and Cable modems (Include IDSN, Satellite and Wide Area WiFi) that follow this set up.
  • After that comes the features that are offered by having to route to several computers on a home or small business networks. (The ins and outs of Routing)
  • Then there are variants on how to allow multiple computers to share one IP (from your ISP) but using the same ports. (More Ethernet Ports and WiFi)

On top of that, your device manufacturer may have added several other "security" features to "help". The device might also have a software firewall as part of it's set up and turning it off may open all the ports. Most likely you would feel uncomfortable doing this.

Click me for more on on this.

Here we include things under a broad heading of Intrusion Protection.

DoS (Denial Of Service Attacks) Basically measures the speed and amount of data coming to the computer and if it reaches a predetermined threshold it cuts the connection on the port it is happening on. Can get in the way of iChat 3 & 4.

SPI (Stateful Packet Inspection). More sophisticated than DoS but has the same effect. Tends to judge whether the data is valid. Can include DoS as a feature

There is also the Blocking of Pings from the Internet. On a LAN you may use a Ping to confirm a response from another computer as is a useful tool. It can be abused over the Internet by repeatedly pinging the same IP very quickly and consistently (Flooding) to the point of slowing down the Internet connection to an effective stop. It is common for Routers and Modems to deny access or replies to Pings from the Internet side of things as the default setting.

The issue is which of these possible attacks you might suffer from (level of risk) and how much these features can get in the way of your applications.

iChat sends a Ping during the Invite stage so at least this will be need to be allowed.

As Internet Connections are faster and iChat 4 has moved all A/V data to one port Dos and SPI features may have to disabled as well for iChat to Video chat.


Different means of Opening the ports

A rough guide to what the list above means in features and functions in your device.

Port Forwarding (Virtual Servers, Pinholes, and on sometimes just called NAT).

The data can be sent through the modem or router to a specific computer. This is usually done through Port Forwarding and uses NAT (Network Address Translation). See Apple Doc 58514 on the subject. This normally points to only one computer or a router on domestic devices. If your have a router, modem/router combined device or modem that requires you to use NAT (Network Address Translation) or Port Forwarding, you will need to open them there. I would tend to only use this method if you don't have other methods, particularly if you have multiple computers.

Click for NAT

A word about NAT and other set up options on internet connections devices.

NAT or Network Address Translation is a method of making sure the right data comes and goes to the right computer. It tends to be the background function that Port Forwarding and Port Triggering use to pass the data through.

It takes data coming to your modem or router on the Public IP you get from your ISP and converts it to the IP your computer has on the your LAN

The problem comes as not all manufacturers do NAT the same way. See WiKi particularly at section 5.

When used in conjunction with Port Forwarding it can, in most cases, be done by the end user from his or her web browser using HTML pages stored on the device. A useful site for this is PortForward.com This next Link takes you to a Linksys device's set-up instructions on the same site. The process is similar on all devices. At the very bottom of the link page you are shown the set up for all iChat 2/3 ports - the sort of thing you have to do. Your device may vary in the format but the information is the same that you have to put in.

Note: The complete set of ports on the site (Link above)are Listed as if for iChat 2 or 3 but will work for Leopard


DMZ

In addition a device may have settings for DMZ (DeMilitarized Zone) which points all ports at one computer (Via it's IP Address. It can be considered as a stripped down or extreme version of Port Forwarding. Useful for testing one computer but not much use to a house-full of computers. It is also considered less secure as all the ports are open.

Port Forwarding and DMZ are the routing of Ports involved to one device (computer or router) further onto your network. This is separate from the Addressing or issuing of IP addresses dealt with further down

Using Ports for Multiple Computers

Trigger Ports

This takes longer to describe than it takes to do Happy 8

Some devices use a method of using one port to trigger other ports to be open. This is not a form of Port Forwarding but is claimed to be more secure as the ports are opened only when data arrives on the correct port.

In this case the port info has to be entered in a particular fashion, listing the Trigger (first port data arrives on) and the ports that need to be open from that and on some the protocols involved also have to be entered. Not all manufacturers layout the Web page interface the same way either. So...

Trigger port is 5678 on the UDP protocol as the Invites for AV chats (sending and receiving) are here.
Port 5678 on UDP to trigger ports 5060, 5678, 16384-16403 all on UDP (or just 5678, 16393-16402 for Leopard)

You also have to have the Log in and Text chatting port.
Trigger port 5190 on TCP to trigger port 5190 on UDP and TCP (if possible: Just do UDP if not).

With Trigger ports you also almost always have to enter the protocols used. This means the first entry I listed here should be on UDP. The second, for port 5190, may need two entries made, one for UDP and another for TCP, although some devices have an ANY or BOTH setting for it to be done on one line.

See this D-Link emulator page Here the Info is typed into the boxes at the top.
You give it a name - then in the next line are two boxes for the Start and End ports of the Trigger (most commonly the same number in both for one single trigger port.
The Trigger Type is where the Protocol is set (TCP, UDP or Both on this device - Others read Any)
The Public Port can be a single Port, a mixture or a group -
See the Battlenet entry for an example of a single port, the next few for mixtures and the Quicktime as a plain group listed below the entry text fields.
The Public Type is the place for the Protocols to be set again.
The other single ports for Bonjour/Rendezvous (5297 on UDP, 5298 on both and 5353 on UDP) should be entered as single lines as the one port 5190.

The same applies for the three Jabber ports for iChat 3.x (5220, 5222, 5223 all on TCP) Example This example is again of a Linksys router. It shows the sort of table that this gets set up in.

It is slightly different to the description and D-Link example above in that it does not list the Protocols at all. It also uses a slightly different layout which means you have to set the table slightly differently. ( Trigger to open a port that will be a Trigger to a Group)

Trigger port 5678 to trigger port 5060 (or 16402 in Leopard)
Trigger port 5060 to trigger ports 16384-16403 (16402 to trigger 16393-16402 in Leopard)
This is because a router like this one will not let you enter single and groups of ports on one line as described/exampled with D-Link above.

A further consideration is that the ports are not separated by spaces like the Mac firewall but just commas (5190,5678,5060 etc.) or dashes (16393-16402) and combos of those two.

The above Trigger Port information has been edited 13/6/2006 after an email from Steven Riggins. Thanks Steven.

Table Example of Both Layouts
As per Linksys link
  Trigger ports Trigger Range  
Application Start End Some List Protocol here Start End (Protocol) Enable spot
iChat1 5190 5190 Both/Any 5190 5190 Both/Any Enable Repeat on two lines if Required
iChat2 5220 5220 TCP 5220 5220 TCP Enable
Chat3 and 4 will be the same as above for ports 5222 and 5223 on TCP
iChat5 5297 5297 UDP 5297 5297 UDP Enable
iChat6 5298 5298 Any/Both 5298 5298 Both/Any Enable Repeat on two lines if required
iChat6 5678 5678 UDP 5060 5060 UDP Enable This opens one port and then that opens more as they can not be put on one line
iChat7 5060 5060 UDP 16384 16403 UDP Enable

 

Other Devices (D-Link etc.)
  Trigger Port   Trigger Range    
Application Start End Protocol   Protocol Enable
iChat 1 through 5 will be the same as the Above table
iChat 6 5060 5060 UDP 5060,5678,16384-16403 UDP Enable
As you can see all the ports to be opened are in one box. There may not be a Start and End port on the Trigger Port. You can only use commas and dashes between ports.

 

UPnP

There can also be a Universal Plug and Play (UPnP) setting which is an easy setting (Enable/Disable) that does away with the need to set individual or groups of ports. In this option the applications that are ready for UPnP can open the ports and they close after the event has finished, doing away with the need for lengthy Port Forwarding or Triggering set ups.


Port Mapping Protocol (PMP)

Used in Apple Airport Base Stations. In older firmware/devices it is set as ON by default and Linked to NAT.
In later models and firmware it is Off by default.
It's action is like UPnP in that ports do not have to be set (although they can be) and the routing part of the Base Station takes care of the rest.

DHCP Or Static IP Addresses ?

This information applies from your modem and/or router to your network. Although it is similar to how the modem can connect to your ISP, it does not mean that your connection to the ISP has to specify a preference for Static or DCHP. How the computers on your LAN are set up to work with the modem or router as far as this Addressing is concerned effects how the ports are set up and work.

So....., you get an IP from your ISP. This is called you Public IP. It may be from a DHCP host server (most common) or a Static issued one. A DHCP one can change now and then if your modem loses contact with the ISP. A Static one may allow you to have extra services from the ISP.

Your Modem if it routes or your router can do the same. It will either issue (Via DHCP) IP addresses to your LAN (Computers and anything else connected) or allow them to use Static IP addresses.

About Cable Modems

Cable Modems tend to be in Bridge mode that allows all ports to be open but do not route to routers or computers. (they act more like Dial-up modems in only doing the job of converting the computer signals into suitable format for the Internet and not routing as well). This means they will need a router if you have multiple computers and games consoles etc., but that router can then be considered like the suggested modem above.

 

Reserved LAN IP Ranges

A DHCP server issues IPs in a range. This range is often the same one the device's own IP is in. On a LAN these tend to be within three groups. (They are supposed to be in these groups by agreed standards).

  • 192.168.xxx.xxx is the most common
  • 10.xxx.xxx.xxx follows and the Airport Base Stations tend to use this as first choice
  • 172.16.xxx.xxx through to 172.32.xxx.xxx is least common
  • Where the xxx bits come represents a number from 0-254 or 1-255 (255 choices) depending on the numbering used.

    See this set of Pics in the iChat Pictures section for a how-to/Look-see on the System Preferences > Network Pane. You need to know which devices (Modem and routers) on your LAN are acting as DHCP Servers to avoid this (it is animated .gif so let it play).


So, if the device (modem or Router) is running a DHCP server and is itself at 192.168.1.1 then it is likely that the range will the other 254 numbers (each range is 255). It will number the devices (computers most likely) as they get attached (192.168.1.2 - 192.168.1.255). How long they stay at that IP will depend on how long the DHCP server issues a "Lease" for and if the computer is on.

DHCP Leases

A lease is the time allowed for a device (computer) to use the same IP. If the computer is on when the time runs out, the lease is renewed. If the computer is turned Off and then On again before the time is up the computer also gets to keep the same IP. Otherwise the lease runs out and the device (computer) will get a new IP. Some devices do have a "Forever" setting

Consideration should be given to the above paragraph above when using Port Forwarding and DHCP together. If the IP of the computer changes, the IP that the Port Forwarding points to may not match.

Alternatively it is possible that the modem or router allows the use of Static IP addresses to the other devices.

Static Routing is where the DHCP server is turned Off. This will keep the IP range the same as the device (Modem or Router). In this case the computer has to also be set to use a Static Address but it is the computer that states what that IP address will be. This makes it easier for Port Forwarding to reach the right computer as the computer keeps the IP all the time.


Your individual circumstances will dictate some of these choices.

AIrport Base Stations

A note about Apple Airport Base Stations of various sorts. Airports do not do Port Forwarding as default. They do, however, NAT all data passing through them with what is called Port Mapping Protocol (PMP). They do DHCP at the same time. This means that by default all data should get through on the port(s) involved. In more recent Firmware the option to do PMP has been separated out and needs turning On. (The action is similar to UPnP)

Multiple Routing devices

However, a further consideration is needed for iChat as it does not work properly when there are two DHCP servers - where the modem routes and does DHCP and a router also does DHCP or there are two routers. (The NAT involved can mess up the port data in the data packets). This can be fine if you have a single IP address coming from your Modem and want to route to multiple computers (most cable modems work this way as they are in Bridge Mode).

Turning Off NAT/DHCP on an Airport Device makes the Airport become a Wireless Access Point. This means it will pass through the IP addressing info from the modem to the computers and you do not have to worry about setting Static Routing from the Airport to the computers. I would still recommend setting the modem to Airport link as a Static one.

Most of what is written here and in other places presumes that you are using at least one device as a DHCP server (or a server allowing Static IPs).


Summary of this Panel

You need to know if your internet connection (routing) device is set up to issue IP addresses to your computer(s) (DHCP). If it is, then you will need to make sure the Network Preference Pane also is set to be "Using DCHP" - or "Manually" (The Mac name for Static settings) at the Configure IPv4 point in the TCP/IP tab, if the device is allowing Static IP addresses.

    Note some routing devices can limit the DHCP Range and allow some IP addresses to be Manually/Statically set and the Mac Network System Preference has a setting for this as well.

Then you need to set the device to use the ports that iChat needs. The easiest of these is the UPnP setting that seems to come on most new devices or in Firmware updates for older ones.

If this can not be done then Port Forwarding/Network Translation (NAT or derivatives) need to be set through the use of a web browser and the HTML pages stored on the device.

At this point it probably best if your computer is at a Static IP Address which you will have to set in the TCP/IP tab of Network Preferences Pane (in System Preferences). You will also have to turn off DHCP in the routing device and set the same IP number pointing to the computer. This is because if you turn all your computers off at night, they may not get the same IP address next time you start up with DHCP.


The DMZ setting can be used but is best considered as a testing point as it opens all ports and is therefore less secure. It also points all those ports at one computer, isolating any others that you have on your LAN.

Trigger ports are set by entering Port 5678 as the trigger and have it open Port 5678, 5060, 16384-16403 for the A/V side. (or port 5678 to open 5060 and 5060 to then open the group of 20). The other ports (5297, 5298, 5353, 5190) all need to be triggers for themselves. Edit: March 2007: Add Jabber ports 5220, 5222 and 5523 as TCP single entries as well.

Finally. If you have more than one routing device - one needs to distribute addresses (DHCP) and the other(s) need to act as bridge(s) (Static).

Overall Summary

Like other apps using the Internet, iChat uses ports and Protocols to pass the data to and from your Buddy and the AIM servers.

The ports it uses are - for modems that route and routers - above a threshold of ports that are open by default.

This means that these ports, and with some methods, the protocols as well, have to be set to make it work.

This in turn can impact on the way your LAN or Network is set out regarding it's addressing (IP addressing/DHCP server use.)

If you have two devices issuing DHCP given IP addresses you can create subnets and iChat does not like this (they overlap).

However depending on the device you have to make sure that iChat is allowed through the device, paying attention whether other computers are going to use the same ports or not.

This also applies to the Mac Firewall if it is On, at least as far as setting Ports is concerned as the Preset is only for the Bonjour (Rendezvous in Panther and earlier) abilities of iChat.

The upshot of this is that your LAN has to be sorted out, the ports have to be opened in most devices that route and any Firewall that impinges on this whether in the device or on the computer has to be set as well.

HAPPY CHATTING

Top of Page - Ports - Modem set up - Multiple Computers - Addressing
Next Page (4)

© 2005 Ralph Johns: Edited 24/9/2005, 5/5/2006
Updated September 2006. Moved to Gargoyles Mar 2007
Edited: 6:58 PM Saturday; August 30, 2008

Information Block

This site is about iChat from Version 1 through to iChat 4.x.x

It has a mixture of basic info and problem solving help.

The setions below will change for Specifics about info on the page on view

If you find these pages helpful please Donate to help keep them up to date

About This Page

There are intra-page links in this column. Hopefully you will find the summaries useful.

They are in order that the page happens but are not specifically designed to match them as notes on the way down.

Notes

Rendezvous and Bonjour are the same thing - one on Panther and then on Tiger and Leopard


Modems that route are often called "Routers" as well.


Sort of Glossary

  • NAT
  • Network Address Translation:- In simple terms it is the software mechanism in the routing device that makes sure data comes and goes to the computer that sends or wants it. It involves adding addressing info to the data packets coming and going and reading them to direct the packets.

    Adding this address info on two devices using NAT can cause problems for iChat. The IP address remains unchanged but it effects the ports listed in the Addressing info

  • DHCP
  • Dynamic Host Configuration Protocol:- A way of Automatically sensing the computers and other routers connected (and On) in the LAN and giving them an IP address (See Addressing). Most Routers have DHCP On by Default ( becoming a DHCP Server)

  • Static Routing
  • A means whereby the DCHP is turned Off in the serving device and computers and Routers have specific Routing/Networking/IP Addresses entered manually (Manually is also the Mac Name for this).

  • LAN
  • Local Area Network:- Everything, modem, routers and computers on your side or your Internet connection. Each device is given or has an IP Address (See Addressing) that makes sure correctly addressed packets (data) comes and goes to the right device.

  • Networking
  • Essentially the finer detail or what makes a LAN work regarding IP addresses, ports and Internet Protocols. Essentially the bits above and beyond linking cables and WiFi to computers and routing devices.

  • Addressing
  • Each device on the LAN has an IP (Internet Protocol) Number. This is it's IP Address (like a ZIp or Post code rather than House Name or number). This makes sure that data, which is in the form of smaller packets, has an Issuing or Destination point within the LAN. It allows the specification of other protocols to dictate the type of data that is involved such as HTTP for Web Browsing. How the device gets an IP depending on whether DHCP is used or whether Static Routing is set up.

    If you use Two DHCP servers on a LAN the Subnets involved overlap and the computer has two IPs. This can cause Networking issues and iChat in particular can not tell the Buddy where it is in relation to the rest of the LAN.

  • Ports
  • Technically a subset of access points within an IP address. There are 65535 ports. Different Internet Protocols use different ports. This makes it easier for those guys who trace Data packets. Think of it like a building with 65535 phones. The modem or router will or can be set up to say which ones gets through at that point. The firewall on the computer can state which are accepted on the computer.

    It should be noted that by default many routing devices have the first 1024 ports open all the time. It tends to mean that without any set up of the device you can Web Browse and do Emails as these apps use Ports this low. By convention many devices, including computers, do not block any port from outgoing data packets if a firewall or other mechanism is in place.

    iChat uses Ports above this 1024 threshold which is why you may have to set up your Modem or other routing device and/or the Firewall.

    It should also be noted that without the ports open the Routing device is effectively a hardware firewall.

  • Port Forwarding
  • A method (the oldest) of stating how ports in a routing device are opened and data is allowed through. Tends to be set in a table format listing one port at a time. Also on most devices also needs the IP address of the computer receiving the data ito be stated to the exclusion of all other computers and devices. Relies heavily on the NAT function of the routing device.

  • Triggering
  • Another means of opening ports in the routing device. Not present on all devices. Essentially a Listening (Trigger) port that receives data then opens other ports. Internet Protocols also tend to be set in most routing devices that can use trigger, adding to the security of the set up. Devices differ in whether you can list the other ports to be opened as a mixture of single and groups (say port 5678 opens 5060,5678,16384-16403) or only single (5678 opens 5060) or groups of ports (5060 opens 16384-16403).

  • DMZ
  • DeMilitarized Zone:- An extreme form of Port Forwarding, normally set at an On/Off Enable or Disable option. What it does is open all the ports to the one stated IP. Setting this can exclude other computers from using certain ports through the device.

  • UPnP
  • Universal Plug and Play:- A method where the application tells the routing device that is allowing this which ports to open for it. The ports close after a timed Period (default on many devices is 30 mins) of non use. On some this time limit can be changed. The routing device "Advertises" that it is doing or will allow UPnP. There tends to be a default on how far this Advert is seen from the device involved, described as "Hops". This default tend to be 4 hops. Computer to router is one hop. If a Modem is doing UpNP then modem via router to computer is two hops. It is not clear whether this is advertised Upwards over the Internet through certain modems. (Router doing UPnP to Modem to ISP server to another end user of that ISP is 4 hops)

  • PMP
  • Port Mapping Protocol:- An alternative to UPnP proposed by Apple in 2005 and active in early Base Stations by default and present in newer devices and Firmware Updates to Base Stations that now need turning On. A simplistic view is that is a cross between Port Forwarding and Port Triggering if ports are set so that you can limit the ports that are Open. But if no ports are set it is more like DMZ but for all computers. It is however more secure than UPnP from malicious attacks. Relies heavily on NAT.

  • ADSL
  • Asymmetric Digital Subscriber Line:- Effectively Broadband over a Phone line. Asymmetric as Upload and Download speeds tend to be different.

  • Broadband
  • A Generic term for Internet Speeds above Dial-up Modems. Some countries have specification that it should be at least 128k as a download. AT one time Cable connections were faster but this is no longer the case where ADSL2 offers speeds up to 24Mbps and Fibre services even faster.

  • Cable
  • A generic term for services for the internet provided over an existing Cable TV set up.

  • SIP (And VoIP)
  • Session Initiation Protocol:- A lower level protocol that uses text data within a UDP Packet. (That tells you a lot)

    It is used by iChat as Apple decided iChat was or is an VoIP application (Voice over Internet Protocol). Essentially this is used by phones that can use the Internet and apps that are software phones. Initially used four Internationally set Standard ports (5060-5063 on UDP).

    The action is somewhat like an old fashioned telephone exchange with a operator where you call the operator at your end, they call the operator at the other end who calls the Buddy who agrees (or not) to accept the call. It involves a separate connecting server to act as the two operators and in iChat is behind the scenes after the Visible Invite.

  • GoogleTalk
  • This is two things.
    1. It is an Application for PCs that can do things similar to iChat in text & Group chats and at present, Audio chats. It does this on Jabber/XMPP Protocols.
    2. That it is a Jabber Server. iChat to iChat at iChat 3 and above can connect to Jabber Servers and Text Chat to other Jabber Buddies.

    A GoogleMail ID is a valid GoogleTalk ID

    Note: Using any Jabber Name Called an ID) and therefore a Jabber Buddy List in iChat means that some of your Buddies maybe Jabber ones AND using iChat themselves. In this case iChat can A/V chat to those Buddies (iChat to iChat using Jabber IDs) as it involves the A/V Protocols which are separate from the Text chat based ones.

About the Sections

The section made up of the two 1/2 panels on the left starts with describing what each port does in iChat - covering iChat 3 as well. These will be for the ports in the Mac firewall and for a routing device
Do not worry that it is too simple for you - it is designed for those who have never even found the Mac firewall or accessed their "router" and have never done anything other than turn it on, based on the faith that it should/must be doing something


It quickly becomes the section on how to actually do the Port setting on the Firewall. This is definitely going to be longer than the step by step information on how to set the firewall.

For Panther (10.3.x)and Tiger (10.4.x)
Open System Preferences
Open Sharing
Open Firewall tab
Choose New Button
Set ports. Apply with the OK button
Job Done

For Leopard it is in Security in System Preferences.

It can be Off (Allow All) or On (Allow Specifics) and iChat to the list for ON. (iChat is NOT an Essential - so this setting will not work).

Modem Set Up

Like the title says, this bit will look more closely at how the same ports are most likely to be needed to be opened or allowed in your routing device.

There is a drop down panel at the bottom of this section that explains more about Intrusion Detection in modems and routers.

The following Panel looks at how those ports can be opened or allowed in the routing device.

This also has a drop down about NAT (Network Address Translation)


Port and methods for Multiple Computers

This section is part of the one above. It deals with the fact that if you have multiple computers that you want to be able to use the same ports at the same time you have to use Specific methods if your device has them. As you find out from the main column these are Trigger and UPnP or Port Mapping Protocol (PMP)

Addressing your LAN

Definitely you need to do something about your LAN if you have multiple routing devices. Maybe not so important with cable modems and routers but definitely needed if the modem routes AND you have a router.

I have included some Info sections within the text here, partly to stop you having to scroll up and down the page for bits in the Info Column here but to also to explain some things further.

The main point is to avoid two DHCP servers on your LAN (Bad Networking).


Compatibility

Confirmed to work with Win/IE 5.5 and later (should work in 5.0, but not confirmed), Firefox 2, Safari 3, Opera 9, iCab 3.02 and later, Mac/IE 5, Netscape 6 and later

Old browsers (IE version 4 or earlier, Netscape 4 or earlier) should only see a text-based page which, while not the prettiest option, is still entirely usable.