Ralph Johns

iChat Information Pages


Eliminating Routing Problem Areas

Or: How to understand your Network, the IP address and the Ports + What you Might Have to do.

Actually this page contained so much and needed clarity regarding the Error logs from iChat 3.1.5 (Tiger 10.4.7 and above) that I have split it into three of pages. It still remains quite long with many info sections popped in as well. In this latest layout I have hidden some away in pop out bars for you to click.

I have started from the presumption you know nothing so apologies to those of you that know some of this stuff.

We will revisit the settings on the Mac first, then review the modem and/or routing settings and how to look up their settings. This is followed by what to do with that info and why. Towards the bottoms are variants on how to open ports and some examples (And of course, exceptions).

So first we will deal with the Mac and the Modem by just looking at ports and settings within iChat.

Ports on the Mac and Modem

This section is divided into two parts. What you might have to do on the Mac and what you might have to change in your internet connection device. Things specific or different about iChat 3 that came with Tiger are in little coloured boxes.

  This page should be the most use if you are getting Error -8 in Tiger 10.4.7 or above. However there is yet more on this page

If iChat will not log on to the AIM server

(Buddy List Shows Disconnected and refuses to drop open during Set Up.)

Things to do on the Mac

The first thing is to check if iChat has a server listed to connect to and try adjusting the Log in port.
Next check whether the Mac Firewall is On. Check it's settings and alter as required.

Ok the first of the two things listed above.

This is a Panther/iChat 2.x picture of the Accounts Preferences

  1. Launch iChat AV.

  2. While it is off line to AIM, (in the iChat Menu is a Log Off item) enter your Name and Password in the relevant lines in Accounts in iChat Preferences, found in the iChat menu. (NOTE: You will need to select the type of account name).

  3. Check the Server Options button shows you a login server (login.oscar.aol.com) and the port is set to 5190.
    iChat 3 (Server Settings tab in Tiger) Link to pic
  4. It is worth doing the Firewall checks before trying to change the Port from 5190 to something else, normally 443, unless you have a Zyxel modem/router in which case do it now!!

This is where the second of the first two checks start.

  1. Check if your Firewall on your Mac is On. It is found in Panther (10.3.x) and Tiger (10.4.x) in System Preferences > Sharing pane > Firewall Tab. Just under the tabs and to the left it will tell you whether it is On or Off.

  2. If your Firewall is ON, enter these ports in to the Firewall settings, 5060, 5190, 5297, 5298, 5353, 5678, 16384-16403 with "," (commas), "-" (dash) and spaces as shown.
    This is done by going to System Preferences>Sharing>Firewall tab.
    The ports listed above are for iChat 2 and 3 including Rendezvous (Called Bonjour in Tiger/ iChat 3.x. and above)

    1. Select the New button on the right.
    2. Select "Other" from the List.
    3. Enter the port numbers (Copy and Paste from the bold text above for Panther).
    iChat 3
    This is slightly different in Tiger as the two internet protocols TCP and UDP can be specified in the Mac firewall. Link to Sequence pics

    iChat 3
    For Tiger: Ports 5190 and 5298 are TCP. All, including these two, are UDP.
    In addition Tiger/iChat can also use Jabber and this needs ports 5220, 5222, 5223 on TCP.
  1. Give settings a name, in "Description"
  2. Hit OK.
This is an animated pic of the two versions of the Firewall. (Separate pics)

Your Firewall can now be On or Off, depending on your needs. Well... actually the ports do not have to be set if the Firewall is Off but some people have reported that it does seem to make a difference if the ports are at least listed.

If the "Log On to AIM" from the iChat menu still does not work, then return to 3. and change the port to 443. (Note: Several other ports can be tried, 80, 110 and 433)

    A bit more on this. As was stated at the top of this section iChat logs on to the AIM server (login.oscar.aol.com) on Port 5190. This is found, as described, in the Server Settings tab in iChat 3 (Tiger) or Server Options is iChat 2 (Panther). In actual fact it has been tested with many ports and the AIM server will accept a login on almost any port.
As to why we say use port 443 as a substitute ?
  1. Firstly it works for Zyxel modems. (don't ask me why, it just makes a difference to Video chats with these modems).
  2. Secondly it is below the 1024 threshold and therefore below any NAT issues that happen for Port Forwarding or Port Triggering on ports above this number with a routing device.
  3. Thirdly, as there is no security in using a port below 1024 on routing device, it is a question of what is most likely to be the "most" secure. As some mail apps and secure Web pages use port 443 we have been suggesting it for iChat.
  4. As a common port for Secure Web pages and mail apps it is likely to be open in the Mac Firewall in Panther and Tiger if it is On.
Leopard (10.5.x)

In Leopard the firewall works differently.

Firstly it has moved to System Preferences > Security > Firewall tab.

It has three setting Options,

  1. Allow All - Which is in fact Off
  2. Allow Essentials - only certain applications and Services are classified as Essentials and iChat is not one of these.
  3. Allow Specifics - Applications are added to the List either at this point or by you agreeing to the Pop up on the Application Start Up the next time you use it.

Other settings in iChat and the Mac OS

OK so far we have looked at the Ports, mostly in the Mac Firewall and hinting at things in the Modem and /or Router. We have looked at the fact that sometimes the normal login port (5190) for AIM logins does not work with the devices you have.

Next we have to look at the other things that can cap the iChat performance, particularly with Video or Audio chats. They are less likely to involve being able to login to AIM but may well effect being able to move onto Video chatting specifically.

Quicktime Side Bar (Click Me)

Side Bar

Read this box for Error-22 in Tiger 10.4.7 and above

A bit of history and other facts I think are needed at this point. Mainly because it does have some bearing on the settings.

iChat AV came out as a beta whilst Jaguar (10.2.5 in particular) was on the market. It also came as part of Panther (10.3.x). Back then, and we are talking nearly 5 years ago, Quicktime was at Version 6. The Video Codec it used was H263. With Version 6 and the OS (System) Preference Panes > Quicktime > the tab - for setting the Connection speed for Quicktime - had a different name to the one it now has in Quicktime 7.x (Streaming).

What has this to do with iChat ? Well - iChat uses the Quicktime Codecs to produce the Video. Effectively a Video chat is a two way Video streaming event. (even though it is Peer to Peer or whatever you call a 4 way connection that works the same way). This means that iChat reads the setting that the Streaming /Connection speed in Quicktime is set to.

This setting directly effects any speed test that you do. The "Automatic" will return a correct speed from a web browser test site. Speeds lower than your connection speed will show the capped speed in the Connection Doctor in iChat (See Video Menu).

Unfortunately iChat does not work properly with the "Automatic" setting that is the default for Quicktime.
When you go to System Preferences > Quicktime > Streaming /Connection speed tab and the drop down it contains, you will find that "Automatic" is the selected speed. The other speeds are from 28.8K dial-up through to Internet and LAN speeds. Now these other settings return the speed as numbers (28, 100, 384 & 1500 for example) as you go up the list. "Automatic" returns a 0 (zero) that iChat (certainly up to 10.4.11) can not interpret for anything else.

Experience on the Apple Discussion Boards and Testing have taught us that the top setting of "Intratnet/LAN" does not work over Internet connections. Apple have yet to add faster settings to the Quicktime list although Internet Speeds have moved on by several factors since even Quicktime 4 and the G3 iMacs came out and put everyone on-line.

In Leopard and therefore iChat 4 the situation has changed as iChat sees the Automatic setting as 384k.
This will still cap your potential Streaming speed that iChat can use.

If your Connection speed (Download in particular) is faster than the next top setting of 1.5Mb/T1/Intranet/LAN then this is the setting to use.

Do Not worry too much about the Cable/DSL labeling alongside each speed as modern Internet speeds can often exceed these by some margin.

Some more history.

In iChat 2 and 3 before 10.4.7 only the Connection Doctor found in the Video menu (Audio menu if no camera) gave any hint as to why the chat had failed. At 10.4.7 Apple introduced a Log ability to iChat. This can be expanded when it pops up (details and the Reveal triangle) and the Log Error number seen. (See more on this page). Whereas the Fix had been discovered earlier, the Logs give more evidence that it is the Quicktime setting that has a bearing on Bandwidth issues.

Starting with the the Quicktime setting which you will need to move off of the default Automatic setting. This is done in System Preferences > Quicktime > Connection Speed tab in Quicktime 6 Streaming tab in Quicktime 7 and then use the drop down to set the Download streaming speed you have.

I say Download speed as some people will be using ADSL where their Download and Upload speeds will be different and the download is likely to be faster.

iChat seems to do better if you can match the speed as closely to your Download speed as possible. The exception is when your connection speed exceeds 1.5Mbps. If this is the case, set the speed to the 1.5Mb/T1/Intranet/LAN setting. Ignore the fact that "Cable" is mentioned with several of the higher speeds as ADSL and other forms of connection have caught up on cable service speeds.

Bandwidth in iChat

Next we have to look at iChat itself. There is a setting in here that can also cap iChat's use of your internet connection.

Go to the iChat menu (the Application name, top left next to the Blue or Grey Apple), select Preferences then the Video section.

If your camera is attached and On, you will see a Preview. (A grey space and comments about not having a camera if you don't have one). Below this are several drop downs. Depending which iChat version and factors such as multiple input devices (mics and cameras) you will have at least two. One of these is the Bandwidth Limit

As it says this is a Limit setting. By Default it should be set to NONE. The lowest setting is 100, meaning 100kbps. This is the lowest speed at which iChat will manage to Stream Video successfully.

Notes About iChat and Speeds (Click Me)

About iChat & Speed Tests

Actually iChat will not fail and give you an error message until it detects a Connection speed of less than 50kbps.

  1. - Other factors about this are:-
    1. - When you pay for a service a certain amount is lost to you by the actual process. If you Speed test your connection you should return figures that are about 80-90% of the speed your service is supposed to have and pay for.

    2. - iChat is set to use about 80% of the Connection speed it sees - or at least iChat 2 and the H263 codec was. It is difficult to be precise about the iChat 3 and H264 Codec but you can use the 80% figure as a guide to find out what you might actually be getting.

  2. So taking an easy starting point of a service quoted as 100kbps, the first speed test will show about 80kbps. iChat will cap this further to about 64kbps - well below the quoted minimum by Apple. A 128k service will just about get you there.

  3. In iChat 3 higher speeds are needed to do Video chats with 3 or more Buddies. This is particularly true for the Host or Initiator of the Chat as they handle all the In and Out data stream.

To restate this last bit. Use the Default setting of NONE in the iChat Bandwidth Limit Drop Down. Anything else will cap the speed iChat uses to connect with.

There are Exceptions. Due to the data stream management that some ISPs use to combat Peer-to-Peer File sharing apps like BitTorrent, it sometimes pays to limit the Bandwidth to 500kbps or even 200kbps. You will probably have to do this if you are with Comcast or Road Runner. Verizon FiOS fibre service can be unstable in some areas as a small fluctuation in their speed can be a large one for iChat's buffering of Video and this may also need the above options set.

Summary so far

Ok so we have looked at the Mac and iChat settings. We have broadened it out into Video Chat specific stuff about iChat settings. Now it is time to move on to the Modem and Router.

Things to do on the Modem or Router

Ok first we should check that your Network is set up correctly. This is not to say that what you have now does not work for the applications that you currently use. But iChat, like On-line games, requires that the computer you are using for iChat appears on your network in a specific place.

Side Bar on Linear Routing (Click Me)

Side Bar

As this information is required but is more about the why something must be the way it is I have decided to move the information into a box. It is up to you whether you read it or not.

The Concepts in Pictures (I hope)

When we address letters to someone we specify particular zones or areas to pinpoint where that person is (although we list it in reverse order). For example, picking someone everyone will know:-

Washington DC
The White House
The President
The President
in The White House
in Washington DC
in America.

Now if you consider the actual process of delivery it looks more linear.
Letterbox > Local Sorting Office > Regional or National Sorting Office > International transport > National or Regional Sorting Office > Local Sorting Office > Building and /or Person.

What I am trying to do here is paint a picture of a different ways we perceive a postal service to work.

Like letter addressing, your computer sits in a similar position
Your modem
(your router)

Hence the delivery of info must also be linear:
Other end > Router > Modem > ISP > WWW > ISP > Modem > Router > Your computer

Now because both Modems and separate Routers can sometimes both do DHCP and give the computer two IP addresses (a bit like saying a corner house is number 1 in one street and also number 57 in the another) See Pic 2 for overlapping networks This picture changes with some info first and then places the overlapping router network over the top effectively masking one level of addressing. It is in fact still there it just can not be seen in the System Preferences > Network Tab > Any connection method's TCP/IP tab. It this hiding that we want to avoid. Not because it is not useful sometimes, but so that we know that the addressing is linear and which IP the data is actually using to get through.

Ok so lets check out things.

Checking out the different devices and connections. I will be calling the box that connects your home to the Internet - a Modem - just for clarity. Other sites will call all connections devices - Routers - whether they can route to different computers or not.

  1. Dial-Up: Should be no problem as no ports are closed (Not able to Video chat though).
  2. IDSN: It is likely that this sort of connection device has all ports open and you are using a separate router as well. See 5.
  3. Cable Modem: A large number of these are set at the manufacturer to be in Bridge mode. This is where the device passes the ISP issued IP address straight through to a Router or a single computer. Means all the ports are open.
  4. ADSL modem: Much more likely to be set to be doing DHCP to the LAN as default. Also likely to only have a base number of port open by default (up to 1024) requiring the ports above this to be open.
  5. Router: A separate device between modem and computer(s) or other devices. Generally set to do DHCP as default. The real problem comes when NAT, the background method of opening ports with Port Forwarding and Triggering, is used on two connection devices (Modem and Router). Generally used in conjunction with 3. and 4. above.

Where to Check ?

On your Mac you can see the IP address given or being used in the System Preferences Network Pane.
Open System Preferences.
Click on the Network icon.
The Pane will change to the Network one. What is displayed depends on the last time you were here and what you had selected. If you have never made any changes the top drop down (Location) will say "Automatic". The second Drop Down generally controls what appears below the drop downs. However if you select you Connection method from this second drop down you will be taken to the next screen.
(that's Built-in Ethernet or Airport as the most likely)

Leopard has changed this. It displays the bit shown under the tabs but the tabs themselves are now in an Advanced Button. All the Network services are in a list on the left and not in a drop down.

Next click on the TCP/IP tab to make it the front one one.

The picture above is of my Tiger settings.

You can see that I have mine set to "Manually" in the drop down just under the tabs. If your Mac is still at default settings this drop down will read "Using DHCP". The boxes (Text Fields) below this will be pre-filled by the system. You will need these so make a note of them.

Reserved IP ranges for LAN devices

Info Box - The Ranges

Domestic connection devices have to be in particular IP groups. There are three groups.
  1. 192.168.xxx.xxx
    This is the most commonly used group. The "x"s can mean any number between 1 and 255
  2. 10.xxx.xxx.xxx
    This is the group that that Apple Airport Base Stations are in (in fact in a sub set of 10.0.1.xxx)
  3. 172.16.xxx.xxx through 172.32.xxx.xxx
    This is the least common. It also only part of the 172. set.

The question you need to ask is can you see a number that fits in one of those groups ?
Next does the IP in the "Router" box belong to the same group (have the same first three number the same ) ?
You can see from my picture earlier that my computer is IP and the "router" is (both start 192.168.1......) I have emphasized the "Router" setting because that is the label at this point on your Mac. It could be the Modem that it is actually connected to.

Don't Panic if the number is not in these groups. I will come to this in a minute.

As we know that an Airport device is going to most likely have the IP and the (first) computer is going to get This will mean you have two connection devices and we will come to that later as well.

If you have two connection devices this info you have gained so far is only partially useful. The IP you can see is coming from the "nearest" connection device. If everything is by ethernet cables this will be a router. If you are wired and wireless it will depend on the IP of the "router" box as to which device you may be connected to, but most likely is still the router as opposed to the modem.

If you are connected to two devices then disconnect from the Router and connect directly to the modem and repeat the above just to get the info in the simplest way.

OK, so you have two connection devices. When you connect to the modem and the TCP/IP is set to "Using DHCP" you get one number from one of the three groups above and when you add the router you get another. This tells you that both devices are doing DHCP. This a scenario we are trying to avoid.

Now at this point I am going to presume that you have not done the stuff on page 3 as no-one ever reads things in the right order (or at least someone else's view of order Happy 8 ).

If you do not get a IP that fits in the groups, see if it matches the number you see when you go here. This will show you what your Public IP is (the one you get from your ISP) - the one your Modem shows to the world.

At this point you should have several bits of information.
The IP of your computer, the "router" 's, as the box labels it, IP (you may have two, 1 for the modem and another for the actual router) and possibly your Public IP address.

What to do with the information ?

If you just a modem and you can see your Public IP on your computer then all the ports should be open and it is likely the other tweaks to Quicktime and the Bandwidth are the way to go.

The same should be true if you have two devices and testing the Modem alone shows a Public IP on your computer and the Router is known to be doing DHCP. In this case you may have to look at opening the ports. See below.

Pause and Info

Ok so I will describe my set up. From there we will work towards what you need to do.

This will tend to be how I got to where I am and how I help people On-line to change things at their ends

I had a Thomson Alcatel 510v4 Modem. These can route and has 4 ports (ethernet sockets) to enable 4 computers or other devices to be plugged in on my LAN. It can do DHCP or it can be turned Off to allow Static Routing.

I also had a Linksys WRK45G wireless router which adds, obviously, a wireless component to my network. This too, can do DHCP or have it turned off.

At this stage, before I started, both were in default DHCP mode - fine for Web Browsing and Mail but little else.

Turning off the DHCP in the Linksys router did not make it a Wireless Access Point, like a Airport device would become.

Stage one was to set the modem to next device to Static Addressing. This can best be done whilst the computer is connected to the modem directly.

For me this meant going into the modem set up pages (type the required IP into a web browser) in my case this was - Turning Off the DHCP and then setting the computer System Preferences > Network > Built-in Ethernet > TCP/IP tab to Manually and filling in the boxes with the correct info.

Stage two is to include the Linksys in the set up. It needs to replace the computer at the IP I gave the computer in the stage above. (the Mac will need to go back to DHCP for the moment as you can not do Stage 3 first) This meant using a web Browser to access the set up pages on the Linksys ( in this case). You have to find the set up page for the link up to the Modem. This is often called the WAN or Internet setting (even if the device is not directly connected to the Internet). It is essentially the side that is "closer" to the internet connection. Like the Mac was set to Manually, the Linksys had to be set to use Static IP addressing to the Modem. I had set the Mac to IP in Stage 1 I now set this in the Linksys. Go and look at this pic It shows, in the top section, that it is set to use Static Addressing and then like the Mac has some text fields that are filled in with the info required.

Stage 3 is to then decide how to set the Addressing from the Router to computer(s). As you can see from the picture in the link above I went for Static again. This meant turning Off the Linksys' DHCP server and setting the Mac to use an IP in the range covered by the Linksys.

OK So to recap a bit.
Stage One: Turn off DHCP in the Modem. It's IP is so I gave the Computer (it could have been any number between 1 and 255 except for the 138). Filled in the rest of the data needed on the Mac.
Stage Two: Connect the router. Set it to use a Static IP to the modem (like the Mac was above) including filling in the text fields with the info.
Stage Three: This is optional but will be guided by your device and how you have to open the ports. This involved, for me, turning Off the DHCP server in the Linksys and setting the Mac to use a Static (Manually) IP and fill in the info to connect to the Linksys.

About the Other Info.

You will see from looking on your Mac and on the Linksys pic I linked you to that there is something called the "Subnet Mask" and "DNS Servers"

The SubNet Mask is part of the way the Addressing works and does not need to be gone into here (you just need to copy it from the DHCP screen to the Manually screen or the router if required)

The DNS servers are the servers at your ISP (Or that they point you to) that change the Names of Web sites to IP numbers that are used to send you to the right point. They may have come in a hardcopy of the ISP info you got when you started your service or some devices get it from the ISP automatically. If they show up they will need copying across as well.

You will see in the Pic of my Linksys that it lists the "Default Gateway". This is name that some devices use to identify the next device up the line. In my case it is the Modem as you can see by the number that is filled in.

This gives me a subnet from my Thomson Alcatel modem to Linksys router that only includes those two devices. It also gives me another subnet from Linksys to all the computers at my home and an X-box.

Right. You should now have several bits of info.

  1. The IP of your computer
    1. when connected to the Modem directly
    2. Possibly a another one connected to the Router
  2. The IP of the Modem as shown in the "router" entry on the Mac
  3. You may also have the IP of the router if you have two devices
  4. The Subnet Mask info
  5. The DNS Server info (if it shows up)

You will need to make up/choose:

  1. An IP to use with the Modem from the device that connects to it
  2. Possibly another IP in the router's range to use from computer to Router

How far you have to go with all of this can depend on what the device can do in terms of opening the ports. With DHCP, every time a DHCP lease runs out and the computer(s) end up with a different IP it looks to the modem or router like a new computer on the network. As Port Forwarding (the most common method) can only point to one computer or device and can be a problem if the IP changes on the computer or device. UPnP and Port Triggering allow Multiple computers and you may find you can leave DHCP On as it does not matter what IP the computer or device is.

Another factor is security. If you use Static routing most routers and modems will let you set in some form or another the amount of computers that can connect to them. On some devices like my Linksys you can in fact limit the of DHCP issued IP addresses to the number you want (as low as One if you like)

One advantage of Static routing is that each computer is always "in the same place" so to speak. I find I prefer it just in case of power interruptions.

The thing you are trying to avoid with all of this is two lots of NAT. This is using Port Forwarding, Port Triggering or DMZ on two connection devices to open the ports. Also important is to make sure your Network works like you think it does in a point to point manner.

Off we go then.

If you have just a modem and a computer and the Public IP shows up on the computer then do nothing. DO consider using you Mac Firewall as your computer can be "seen" easily on the World Wide Web.

If you have just a modem and a computer but the Modem is issuing IP addresses (routing). You could leave as it is. If you only have Port Forwarding to open the ports though, consider making it a Static IP network. (or limit the DHCP IP range or use any "Forever" setting it may have).

If you have a modem and then a router before your computer and the Modem gives you a Public IP like the example two above then again you could decide to do nothing. If the router only has Port Forwarding or Port Triggering (both of which use NAT) it is not going to be effected by the Modem. The Modem is not actually the device doing DHCP, it is a server at the ISP level and the way the modem works means the ISP DHCP addresses do not get past the modem. Like the example directly above you could look at changes for security and convenience if there are power outages.

If you get different IPs shown from the Modem and the Router when you have two devices then this is the nightmare one to work out. Turn off and set Static routing from at least one device. As you may have multiple computers after the router it is more likely that doing this in the modem to router link is going to be easiest.
You of course want to avoid any method of opening the ports that involves NAT more than once between the two devices. This may mean you have to use UPnP at least once. If neither device has UPnP then look to see if one of the devices can be put into Bridge (modem) or Access Point (router) mode. Otherwise you are going to be stuck.

Airports as Exceptions

Having an Airport Base Station is an exception to the latter Access Point mode. If DHCP is turned Off in this device it defaults then to a Access Point. This is done with a Utility found in Applications/Utilities called Airport (Admin) Utility (the name changes in Leopard).
Open this Utility. Log on to your Airport in the first, small window. Click on the Network tab in the main window that pops up. (It looks a bit like the System Preferences Network Pane).
Deselect the radio button that says "Distributing Addresses".
This will turn Off DHCP and NAT in the Airport. If the Modem is doing DHCP it will give IP to the Airport and the computers beyond it without the Airport adding it's own routing data to the packets. Again consider if the network would be tighter if the modem to Airport (and beyond) was a Static address to each device. This would mean making the link from Modem to Airport a Static one as well as Modem to computer(s).

If you do need to set up Static routing from modem to Router read the three stages in the box above and transfer the process to your device.

Port Opening Revisited

With any of these methods use one and one alone to avoid any clashes when making the settings on one device. You can use different methods on different devices. Your goal is to set up your network with only one device doing a method that uses NAT or to make it as linear as possible to avoid NAT issues.

Port Forwarding, Triggering or DMZ

If it still doesn't work - you will need to change the settings on your router.

This section will deal with opening ports with Port Forwarding then DMZ and Port Triggering

Most routers, modems and combined devices are accessed by, and configured through, a web browser. Consult your documentation for how this is done. You are looking for an IP number that you type in the browser address field.
(NOTE: Mine is for my Alcatel 510 Speedtouch). This site at portforward.com/ offers links to information on many routers. (read as Modems as well we are back to talking about them generically again)

  1. This will display HTML pages that let you configure your router.

  2. Select Advance(d) (Most likely to be here). You may need to look for something that says NAPT or variant or it may be called Port Forwarding, Virtual Servers or Pinholes.

  3. From the Port Forward site or your documentation follow your devices instructions to "open" ports and TCP and UDP protocols required.

Screen shot of my Thompson Alcatel 510v4 page.
Alcatel Screen Shot1clearMine shows a grey but blank single line near the top. This will expand on my list as I add more ports. In the previous screen to this, it read "New" where it now reads "Apply". Your device my have a similar new entry on a table.

There are several text fields to fill in on mine.
  1. Inside IP: (Type in your computer's IP)

  2. Incoming port (type in 5060)

  3. Outside IP Address (leave blank [Or type] as you don't know where it is coming from and this is the recognized way of doing this)

  4. Outside port (type 5060)

  5. Where it says protocol enter UDP.
    1. Repeat for TCP if you don't have a "both" option. when you get to ports 5190 and 5298.
  1. Repeat 1 - 4 for all the port numbers if you can only enter one port at a time like the picture.

  2. Repeat E.i for port 5298

You may have a table that is laid out differently from my Alcatel and it my allow you to enter all the ports in one entry field like the Mac Firewall. You may have to find out how your set up pages allows groups of ports to be put in with regards to spacing or dividers.

This is my Linksys page for similar settings. This has a table that is in full view but needs filling in. It has options for TCP, UDP or Both. As can be seen the base of the IP range is pre-filled and it is the individual IP (last block of digits, currently reading 0) that gets entered. You will also see that it can open a group of ports by having a Start Port and End Port following the name entry for the setting.

Most devices will still only let you Port Forward to one computer.

You can find your IP address in System Profiler under Network or from the Network pane in System Preferences and selecting "Built in Ethernet" or "Airport" in the second drop down button if using Panther (10.3.x) or Tiger (10.4.x). In Leopard you have to use the Advanced Button to get to the tabs. If you have more than one computer this is where you will need to change the "Using DHCP" setting to "Manually" to set a Static IP address.

Additional Resources (Click Me)

Additional Resources

I found this site useful for getting extra info by users of routers on DSL.
This site has an Apple Related Area, in the Technical section, lower down the screen. It is searchable. You can post if you register. It has Private Messaging as well.
Don't forget the Port Forward Link

AS you can see my two devices in the pictures above have different layouts. The Port Forward site has pictures on it as well. Another place that allows you to access some emulated pages is this site at geeksquadwiki.com (router Emulator page) There are more in some of the links. They give you the chance to see what other devices look like to compare how to do the settings, the wording used and where those settings can be found.


DMZ is best viewed as an Extreme form of Port Forwarding. It effectively opens ALL the ports to One IP Address (Computer) in a Enable/Disable option. It may be of use from Modem to Router in a set up with two devices BUT remember it is still a form that makes use of NAT and could cause you problems if the router can only do a NAT form of opening the ports. I would use it for testing only

Trigger Ports/Port Triggering/Special Applications

Some routers have Trigger ports. It is designed to 1) allow multiple computers to use the same ports and 2) be as secure as it can be about this. The router/modem has to be set up with a condition to open other ports only when it receives an incoming data package on the right port. The port that needs to be set as the trigger is port 5678 as this is where Video and Audio invites arrive. It needs to then open (trigger) ports 5060, itself (5678) and the group 16384-16403. These are the ports involved in the Video or Audio chats. For this method see the pics lower down on this page where the entries can be made on one line. (the Ports are in fact Wrong and need to be the ones listed in this paragraph). The Bonjour port and Jabber ports will need lines of their own, similar to the single port lines in the Linksys pic below.

The port 5190 needs to trigger itself. This is the one used for Logging on to AIM, sending files and Text Chatting. If you are using Rendezvous (Read as Bonjour as well) through the same device you will need set the three Rendezvous ports to trigger themselves (5297, 5298 and 5353). Jabber ports for iChat 3 and above need 5220, 5222 and 5223

A partially filled in table from my Linksys is here. I do not have to state the protocols on my table but on most other devices you do.

You will notice that It can not set the ports on one line so port 5678 has to Trigger port 5060 and then 5060 has to Trigger 16384-16403.

It is in fact a partial part of the page as well.

A word about more recent changes in Router and Modem capabilities. In an apparent effort to be more secure some devices now need you to set the protocols when you do Port Forwarding. For some devices this can cause problems for some reason based on the fact the Port 5190 is then opened for two protocols. It seems to give the same results as trying to Port Forward the same port to two computers (IP addresses). The solution is to Disable the TCP setting for this port in the device and change the Login port in iChat (Preferences > Accounts > Server Settings tab/button) to 443.

Other Forms of Opening the Ports


Some newer routers and modems now come with the UPnP (Universal Plug and Play) setting. Some older routers can obtain this function with Firmware updates for the device in question. (check the Manufacturers web site). This allows the required ports to be opened by the application, of which iChat is capable, and have them close after the session is finished.

It is the answer to many a iChat routing problem. It:-

  1. Allows multiple computers to use the same ports
  2. Does NOT use NAT as heavily to make it's way through the device.
  3. Can be used in conjunction with another device that is using NAT

Problems with this can be trying to use UPnP with Port Forwarding or Port Triggering at the same time (on the same device)

Port Mapping Protocol

On Apple Base Stations there is a process called Port Mapping Protocol. It is heavily connected with NAT.
On the latest firmware for 802.11n devices and 10.4.x and above it is actually on the NAT page (which itself is a tab of the Internet page. See Picture)
In the older firmware version it is On by default and linked to Sharing an IP. Essentially it should be ON. It does not need Ports to be listed to work with multiple computers.

It has been developed by Apple as an alternative to UPnP.

Where you are up to ?

By now you should be at least able to log on to AIM and Text chat, send files and change you Buddy pic and see the new ones from your Buddies.

With some luck and close following of the instructions here you should be able to Audio or Video Chat to those that are equipped to do so or One-Way Chat if they are lacking a cam or mic.

You may have had to open ports in your Firewall on your Mac and possibly the same for your router.


There remains one thing that might be effecting a small group of you with specific Modems.

This is the Binding of SIP to port 5060. This is a form of NAT Binding where SIP data is forced to use one port in the Modem or router irrespective of where the application says the SIP port should be and is explained here, which I have separated off on to a new page as this one is so long already.

This page. Top of Page - Ports: Mac and Modem - To Do on the Mac - Quicktime (error-22)
Bandwidth Limit - Modem/Router Settings - Where to Look - LAN IP Groups
Sorting Your Network - NAT Based - Port Opening Revisited - Non NAT Methods
Next page Connection Problems - The Text in A Box
The one after that Page 5

© 2005 Ralph Johns: Edited 24/9/2005, 5/5/2006
Updated September 2006. Moved to Gargoyles Mar 2007
Edited on 11:17 PM Saturday; August 30, 2008 with new layout and info.

Information Block

This site is about iChat from Version 1 through to iChat 4.x.x

It has a mixture of basic info and problem solving help.

The setions below will change for Specifics about info on the page on view

If you find these pages helpful please Donate to help keep them up to date

About This Page

Based on the list above of the Sections of this page

Ports: Mac and Modem

This section is on opening the ports in the Mac firewall.
Do not worry that it is too simple for you - it is designed for those who have never even found the Mac firewall or have never done anything other than turn it on, based on the faith that it should/must be doing something

To Do on the Mac

It quickly becomes this section on how to actually do the Port setting on the Firewall. This is definitely going to be longer than the step by step information on how to set the firewall.

Open System Preferences
Open Sharing
Open Firewall tab
Choose New Button
Set ports. Apply with the OK button
Job Done


This really starts with a title -

"Other Settings in iChat and The OS" -

It is essentially about what to do about solving the Error -22 in OS 10.4.7 and above. The section is mostly made up of the "Side Bar" explaining some history of the various Quicktime codecs that have been used in Quicktime 6 and 7 - the names of the tabs involved and what that means for iChat 3 in particular.

Bandwidth Limit

Directly under the "Side Bar".
Tells you the best setting is 1.5Mbps in the System Preferences
Quicktime. Streaming or Connection Speed tab

Under that it goes on to tell you about the Bandwidth Limit in iChat Preferences itself.

There is a "Notes" item drop down in the section explaining the absolute lower limit of iChat.

Modem/Router Settings

Ok. You really need to do this bit.

The best equivalent I can come up with is On-Line Games

These use ports above the NAT threshold (1024). For these Games and other IM applications, various ports above 1024 (out of 1024-65535) specifically have to be open.

iChat's are the same as the top section.

I added a Side Bar at this point trying to explain the Addressing issues around this using Real World examples. It also looks at, somewhat, the problem of Overlapping networks (subnets).

This is followed by a brief description of what your LAN might consist of.

Where to Look

The Link that then tells you how to find out the above.

Starting with Where on the Mac to Look -
System Preferences
Connection Method
TCP/IP tab. With Tiger Picture.

LAN IP Groups

Then there is an Info Box on what certain IP address you might see mean to you.

The section on Where to Look continues with how to physically change your network to find out for certain which IP addresses you might get at each stage.

Sorting Your Network

There is a Summary Box of the steps so far.

Then what steps you might need to take to get an effective LAN for iChat are explained.

Port Opening Revisited

A revisit to some of the info on Page 3 separated out into...

NAT Based

Port Triggering, Port Forwarding and DMZ

Descriptions and examples of Port Forwarding on two devices for Port Forwarding and one for Port Triggering

Other Methods

And then UPnP and Port Mapping Protocol.


Confirmed to work with Win/IE 5.5 and later (should work in 5.0, but not confirmed), Firefox 2, Safari 3, Opera 9, iCab 3.02 and later, Mac/IE 5, Netscape 6 and later

Old browsers (IE version 4 or earlier, Netscape 4 or earlier) should only see a text-based page which, while not the prettiest option, is still entirely usable.