PF and iChat AV

Contributed by sean on 2004-05-06 from the poking holes for fun and profit dept.

lotia writes:
I love using OpenBSD as my firewall/nat box and use OS-X as my desktop machine. Untill now, I have been delighted with how my OpenBSD box performs so much better than most of the other nat/firewall setups that people have. Recently I have needed to use iChat AV on my OS-X machine and have not been able to get to work. I would ideally like to be able to get more than one machine to work at the same time. Apple's documentation on iChat AV: How to Use With a Firewall or NAT Router has not yielded any results. They also have a list of devices that work out of the box. My question to any PF gurus is, what are these boxes doing that PF does not? is there a way to get it to work?

(Comments are closed)

Comments

By sthen (213.152.51.85) on 2004-05-06 20:38

here are clues...
By Anonymous Coward (64.42.240.241) on 2004-05-06 21:43

Time to bust out tcpdump and see what's happening.
By Eric Zylstra (68.252.224.105) ezylstra@mac.com on 2004-05-06 23:40

I use PF doing NAT for my home network. I can iChat easily with other iChat users. No luck for chatting with AIM 5.5 users, though, unless I use my fixed IP address. That is a different issue though, not a PF issue.
Comments
1. By fidooda (24.200.61.89) on 2004-05-07 02:49
  
  I understand that it was not mentioned in this article, but i do believe the issue resides with audio/video chat. I never had an issue for text chats (ichat) behind an OpenBSD Nat firewall.
  Comments
  1. By Eric Zylstra (68.252.224.105) ezylstra@mac.com on 2004-05-07 23:51
    
    I'm talking about video to video. Who really cares about text to text?
By sickness (81.72.132.65) on 2004-05-07 08:54 http://www.sickness.it

I use OpenBSD as home gw/fw and also at work since 2.5, and, If I understand this issue correctly, the audio video problem is not a problem of iChat itself, the problem is that H.323 is a pain in the ass trough NAT :/ For example, with windows NetMeeting the story is the same. Try OpenGateKeeper or other H.323 capable proxy YMMV (p.s.: I have an ibook and text iChat works, never tried A/V)
Comments
1. By Anonymous Coward (24.233.62.177) on 2004-05-25 14:51
  
  iChat AV uses SIP, not h323
By Brad Schonhorst (216.223.202.2) on 2004-05-07 14:06

Hmmm.... I'm using the same setup both at home and at work, OpenBSD and PF for firewall and nat with OS X client. Haven't had any trouble using iChat AV even with my iSight...course I only know one person with an iSight so it does do much but collect dust these days. Is the trouble incoming connections, out going connections, or both?
By John Heaton (205.244.233.143) on 2004-05-07 15:22

Look here for some advice given on this very topic. It worked for me when I was having problems with voice or video chatting.

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (1)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (2)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]