Mac OS X 10.5: Using iChat with a firewall or NAT router

Summary

Mac OS X 10.5 Leopard includes a new version of iChat that makes it easier to conduct audio and video chats through firewalls and NAT routers.

In general, the configuration of most firewalls or routers will permit iChat traffic to pass through without requiring any changes. However, if you experience issues establishing iChat audio or video chats, you may need to apply the recommendations in this article to your networking devices.

For Macs running Mac OS X 10.4 Tiger, please see 10.4: Using iChat with a firewall or NAT router.

Products Affected

Mac OS X 10.5, iChat

About firewalls and routers

Your network setup may involve firewalls, routers, or a combination of the two.

Mac OS X comes with a built-in firewall. If your Mac is directly connected to the Internet, for example through a broadband modem, the local firewall must allow iChat traffic through for iChat to function correctly.

Alternatively, your Mac may connect to the Internet through a router or wireless base station, such as an AirPort Extreme. In this case, the configuration of the router or wireless base station may need to be changed to permit iChat to work.

To learn more about configuring your router or wireless base station, consult the documentation that was supplied with your device.

Of course, if you use a combination of firewalls and routers, you may need to change the configuration on all of these devices to permit iChat audio and video chats to take place.

Port requirements for iChat

By default, iChat on Mac OS X 10.5 attempts to use UDP port 16402 for all audio-video iChat traffic. If port 16402 is not available, iChat will try the next lowest port for the next ten ports, until it finds a port that it can use. So the range of ports that must be enabled in your router or firewall must include 16393-16402.

If none of the ports in that range are available, iChat will make a last-ditch attempt and select a port at random.

Unlike previous versions of iChat, iChat on Mac OS X 10.5 does not require more than one port to be open simultaneously. Once a valid port has been located, all signaling and AV traffic will be transmitted over that port.

If your firewall or router gives you the option of enabling incoming and outgoing ports, you should ensure that the range 16393-16402 is included in both lists. You should also ensure that connections can be made to external hosts on port 5678 for the SNATMAP service. The SNATMAP service, discussed in more detail here, enables iChat clients to communicate with one another, even if they are behind NAT firewalls.

Port requirements for audio or video chats with previous versions of iChat

When Mac OS X 10.5 and Mac OS X 10.4 Macs engage in an audio or video chat, the 10.5-based Mac continues to use a single port (in most cases, 16402). All incoming and outgoing traffic will travel over that port. The 10.4-based Mac uses a combination of five ports.

If you have a mixture of 10.4 and 10.5 Macs behind your firewall or NAT router, in addition to the ports described in this article you should also open up the ports described in the relevant article for Mac OS X 10.4.

Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked