[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
i use openbsd (just upgraded to 3.5) for my nat/firewall machine. this
machine is connected to a comcast cable connection. i was wondering if
it is possible to use apples ichat av through a pf nat/firewall.
the reason i ask is because apple has this page up about using ichat av
i opened the network ports specified in this document, but could not
establish an audio or video chat connection.
apple also has information about which routers are compatible with
while i was rooting around for information, i also came across the
natcheck utility which tests if the nat device is p2p friendly.
i get the following results when i run it
Address translation: NAPT (Network Address and Port
Consistent translation: NO (BAD for peer-to-peer)
Unsolicited messages filtered: YES (GOOD for security)
my knowledge of the subtleties of nat and packet filtering is far from
extensive. is it possible to get consistent translation with pf? when i
do a google search for
"openbsd nat consistent translation" i get a post by ryan mcbride on
the pf mailing list
however, it seems that sticky connections and the consistency ryan
refers to is for clients connecting to a pool of servers behind a nat
gateway acting as a load balancer. it does not help with this issue.
i have tried to remove all packet filtering rules from /etc/pf.conf and
nat on $ext_if from $int_net to any -> $ext_if
and i get the same results when i run the previously mentioned natcheck
utility, so i know it is not a function of any packet filtering that i
i have also tried to append "random sticky-address" to the end of my
nat directive and i still get the same results from natcheck.
i know folks who have gotten multiple ichat av sessions going through a
single natted net connection.
i love using openbsd and have been really impressed with what my
gateway machine can do compared to a prebuilt linksys or netgear box.
being able to use ichat av would be a great bonus.
thanks in advance
ali asad lotia