[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ichat av



	Based on the rdr rules, I guess	iChat is using SIP(RFC 3261).
> rdr on $EXT  proto udp from any to ($EXT) port 5060 -> $ICHATCLIENT
	Port 5060 is used for call signaling.
> rdr on $EXT  proto udp from any to ($EXT) port 16384:16403 -> $ICHATCLIENT
	These ports are used to receive multimedia data. Each session can uses a different RTP port. The correct one is negotiated by the signaling protocol.
 
> > i know folks who have gotten multiple ichat av sessions going through a 
> > single natted net connection.
> 
> Hmm... I quit when I got one to work, since that was enough for me.  But 
> I'd be really interested in how they did this, maybe you could ask them?
	Based on the NAT mapping algorithm used by the gateway/firewall box, multiple SIP sessions can or cannot be established simultaneously. There are four types of nat: Full Cone, Restrict Cone, Port Restrict Cone, and Symmetric. 
	Those linksys/netgear boxes usually implement one of the first three. With a proxy that tells the client the external IP and the NAT mapping being used, RTP streams usually pass those gateways easily.
	PF nat is symmetric. In other words, it's not guarantee the external port used by the gateway will be the same port used by the local client (a complete different mapping for each connection). The RTP stream is blocked by the firewall since it does not have a clue about the incomming data stream. Possible solutions involve the use of a media relay server, a UPnP aware gateway (if iChat can use UPnP), a connection helper application (something like ftp-proxy). etc.
	
-- 
Tiago Pierezan Camargo <elessar at matrix.com.br>
 (o_.'  The boozy penguin says:  
 //\c{}   "VI VI VI The editor of the beast."
 V__)_