SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-07-2008, 08:35 AM
| ||||
| ||||
 iChat on Mac OS X behind OpenBSD firewall Hello, I have an OpenBSD 4.0 firewall and Mac OS X as client behind it. The problem is that I can't get iChat's screen sharing or video/audio chat working. I guess I need some specific rules in my pf.conf... Does anyone know the exact rules which I need ? Many thanks Regards      |
|
04-07-2008, 08:35 AM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall syn_nospam_uw <syn_nospam_uw@hotmail.com> wrote: > I have an OpenBSD 4.0 firewall and Mac OS X as client behind it. The > problem is that I can't get iChat's screen sharing or video/audio chat > working. I guess I need some specific rules in my pf.conf... Does anyone > know the exact rules which I need ? Check iChat's help system, which gives you the necessary ports that may be open. iChat usually uses some form of automatic port mapping, which I do not think OpenBSD has, which is why it isn't working by default. -- Aaron Hsu <arcfide@sacrideo.us> | Jabber: arcfide@jabber.org ``Government is the great fiction through which everybody endeavors to live at the expense of everybody else.'' - Frederic Bastiat |
|
04-07-2008, 10:42 AM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall Aaron Hsu wrote: > syn_nospam_uw <syn_nospam_uw@hotmail.com> wrote: > >> I have an OpenBSD 4.0 firewall and Mac OS X as client behind it. The >> problem is that I can't get iChat's screen sharing or video/audio chat >> working. I guess I need some specific rules in my pf.conf... Does anyone >> know the exact rules which I need ? > > Check iChat's help system, which gives you the necessary ports that may > be open. iChat usually uses some form of automatic port mapping, which I > do not think OpenBSD has, which is why it isn't working by default. > actually, openBSD supports Upnp with the addition of one or 2 small utilities and some revision of pf's ruleset to handle it. after that, port mapping should be automatic. -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 |
|
04-07-2008, 10:42 AM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall Technomage Hawke <technomage-hawke@127.0.0.1> wrote: > actually, openBSD supports Upnp with the addition of one or 2 small > utilities and some revision of pf's ruleset to handle it. > > after that, port mapping should be automatic. That's good to know! I've wondered though, whether the Port mapping used by the Macs, such as those on Airport and I believe iChat is the same as UPNP? If not, does OpenBSD have the means and current code supporting the Apple version? -- Aaron Hsu <arcfide@sacrideo.us> | Jabber: arcfide@jabber.org ``Government is the great fiction through which everybody endeavors to live at the expense of everybody else.'' - Frederic Bastiat |
|
04-07-2008, 05:11 PM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall Aaron Hsu wrote: > Check iChat's help system, which gives you the necessary ports that may > be open. iChat usually uses some form of automatic port mapping, which I > do not think OpenBSD has, which is why it isn't working by default. I've found an article here: http://docs.info.apple.com/article.html?artnum=306688 Thought I'd post it, in case in also interest other people... Will have a go at it right now. |
|
04-08-2008, 05:52 PM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall Aaron Hsu wrote: > Technomage Hawke <technomage-hawke@127.0.0.1> wrote: > >> actually, openBSD supports Upnp with the addition of one or 2 small >> utilities and some revision of pf's ruleset to handle it. >> >> after that, port mapping should be automatic. > > That's good to know! I've wondered though, whether the Port mapping used > by the Macs, such as those on Airport and I believe iChat is the same as > UPNP? If not, does OpenBSD have the means and current code supporting > the Apple version? > that I am ot so sure about. However, if you google for openbsd+upnp+igd you will get some very useful info.... as for apple mac os X, I am not familiar enough with that yet to do more than suggest this. -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 |
|
04-09-2008, 04:49 AM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall >>>>> "Aaron" == Aaron Hsu <arcfide@sacrideo.us> writes: Aaron> That's good to know! I've wondered though, whether the Port mapping used Aaron> by the Macs, such as those on Airport and I believe iChat is the same as Aaron> UPNP? If not, does OpenBSD have the means and current code supporting Aaron> the Apple version? Apple has their own protocol, RFCed as "NAT-PMP", similar to Microsoft's UPNP, but strictly for punching holes in firewalls. However, it appears that iChat for leopard is probably a lot more aggressive about using alternate technologies, perhaps including UPNP. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! |
|
04-09-2008, 10:41 PM
| |||
| |||
| Re: iChat on Mac OS X behind OpenBSD firewall I have been experimenting a bit with PF to get iChat to work, unforuntately nothing to do I can't manage getting a video chat to work... Maybe can someone help or have an idea what could be wrong ? I have the following rules in my pf.conf just for iChat: rdr pass on $ext_if proto udp from any to any port 16393:16402 -> $int_mbp_ip port 16393:16402 rdr pass on $ext_if proto udp from any to any port 5060 -> $int_mbp_ip port 5060 rdr pass on $ext_if proto udp from any to any port 5190 -> $int_mbp_ip port 5190 rdr pass on $ext_if proto udp from any to any port 5678 -> $int_mbp_ip port 5678 rdr pass on $ext_if proto tcp from any to any port 5190 -> $int_mbp_ip port 5190 rdr pass on $ext_if proto tcp from any to any port 5220 -> $int_mbp_ip port 5220 rdr pass on $ext_if proto tcp from any to any port 5222 -> $int_mbp_ip port 5222 rdr pass on $ext_if proto tcp from any to any port 5223 -> $int_mbp_ip port 5223 rdr pass on $ext_if proto tcp from any to any port 5298 -> $int_mbp_ip port 5298 $ext_if is my external interface with external IP, $int_mbp_ip is my Mac OS X 10.5 workstation. Thanks Regards |
|
04-10-2008, 05:13 PM
| ||||
| ||||
| Re: iChat on Mac OS X behind OpenBSD firewall syn_nospam_uw <syn_nospam_uw@hotmail.com> wrote: > I have been experimenting a bit with PF to get iChat to work, > unforuntately nothing to do I can't manage getting a video chat to > work... Maybe can someone help or have an idea what could be wrong ? One thing you should try: examine exactly what Mac OS X tries to do with tcpdump, and then check how your router responds. -- Aaron Hsu <arcfide@sacrideo.us> | Jabber: arcfide@jabber.org ``Government is the great fiction through which everybody endeavors to live at the expense of everybody else.'' - Frederic Bastiat |
Linear Mode
