rfimbel-ga:
Thank you for your question regarding the problems you and your
brother-in-law are experiencing with iChat AV.
I am structuring my answer based on the following assumptions. If any
of these assumptions are incorrect, please let me know:
- Both you and your brother-in-law are using iChat AV on Macs;
- When he is connected directly to the cable modem, neither you nor he
have any problems initiating or receiving chat session requests;
- Your brother-in-law is familiar enough with his router to access its
administrative webpages, and knows the IP address of the router to do
so
- Your brother-in-law only uses his computer at home, ie. it is not a
laptop that is also used in other computer networks in addition to his
home.
Steps to take (for your brother-in-law):
1) The first step is to assign your brother-in-law's computer a static
IP address, if it is not already in place (as opposed to a dynamic, or
DHCP-assigned, IP address controlled by the router).
a) access the router's admin pages using a web browser (default
address is http://192.168.1.1; yours may differ if you have customized
your router's configuration)
b) go to the 'DHCP' tab, and look at the 'Starting IP Address';
default is 192.168.1.100.
c) go to the 'Status' tab, and look at the 'Internet' section, write
down the 'DNS' server IP addresses (up to three will appear)
d) on your brother-in-law's computer, he will need to reconfigure it
from DHCP (assuming that is it's current state) to a static IP
address. The following instructions are for OS9.x, please ask for
clarification if he has a different OS and is not able to figure out
how to do this:
- Go to Apple > Control Panels > TCP/IP
- 'Connect via' should already be 'Ethernet'
- Change 'Configure' to 'Manually'
- For IP address, enter 192.168.1.99
- For Subnet Mask, enter 255.255.255.0
- For Router Address, enter 192.168.1.1
- For Name server addresses, enter the DNS IP addresses from step c)
- Go to File > Close, clicking 'Save' when prompted
- you may need to restart the computer
2) Now that your brother-in-law's computer is set to a static IP
address, we can set up port forwarding in the router
a) access the router's admin pages using a web browser (default
address is http://192.168.1.1; yours may differ if you have customized
your router's configuration)
b) go to the 'Advanced' tab, then to the 'Port Forwarding' tab
c) repeat the following steps for each of the following ports: 5060,
5190, 5678, 16384-16403
- for 'Customized Application', enter iChat
- for External Port enter the range of ports (ie. 5060 - 5060 for
the first one; 16384 - 16403 for the last one)
- for port 5190 only, check TCP; leave unchecked for the others
- for all ports, check UDP
- for IP address, use 192.168.1.99 (you only need to type the '99' part)
- check 'Enable'
- after repeating, you should have used four rows
d) Click 'Apply'
At this point, please test out iChat to see if this works for your
specific situation. As far as security goes, these changes will leave
the above ports 'open', in that any data sent to your brother-in-law's
IP address for those specific ports will be delivered to his computer.
This is still safer than if your brother-in-law were to leave his
computer connected directly to the cable modem, as all other ports
will still appear 'closed' to anyone scanning the IP address.
Please let me know if you require any clarification, or if any of this
does not work. Also, if this does not work, please let me know the
details concerning your brother-in-law's computer, such as the model,
the operating system, and how he uses the computer.
Regards,
aht-ga
Google Answers Researcher |
Clarification of Answer by
aht-ga
on
05 Jan 2004 23:42 PST
Assuming that your brother-in-law is able to use his computer
wirelessly for other activities, the wireless connection should not be
the culprit.
There is one "quick-fix" method to test this out.
Go to the 'Security' tab, and enable the DMZ host, entering the IP
address of your brother-in-law's computer (ie. '99') in the IP address
field.
Please note that this will forward all ports to your brother-in-law's
computer, and is equivalent to hooking his computer up directly to his
cable modem. This will also bypass the router's firewall function,
unfortunately. However, it will remove the router as a potential
obstacle, allowing us to trace the problem. If your brother-in-law is
OK with leaving his computer in the DMZ, then this can also be a
solution once he sources a software firewall for his computer.
Regards,
aht-ga
Google Answers Researcher
|
Clarification of Answer by
aht-ga
on
06 Jan 2004 19:05 PST
Do either of you happen to have the Mac OS X firewall turned on (it
may be on by default)? If so, please ensure that you have followed the
steps in the Apple page:
--------------------------
1. From the Apple menu, choose System Preferences.
2. From the View, choose Sharing.
3. Click the Firewall tab.
4. Click New.
5. From the Port Name pop-up menu, choose Other.
6. In the Port Number, Range or Series field, type in:
5060, 5190, 5297, 5298
7. In the Description field type in: iChat AV
8. Click OK.
--------------------------
As well, when you mentioned that you also turned on the DMZ host at
your end, does this mean that you also changed the IP address of your
computer to a static IP?
Regards,
aht-ga
Google Answers Researcher
|