My best friend is moving far, far away. I hate it. I like hanging out with him, I like telling stories with him, I like playing games with him. And damn it all, we’re in the middle of an arc!
Not to be selfish, but I don’t want to lose one of the best friends I have.
It’s peculiar, I think, since most of my friends who’ve moved on, I think ‘eh, we’ll meet up again’ and I don’t dwell on it. JMG says he’s moving and I’m in shock, a little tears, and a lot of ‘damn it, that’s 10 hours!’ Ipstenit says it’s because we’re growing up, I think it’s because JMG and I are the same level of immaturity.
I want to be rich, so I can be his patron and fund him being artistic all the time. But I sort of need a patron myself.
Anyway, in the effort of ‘We will not stop being buddies!’ Ipstenit and I came up with the idea of an iSight. So one trip to the Apple store later, we have a pair of the buggers and we send one to him, and start screwing around with the other. Around 1:30am Sunday it won’t work, to the point that it hosed our router. [I just figured out that what happened was our router thought the video chat was a denial of service attack and, rightly, shut down. Hah! Shot in the foot!]
Sunday, after a router and DSL modem reboot, no go. While we could iChat via text all we wanted, every time we tried to A/V chat with someone, she got a black screen and we got ‘user not responding’ saying that our user name (that is, MINE) wasn’t replying to an invite I sent out.
At this point, it was a matter of honor.
Monday, when I’m not working, I research and determine a few, important, things. Firstly, it’s probably my router. Since I can iSight Ipstenit’s computer behind our firewall, it can’t be that iSight or iChat aren’t working. It only breaks when we’re trying to go outside our router’s firewall, ergo, the problem is there.
I made a list of what I needed to check:
1) Is our router supported by Mac for iChat? (No, but the 4-port BEFSR41 is, and we have the BEFSR81, so we should be okay.)
2) Is our router up to date with firmware? (Yes.)
3) Is the router set up properly? (Uh …)
I spent most of my time on the last one there. See, I don’t know what my router really should have. I know that I can access the internet, so I think it’s working. I’m showing my non-geeky side here, I’m aware of that.
In Googling around, I found a forum entry by Jim Glidewell, describing something similar to my problem. He said that it was because his router didn’t forward the information to his computer. In essence, the router’s a giant switch board (now played by Lily Tomlin), connecting iChat/Ipstenu to my computer. Only the switch board lady was having problems.
Possible solutions on the Router:
1a) Disable “Block WAN Requests” (this will … permit the outside world to make requests)
1b) Enable NAT (Network Address Translation: the software switch board)
2) Put my computer in the DMZ (i.e. outside the firewall)
3) Forward all iChat AV requests, based on port numbers, to my computer (this is what Jim did, it has drawbacks)
Step 1 worked! Sort of. I got a new error (at which point, Geeky/Arty Laura laughed with me). Computer troubleshooters know that a new error means you’ve done something, hopefully right. The new one was ‘Not enough bandwidth.’ Well, I’m on DSL and a quick speed check showed that I had enough. Obviously I still had work to do.
Instead of going to step 2, I went and gave myself a static IP address. Normally I use DHCP (Dynamic Host Configuration Protocol), which essentially assigns your computer an IP address on it’s own. This is set in two places: the router and your computer. Most people use DHCP because it’s enabled on routers and it’s easy. You plug in your computer, you set it up, and you go. Bam. The main reason for using a static IP is that with DHCP, you can get a new IP address every day. I didn’t want that.
After I did that, I went and checked to make sure everything else I use my computer for worked. Internet, email, ftp. That was all fine, so I moved on to step 2, the DMZ. That didn’t help at all, and was scrapped quickly.
Step three was complicated. Apple has a help doc about Using iChat AV with a firewall or NAT router, but I’d never set up ports on my router before, so I was very confused. I read it a couple times, and then went back to Jim Glidewell, re-read what he did, and then tried port forwarding.
The basic premise is that when iChat says ‘AV!’ to my router, the router says ‘Ipstenu!’ every time. Following Jim’s example (forward all inbound UDP traffic for port 5060 AND ports 16384 through 16403 to my computer directly), I got iChat AV to work! But. Ipstenit couldn’t use iChat at all.
This was a problem.
Mac lists the following ports as the ones it uses for iChat: 5060, 5190, 5220, 5222, 5298, 5353, 5678, and 16384 through 16403.
It seemed like an awful lot, and frankly, in typical Mac style, they don’t explain enough for me to understand what’s going on.
See, AV doesn’t actually use all those ports! iChat is, to break it down into the simplest explanation, two applications. iChat for IM and iChat for AV. I knew the former was working just fine behind the firewall, and no doubt some of those ports were for the IM part. After finding some examples for Port Forwarding, I realized that port 5060 was for the iChat IM. I turned that off, and Ipstenit could chat again, and I could still AV chat.
Halfway there. I knew that since port 5060 AND ports 16384 through 16403 worked for other people, and that 5060 was IM only, I probably only needed ports 16384 through 16403 open (actually, I had it through 16834, but whatever). Linksys doesn’t know from Mac, so I disregarded their helpline at all, and went to some people with more reputable help. Like D-Link.
iChat uses the following ports:
• 5060 (UDP)
• 5190 (TCP) File Sharing
• 16384-16403 (UDP) To video conference with other clients
Jesus fuck! That’s what I wanted to know! What were the ports and what did they do! And look, it’s simple and easy to understand. I don’t care about file sharing (well, maybe I do, I’ll have to think about it). That does mean that I don’t know what ports 5220, 5222, 5298, 5353, and 5678 do, but I’m okay with that for now as well.
Now, D-Link has directions to do what Jim did, directly point all iChat AV traffic to one computer, but as Jim pointed out (and I agreed with), that sucks donkey balls if you have more than one computer. That’s where port triggering comes in.
First and foremost I must admit that I did not have a clue what it did, only that it looked familiar to something I’d read about how you have to tell your computer that port 5060 means 5060. It was only today, when I looked it up, that I fully began to understand what I did.
Port Forwarding is telling your router that all communications on a specific port get sent to a specific IP address, i.e. your computer. Port Triggering is a way to dynamically forward ports to the IP address that needs them at that time. In the explanation I read, they said that an example of this was IRC when it needs an IDENT reply from you. That kicked off another memory of something I read about this same problem with IRC/ICQ.
Ironically, the final piece of the puzzle came from the Linksys bastards themselves, who told someone who told the MaCnn boards in 2002:
Setting up port triggering
a) Determine which ports your program is using.
b) Go to http://192.168.1.1, and input the password for the router
c) Go to the “Advanced” tab -> “Forwarding”
d) Click on “Port Triggering”
Input an application name that is easy to remember, and then put the “Trigger Port Range”
Now put in the “Incoming Port range”
Note – If unsure, make the “Incoming Port Range” the same as the “Trigger Port Range”
e) Click “Apply” and “Continue”
So I turned off my forwarding, went in and set up triggering for ports 16384-16403 and then I Tested my iSight with Another Person. And I must say here, I love the people who set up that sort of thing just for testing! After I tested successfully, we swapped the camera to the other computer and tried again. Bingo.
Further research on ports, thanks to Seifried (which is out of date):
• 5220 – unknown
• 5222 – Jabber Client
Jabber is an IM client, upon which iChat seems to be partly based, and I should probably open it up even though I don’t know anyone on Jabber. On second read, it looks like it only needs outgoing permissions for 5222 and 5223 (SSL) for Jabber. I’m using AIM as my ID and that should be okay. The only reason I might want to switch to Jabber is to import all my Yahoo! friends… Oh, wait, no, we all use Skype or AIM. Except Cousin Dan. Hmm. It would lack the AV aspect but still.
• 5298 – unknown
• 5353 – Multicast DNS
Multicast DNS is used by Bonjour (formerly Rendezvous) for internal Zero Configuration Networking. Zeroconf means you don’t have to know jack to set up a home network, and I’m not sure why you’d need to have this open externally. Right now, Ipstenit and I just set it up so we can send each other files without me having to remote control or connect to her computer.
• 5678 (UDP) – Remote Replication Agent Connection (this seems to be for SynCE, which lets a Windows CE device talk to your Mac, and no, I don’t know why Apple thinks you need it opened)
So after all this, why use iSight? Simple: the video quality is amazing. Yahoo’s is piss poor with tiny screens and frame rates, AIM doesn’t have a client for Mac anymore except iSight, and Skype, which I love, doesn’t have vSkype for Mac yet, the bastards. Maybe Apple will incorporate Skype into iChat.
I have to test file sharing, though personally I’m tempted to just set up FTP for JMG on my server so he can upload it to that and more people can share it. Then again, to say ‘Just right click on my name, chose ‘send file’ and then send me the intro.’ seems remarkably easy and simple. I’ll probably unlock it and test it tonight, along with Jabber. Just in case.
All told, the problem is (yet again) that Mac is pitching to the lowest common denominator, and doesn’t provide a more technical explanation for those of us who would do better with more nerdy info. I keep running into this problem with Mac and the Apple store and the answer is, simply, I’m smarter than they can provide help for.
While they’ve been very successful with their Mac Geniuses, what Mac really needs is a MUG. Mac Users Groups. Support the nerds who love your shit, and help them on nerd level issues. The Genius bar? Fuck, I do that for my Mother In Law (here’s how you block people from seeing you on AOL) and my Dad (here’s how you set up PPoE) and my brother (… well, no, he knows what to do) and everyone else I know with a Mac. I am the go-to girl and I know what I’m doing.
So how about that job, Apple?