Categories
Linux

iChat AV through Linux NAT

This assumes the following conditions:
* the Linux gateway is forwards all outgoing traffic after rewriting the source address as the external IP (i.e NAT)
* the incoming policy is to drop all packets unless they’re related to an existing connection.
* Both clients are running iChat AV (comes with Mac OSX Tiger)
* Both clients have AIM accounts.
To allow an external user to contact someone on the internal network, simply add the following rules to the Linux gateway.
/sbin/iptables -A INPUT -p udp -m udp –dport 16384:16403 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp –dport 5060 -j ACCEPT
Once this is done, you should be able to make and receive audio and video calls with iChat AV. I’ve not tested it with multiple clients on the internal network talking to multiple clients externally, but it works for one-to-one chats.
I also have the ip_conntrack kernel module loaded, this might make a difference as well.