iChat audio/video chat and file transfer behind NAT

Update 2006-03-10: It seems that the testing servers for natcheck at MIT have been shut down, so natcheck does not work any more. I have added a few more links to the post.

Pretty much all chat applications inherently have trouble stting up a direct connection when both participants are behind a NAT router. Such a direct connection is needed for audio/video chat and file transfer. iChat is one of the apps having notorious problems…

When the router providing NAT has “consistent port translation”, everything should be fine. However, especially some Netgear wireless routers seem to have trouble with this feature.

Use the NatCheck tool available from the following URL to check your router:

If your router does not have consistent port translation, then the only hope is to have the router communicate with iChat via uPnP (universal plug’n play). This way, iChat can tell the router how to forward incoming packets.

For some Netgear routers, tweaking the following settings on the router was successful:

  • switch the SPI firewall off (not sure if this is really needed, though)
  • switch uPnP on

If you have a firewall running on your Mac, you should include the following in your ipfw rules:

# allow uPnP traffic behind NAT
add 2040 allow ip from 1900 to any in via any
add 2040 allow ip from to any 5000-5001 in via any

Apple has a mildly helpful KB article:

Others have also written about this:

For an in-depth technical discussion of all the issues that can occur with NAT tunneling see

See also:

