it’s because the Mikrotik is not configured as a “full cone” router. The iChat Connection Doctor identifies the Mikrotik as “Port Restricted,” and according to the descriptions of the different NAT styles in that document, that seems accurate. Apparently, to get iChat video to work, I need to relax the tight stateful firewall security, at least for the ports that iChat uses (and hopefully only for those ports if I can manage it) to allow anyone on the net to ship data at those open ports.
What changes do I need to make to my firewall filter rules to achieve this?
Port forwarding enables only one device on the LAN to use iChat AV. Certainly there must be a way to enable this access for multiple LAN devices, a la the “port triggering” feature found in much less capable SOHO routers.
This was a good idea. UPnP was unset. Unfortunately, setting it does not alter iChat’s insistence that the router is “port restricted.” Even turning off all firewall rules results in the same diagnosis. I wish I understood how to tell the MikroTik to do whatever it is that my old SOHO router did automatically.