MSBS
inicio mail me! sindicaci;ón

How to get “Back to my Mac” without .mac. Or Leopard.

mac guy“Back to my mac”is one of those Leopard features that sounds damn cool; I’ve got an always on, broadband connection on my iMac at home, and it does sound compelling to grab random projects, or music, or whatever from any other mac connected to the internet. Almost worth paying the $99 a year for .mac- until I realized it only takes about 5 minutes and a slight knowledge of how your networking gear works to do it for free.

If you’ve opened up ports in your router to get optimum speeds on Bit Torrent transfers, you can do this fairly easily.

Step 1: Get your house in order
DHCP is great, but if you’ve got multiple devices on your network, it’s to your advantage to go manually set each one up. Especially if you want to do anything more advanced than web browsing and email- you cant map ports if you don’t have an address to point to. It’s a mild hassle, but do it once and forget about it.

I use the standard 10.0.1.X convention, with my main base station being 10.0.1.1, subsequent repeating base stations counting up, and my mac is 10.0.1.24, with subsequent computers counting down. Any random DHCP devices that hop on, such as iPhones and such just grab something randomly, and thats ok as they tend to not require portforwarding. The important thing is that the computers that do stuff that requires things from the outside finding them- like torrents or file serving- have some internally assigned address you can map to.

Step 2: Establish a permanent, easy to remember address to your network
No one wants to remember IP addresses, and besides, most of us have broadband connections with dynamic IP addresses on our routers that can change. We need something that’s easy to remember, and will work even if our router grabs a new IP address address from our service provider every week, day, 4 hours, whatever.

The solution? DynDns. Free for personal use, this service allows one to create an easy to remember address, such as robrob.dyndns.org that will point back to your home network; There is a small utility available for various platform that checks your IP address at set intervals (such as every 5 minutes). While there is a mac utility available, I have a Windows PC that I use to run torrents and other tasks, so I installed my client there to keep my Mac tidy. Many main stream routers have DynDns (or similar offerings) built right into them as well. Regardless, it doenst matter where the DynDNS updater service resides on your network, as long as it’s there somewhere and telling the master server what your networks public IP address is.

Step 3: Direct Traffic
So now you’ve got a nice clean internal network with IP addresses you assigned, and an external facing domain that is synced up to your routers public facing IP address. At this point, you simply need to go into your router and define some traffic directing rules. I may want to mount my mac harddrive in the finder of a remote mac, or connect to my windows PC with MS’s nice new Remote Desktop Connection for mac beta. Or get to the torrent box through a web browser. Even though these are three different machines on my private internal network, we can tell our router to send each specific type of request to the correct machine, even though they are all asking for robrob.dyndns.org. This is thanks to a misunderstood but wonderful tool called port mapping (or forwarding).

The specifics may vary slightly from router to router, but the gist is roughly the same (i use Apple Airport gear). You type in a public port (this will vary for each service; a list of apple’s frequently used ports is here), an internal IP address, and the private port, which i tend to keep the same as the public port.

For instance, to make the Personal File Sharing feature accessible over the internet, I would open port 548 on IP address 10.0.1.24, port 548. (548 is the Apple Filing Protocol (AFP) over TCP, used for AppleShare, Personal File Sharing & Apple File Service) (also, I have assumed you’ve clicked the box to turn sharing on in the sharing settings menu; if you haven’t do that as well :)

Voila. Now you’re good to go.

Step 4: Get “Back to My Mac”
This is the easy part. Grab a mac with an internet connection and hit command-k in the finder to bring up the server connection box. Simply type in your DynDns address (ie: robrob.dyndns.org) and wait a couple seconds while it does it’s magic; you should be presented with a login dialogue, and there you can enter the login info you use to get on your mac when you’re in front of it. If you log in as an administrator, you’ll mount the entire system, otherwise you’ll get your user documents directory. Sweet.

Next Steps: Route more ports.
Now that you know how this simple traffic direction works, go nuts. If you want to control your PC, simply map the MS RDC port (3389) to the PC’s IP address. If you want to print to your mac from anywhere, map the TCP printing port to the mac with the printer sharing enabled, etc… Once you grasp the basics, it’s usually as simply as googling the default port number and mapping it as we talked about.

Notes: Security
I’m not even going to attempt to present myself as any sort of authority on security. Just remember that that using a router and DHCP isolates your internal machines from external threats, and the steps we are taking to open up and map all these ports explicitly nullifies that. Don’t go nuts and open up anymore ports than you have to, don’t enable guest access to anything, and so on. Be careful, and google anything you’re not sure on.

I hope this was somewhat easy to follow. Back to my mac sounds like a great feature, but as I’ve shown, taking a few minutes to understand a couple basic concepts will let you do the same thing without ponying up $99 a year- or waiting until October.

Moey said,

September 28, 2007 @ 8:59 pm

wow! that’s awesome

Ian Page-Echols said,

October 29, 2007 @ 4:09 pm

I have tried to do the same thing but end up getting an error message as my computer recognizes that it’s the same ip address that I am trying to connect to differently.

Hmm, I’m guessing that the extra step of using dynamic domain names is what makes it work. Instead of the same ip address with a port tacked on, it’s a different domain name. Off to try that now.

Thanks, Ian

Ian Page-Echols said,

October 29, 2007 @ 4:43 pm

Hmm, totally didn’t help like I was thinking. Seems obvious now, as you can’t get a domain name attached only to one port.

And the way I was trying is working now anyway.

Nik said,

November 3, 2007 @ 11:33 pm

I came upon this post while looking for some info on “Back to your Mac.” While the methods you’re posting work fine, I think you’re leaving yourself (and your readers) open to some major security risks.

What you’re doing by forwarding those ports is essentially leaving security in the hands of the protocols you’re connecting to. For example, MacOS X client (as opposed to server) does not encrypt AFP (file sharing) connections, so anything you send via that method will be in the clear. Same goes for VNC to connect to your remote Mac’s screen. Windows’ Remote Desktop protocol will (if you tell it to) connect securely. You are also leaving those services open to any would-be hacker to try to guess your password or exploit weaknesses in the protocols you’re making available.

A better (if slightly more difficult) method is to leave a single obscure port open and forwarding to your SSH port, port 22. (Your don’t just forward port 22 through because it’s a well known port to gain remote control of a computer — so forward port 87644 or something else random to 22 and you’ll avoid some common attacks.) Using SSH you can forward other ports and thereby gain file sharing, web browsing, screen sharing, and any other sort of access to your local network.

There’s a few programs out there that make this easy for you, including JellyFiSSH, AlmostVPN, and VPN Tunnel Manager.

Your big advantage here is that you gain flexibility (you don’t have to open a new port each time you want to open up a new service), and you gain security, since SSH is a well tested piece of security software and will provide sufficient security for most home users.

I hope this is helpful. Happy hacking!

Clayj said,

February 7, 2008 @ 5:58 pm

Great steps! Wish I’d found these BEFORE I paid $100 for a year’s subscription to .Mac…

RSS feed for comments on this post · TrackBack URI

Leave a Comment