# Back to my Mac



## Whitehill (Jan 13, 2009)

I'm trying to turn on "Back to My Mac" in the mobileme system preference.  It says it's ON with the following warning:
Back to My Mac isn't working properly because you may have more than one device on your network providing Network Address Translation (NAT).  Try disabling NAT on one of those devices.​My Linksys router IS providing NAT.  Is there an easy way to locate other providers?


----------



## ElDiabloConCaca (Jan 13, 2009)

Are you using a cable modem?  If so, then your cable "block" for your neighborhood/block/street is also doing NAT (cable is a "shared" line service, with many customers being serviced by one "pipe").

You also may need to forward a couple of ports on your router to your Mac that you wish to access, outlined at the bottom of this article:

http://support.apple.com/kb/HT2084


----------



## Whitehill (Jan 14, 2009)

I have DSL with a Linksys router behind the modem.  And I already forward ports for IMAP, HTTP, SSH and IRC.


----------



## ElDiabloConCaca (Jan 14, 2009)

The article mentions forwarding ports 443 (TCP) and 4500 (UDP)... neither of those are used for IMAP (typically port 143), HTTP (typically port 80 or 8080), SSH (typically port 22) and IRC (typically ports 6660 - 6669).

Looks like you need to forward more ports, specifically, port 443 TCP and 4500 UDP.


----------



## Whitehill (Jan 14, 2009)

ElDiabloConCaca said:


> Looks like you need to forward more ports, specifically, port 443 TCP and 4500 UDP.


I have.  No change.


----------



## ElDiabloConCaca (Jan 14, 2009)

What happens if you put your computer in the router's DMZ temporarily?  That way, ALL ports will be open.  If it works this way, then it's a simple matter of finding which ports to forward.

Also, what kind of modem are you using?  Is it a router/modem combo, or just a modem?


----------



## Whitehill (Jan 14, 2009)

ElDiabloConCaca said:


> What happens if you put your computer in the router's DMZ temporarily?  That way, ALL ports will be open.  If it works this way, then it's a simple matter of finding which ports to forward.


I would contemplate that as a last resort.  This machine is providing my network with a few services.

I now have two Macs on my local network signed up for BTMM and both tell me I have more than one NAT server.  That's the problem I don't know how to address.



ElDiabloConCaca said:


> Also, what kind of modem are you using?  Is it a router/modem combo, or just a modem?


The modem is a separate box - Westell 6100.


----------



## ElDiabloConCaca (Jan 14, 2009)

Ah... is that machine acting as either a DNS or DHCP server?


----------



## Whitehill (Jan 14, 2009)

Yes, it's running a DNS server.


----------



## ElDiabloConCaca (Jan 14, 2009)

That may be the issue there -- I assume you've got your router doing DHCP for the network, and that computer doing DNS for the other computers on the network.  It's possible that with DHCP comes DNS services on the router, and therefore you'd have two DNS servers on your network.

Actually, it may be complaining about the fact that your ISP does DNS, and you've also got a DNS server running on your computer -- thereby having the "double NAT" error message.


----------



## Whitehill (Jan 14, 2009)

ElDiabloConCaca said:


> I assume you've got your router doing DHCP for the network, and that computer doing DNS for the other computers on the network.


Exactly.



> It's possible that with DHCP comes DNS services on the router, and therefore you'd have two DNS servers on your network.


Hmmm.  About a month ago my grandson complained that his laptop wouldn't connect to the internet.  It's a school item and I don't have an admin password.  It got an IP address via DHCP from the router and the router's address for DNS services.  When I added a couple of external servers to the router, the laptop started working.  This was well before I tried BTMM.



> Actually, it may be complaining about the fact that your ISP does DNS, and you've also got a DNS server running on your computer -- thereby having the "double NAT" error message.


Same question.  How can I tell?


----------



## ElDiabloConCaca (Jan 14, 2009)

Picked this up from another forum... run this command in Terminal, and post back the results:

```
dns-sd -X udp 123 456 789
```

On mine, it returns one IP address (my external IP).  If it returns more than one on your end, I'm led to believe that you're double-NATted.

Just for reference, this is what it returns on my system, which is not double-NATted:

```
Timestamp     if   External Address     Protocol        Internal Port   External Port   TTL   
15:45:01.353  6    69.153.72.111        16              123             456             3600
```

Here's the thread I stole that from:
http://discussions.apple.com/thread.jspa?threadID=1480978&tstart=41


----------



## Whitehill (Jan 15, 2009)

Whoa!  Scroll to the right to see what it says.

```
$ dns-sd -X udp 123 456 789
Timestamp     if   External Address     Protocol        Internal Port   External Port   TTL   
 5:25:50.220  4    192.168.1.47         16              123             456             3600   Double NAT
^C            # I killed a hang.
```
What's that IP address?  I use 10.0.101.*  Looking at Linksys router ...

Ah ha!  This is the "Internet IP Address" of the router.  Now what?


----------



## Whitehill (Jan 15, 2009)

Here's an image of the setup page of my router.


----------



## ElDiabloConCaca (Jan 15, 2009)

That ain't no internet IP Address -- that's an internal IP address (all 192.168.x.x IPs are "internal" IP addresses -- used only behind routers, etc.).  I see you've got that set up as the "internet" address on your Linksys, but that Linksys must be getting that IP address from another router, correct?

That's where the "double NAT" comes in.  You've got a router connected to a router.  Or, in your case, one of the following:

1) A router connected to a computer that is acting as a router
2) A computer acting as a router connected to a router


----------



## Satcomer (Jan 15, 2009)

Whitehill said:


> Here's an image of the setup page of my router.



HaHa. Did you allow the open ports for "Back to Mac" listed on the page "Well Known" TCP and UDP ports used by Apple software products?


----------



## Whitehill (Jan 15, 2009)

Yes, I opened 443 and 4500.

ElDiablo, that's the configuration Verizon gave me almost a year ago and it's worked very well, except for this BTMM issue.


----------



## ElDiabloConCaca (Jan 15, 2009)

I'm thinking that you may need to do "double-forwarding" for those two BTMM ports... forward them on the router to the DNS computer, then forward them again from the DNS computer to whatever computer you want to run BTMM with.

That would solve the incoming traffic for BTMM -- meaning the traffic could reach the computer inside your crazy network setup, but traffic going out may be a little confusing, and may possibly not make it to the "outside" world since you're double-NATted.


----------



## Whitehill (Jan 15, 2009)

It may be "crazy" but it's pretty much unchanged, except for the numbers, for 3.5 years, with 3 satellite services and now Verizon DSL.  I added an internal DNS server (via DNSenabler) so that machines on my LAN can refer to each other by name.  Also I use DynDNS to serve this setup from the outside.  Mostly I just need to SSH back here when I'm traveling.

I am open to any and all suggestions for a less crazy setup.


----------



## ElDiabloConCaca (Jan 15, 2009)

Strange that you need dedicated DNS services to refer to machines by name... my network looks like this:

DSL modem ---> wireless router ---> various computers

...and I can refer to each computer by name to connect to them.  They're a mix of Windows computers, Mac computers and Linux computers -- none of which run any DNS servers.  I can access the Windows computers by name via SMB from both the Mac and Linux machines, and I can access the Mac computers via SMB/FTP/SFTP/SSH from the Linux and Windows machines by name.  I am also using DynDNS for outside access (SSH, VPN, FTP, SFTP, RDC) and have the proper ports forwarded on my router (which also handles the updating of the DynDNS servers -- go D-Link!).  This setup is not double-NATted.

Have you tried setting up your network similar to mine?  Just a modem to a router, and all computers accessing the router (either via wired or wireless connections)?


----------



## Whitehill (Jan 15, 2009)

ElDiabloConCaca said:


> Have you tried setting up your network similar to mine?


No.  Let me give a brief history.  In the late 90s my LAN was created for me - a few machines behind a Cisco router talking to a T1.  The "master" machine was a Sun workstation running Solaris and configured using "flat" files - /etc/hosts, /etc/resolv.conf, ...  There was nothing dynamic about it, not even DHCP.  That's the origin of all my sysadmin knowledge, such as it is.

In 2005, my employer disappeared and took the T1 and the Sun.  I got Wildblue and used a Mac for the "master", configuring things the only way I knew how.  It worked but was kind of clunky, especially as new (to me) technology came along - Bonjour for example.  When I learned of DNSenabler, I jumped on it, since it managed a lot of the details in one GUI.

Except for a few minor details, that's where I am now.  So, here's the first of perhaps many dumb questions.  If I configure my LAN like yours, how does machine ABC know how to talk to XYZ on my internal network?  That is, without my manual labor in assigning static internal addresses in my DNS server.


----------



## Whitehill (Jan 16, 2009)

ElDiabloConCaca said:


> Have you tried setting up your network similar to mine?  Just a modem to a router, and all computers accessing the router (either via wired or wireless connections)?



How do you configure a typical machine on your LAN?  If it receives everything by DHCP, what do you insert in your router regarding port forwarding?  Say for SSH.

You said you use DynDNS.  Do you use the free service or the "custom" service for a fee.  If the latter, what have you added, if anything, to the standard configuration?


----------



## ElDiabloConCaca (Jan 16, 2009)

I use "static dynamic IP" -- my router lets me reserve IPs in the DHCP range for machines that connect with a certain MAC address, so they always have the same internal IP.

Of course, I could just turn off DHCP on the router altogether and go the static route.

I use the free DynDNS service.


----------



## Whitehill (Jan 17, 2009)

I tried an experiment that failed.  I reconfigured one Mac to use static IP and keyed in all the values manually, remembering to click APPLY.  For DNS I entered the internal IP of the router.  On the router I disabled DHCP and rebooted.  Basic connectivity was OK - surfing, etc.

When I turned on BTMM, I get the same double-NAT message.


----------



## Whitehill (Jan 17, 2009)

Same result when I told it to use the router's external address for DNS.  Recall that Verizon (Fairpoint) gave me 192.168.1.47 for the router's external address.  Does this imply that the multiple NAT situation is their network structure?


----------



## dmoranda (Feb 5, 2010)

Were you able to fix this issue?  I am running into the same exact problem with my modem and time capsule.  Any help would be much appreciated.

Thanks,
Dustin


----------



## Whitehill (Feb 17, 2010)

No, I haven't solved it.  Last Fall I "bridged" my modem, eliminating the software layer at my DSL provider.  That eliminated the double-NAT and solved a few other minor issues.  I haven't revisited BTMM due to lack of time.  By the way, LogMeIn works fine.


----------

