Subscribe
OS X Leopard Tip #15
On of the nice new features of OS X Leopard is “Back To My Mac” which allows for remote access to your remote Mac while you are on the road. This can be a great convenience, but it usually requires having and paying for a .Mac account.
Well .Mac surely offers a nice package that in my opinion is worth the cost as it offers email, web space, remote storage, and syncing across your machines. If you don’t have an account or don’t need the other features and only want the “Back To My Mac” you can easily “spin” your own version. Leopard even makes it easier than Tiger did as it has built-in screen sharing. First a little background so you will understand more. Don’t let the long instruction scare you, it really is not that hard.
Problem One
The first problem you must overcome to accomplish remote access without a .Mac account is dynamic IP addressing. Most ISPs, your broadband provider, do not provide a “static” IP address. This is like your “phone number” for you computer on the Internet.
This IP address needs to be a reachable public IP address, not an internal IP address you may be aware of from your home router’s Dynamic Host Configuration Protocol (DHCP) Server which usually look like 192.168.1.100 or 10.10.10.11. These are internal, non-routable IP addresses. Most routers made for home use from D-Link, Linksys, Apple, Actiontec, etc have a build-in DHCP server that hands out “internal” IP addresses and run Network Address Translation (NAT). Basically, the router secures your home network by running NAT, it protects your computers on the inside from the “public” IP address on the “outside” that your broadband provider assigns. In order to connect to your Mac remotely you need to get to your machine from this “public” IP address.
What makes this situation problematic is most broadband providers as I explain above do not provide a “static” public IP address. What they provide is a “dynamic” public IP address, that is an address that can change from time to time as the IP addresses they use is “pooled” among their customers. Although, these dynamic IP addresses do not change often in most cases, they can change and in this case you will not “find” your remote Mac. Think of a person’s phone number, that constantly changes. How would you call them?
Well in the case of the changing phone number, you could call 411 directory assistance and ask for the current phone number for who you wanted to reach. Well for finding your remote Mac with a “dynamic” IP address has a similar solution using DynDNS’ free Dynamic DNS service.
Dynamic DNS (DDNS) allows you to create a hostname (a URL) that points to your dynamic IP (or even static IP address). Dynamic DNS provides an update mechanism which makes tracks your “dynamic” IP address and allows the URL they give you a means to always reach your home network. It runs a small server on your Mac (or PC) and the “lightweight” server app informs the Dynamic DNS servers what your current “public” IP address is. When it changes, Dynamic DNS knows almost instantly.
Problem Two
With the dynamic, or changing “public IP address problem solved with Dynamic DNS service, we need to move onto the next problem, your router. Most home networks employ a router that performs Network Address Translation (NAT), and blocks requests from the outside world. You will need to configure your router to allow the requests for remote desktop or screen sharing to “connect” to the appropriate Mac that you will want to control.
This is not as hard as it sounds. But it does differ a bit among the different routers that you may come across. Basically, a good way to proceed is to choose a “static” or “manual” internal IP address for the Mac you will want to control and then open the correct “ports” on the routers to forward to the manual IP address you picked for the machine you want to control. This is called Port Forwarding.
Ports are like “channels” that can carry certain protocols that computers understand. Computers usually look for these protocols on specific ports. You will need to open up the correct “ports” in this case for Remote Desktop. These are known ports and you will need to forward them to the correct machine that you want to control.
The Process
The steps you need to perform to get remote control screen sharing working is summarized here:
- Open a free DynDNS account
- Setup Dynamic DNS service by installing the software
- Manually set up an “internal” IP address for the Mac you want to control (outside the DHCP range your router is set for)
- Set port forwarding on your router for remote access for the manual IP address you selected
- Enable screen sharing on the remote Mac
- Test your setup
Here’s how:
DynDNS – Go to DynDNS and create a new account. Then under the Services menu go to Dynamic DNS section. Under the “Get Started” you need to Add New Hostname. Here you will pick a free domain that will “resolve” to your “dynamic” IP address that is provided by your broadband provider once you install the software.
You will find many URLs to choice from. You will add the first section and pick the second section from the list. Pick one that you find easy to remember. You should end up with a hostname the looks something like this “home.webhop.net.”
Next is is time to install the software provided by DynDNS. You will find the Update Client software here. Download and install the Mac OS X version or the Windows version if you want to run it on a Windows machine. You only need to run this Update Client on ONE computer in your home network. The machine you run this on needs to remain on, so it is a pretty good idea to install the Update Client on the machine you want to access remotely.
What this software does is identify your “public” IP address assigned by your broadband provider and send it to the DynDNS Dynamic DNS servers. If your “dynamic” IP address changes, the newly assigned “public” IP address is then sent. This way the hostname (URL) you have chosen will always resolve to the correct IP address allowing you to connect to your remote Mac.
DynDNS also has a “how-to” for their Dynamic DNS service in four easy steps here.
Configure Your Mac on the Network – You will need to make sure Port Forwarding is set up to allow the request for remote access is forwarded to your Mac on the inside of your network.
One easy way to accomplish this is to set the Mac you want to control to a manual “internal” IP address outside of the range of IP addresses being set up automatically by your routers built-in DHCP server and setting port forwarding up to this manual IP address.
Example: Say your router is configured to start using 192.168.1.100 for up to 50 addresses (typical for many routers), set the IP manually at 192.168.1.200 on the Mac you want to control as this is well outside the range of DHCP the router is serving out.
On OS X – Go to Apple menu -> System Preferences -> Network -> Ethernet or Airport depending on how you connect to the router. Write down the settings the IP Address, Subnet Mask, Router (Gateway), DNS, and Search Domains (if there are any) that DHCP has given to your Mac.
Now create a new location by clicking on the Location drop down, selecting “Edit Locations.”
Click on the “+” button. Name the Location whatever you like and click on the “Done” button.
Click on the “Configure” drop down menu and select “Manual.”
Once you have set up the location to Manual you will need to fill in the information.
Fill in the IP Address, Subnet Mask, Router (Gateway), DNS, and Search Domains (if there are any). Example below.
Now click on “Apply” on the bottom right. Check to make sure if you can browse the Internet with Safari. If you can you should be setup OK. If not, some setting is wrong like IP Address, Subnet Mask, Router (Gateway), or DNS. Check to make sure you have them correct.
Now you must allow your Mac to share its screen. Go to the Sharing section of System Preferences to enable this. The picture below is from a Mac running Leopard. For Tiger see OS X Tip #70: Remote Control Your Mac.
Note: If you are planning on using Apple Remote Desktop you probably would want to turn on the “Remote Management” service instead. This allows more features and controls access per user.
Next you can set a VNC password if you like. It is a good idea. Just click on the “Computer Settings” button, click “VNC” and add a password.
Now your Mac should be ready to share its screen. Test this with another Leopard powered Mac on your “local network.” You should see this Mac show up in the left column in any Finder Windows under Shared.
Just highlight your Mac and “Share Screen” button. This is good local test. Now we need to set up your network to do this remotely.
Configure Your Router for Port Forwarding – You may need specific instructions to set up your router for Port Forwarding. Check with the manufacturers documentation.
Usually you will need to configure your router from a web browser by typing in the router’s address which sometimes is 192.168.1.1 or 192.168.0.1 or 10.0.1.1 depending what the manufacturer (or you) set it for. You will need to know the router’s username and password. In some cases it may be defaulted to:
username: admin
password: “blank”
username: admin
password: admin
username: admin
password: password
or
username: admin
password: “password1
Check with the manufacturers documentation if these do not work. Usually there is a method to “reset” the router to factory defaults if someone has set the username and password and you can not access the router.
Note: In the case of Apple’s Airport Routers you will be setting this up using your Mac and Apple’s software, not the browser. Check Apple’s documentation for the procedure.
What you need to to do is set the following ports to “Port Forward” to the manual IP address you set your Mac for.
TCP 5900 & 5988
UDP 5900 & 3283
Once you have done this step you should be able to reach and remote control your Mac from most any broadband connection.
To connect to your Mac remotely from any Leopard powered Mac, just select “Connect to Server…” from the Finder’s Go menu.
In the text box and enter vnc://XXX.XXX.XXX.XXX replacing the Xs with the correct IP address of the computer or your DynDNS hostname (URL). Example vnc://home.webhop.net, Again do not forget the vnc://
Clicking on the “+” button will save this your IP address or hostname to “Favorite Servers” so you do not to type it next time.
Now click the Connect button.
You should be presented a logon asking for permission, (same as described above for a local connection).
Enter the username and password for the remote machine.
You should now be able to see the remote computer and control it remotely. Now reward yourself.
If you need to get to your remote Mac from a Mac running Tiger or earlier you can use Chicken of the VNC which is a free download.
There are also free choices for Windows such as RealVNC.
Some helpful sites:
