In Mac OS X 10.5.3, Apple to its Back to My Mac remote access service. Back to My Mac requires one of two kinds of automated port mapping technologies to punch through typical home routers that create private networks typically unreachable from the rest of the Internet.
Often, Back to My Mac doesn't work when activated - via the Back to My Mac view in the .Mac system preference pane - and previously had no way of offering diagnostics. You had to feel around somewhat blindly, like the allegorical visually impaired men and the elephant, trying to describe a problem through virtual protuberances.
The new feedback messages appear below the status line that notes whether Back to My Mac is turned on or off. Apple lists three warning notices and one failure notice that can now appear. If everything is working properly, a green dot appears; if the network is inactive and .Mac can't be reached, a red dot appears; the troubleshooting messages appear alongside a yellow dot.
The three troubleshooting messages address three extremely common cases that otherwise could require a lot of sleuthing to sort out.
NAT-PMP or UPnP Is Not Enabled -- These two port-mapping technologies allow a computer on a local network attached to a router to request public Internet ports from the router on its wide-area network port connected to the Internet. Back to My Mac uses this information to publish DNS records via .Mac that provide a roadmap for other Back to My Mac-enabled computers you control to find each other. (See " ," 2007-11-17, and " ," 2008-04-16, for more background on automatic port mapping.)
Apple says that without one of these two protocols active on your router, you can't make the Mac you're examining remotely reachable, but if the Mac has a publicly routable IP address or if you use manual port mapping to expose its Back to My Mac ports, then it can be accessed from another computer.
Double NAT Configurations -- The dreaded double NAT occurs when you or your ISP nests two private networks, one within the other. Some ISPs use network address translation (NAT) to prevent their users from running servers and as one component in a security plan to keep outsiders from reaching into their subscribers' networks. If you attach a router to a broadband modem from an ISP that uses NAT, the computers on the router's local network are double NATed, and Back to My Mac can't punch through two layers.
This can also happen if you are casual about your networking configuration and extend a network by plugging a cable from the WAN (wide area network) port of one router into a LAN (local area network) port of another. You can avoid that problem by setting the router plugged into another router to bridge mode. (With any Apple Wi-Fi gear, launch AirPort Utility, select your router, click Manual Setup, click the Internet pane, and choose Off (Bridge Mode) from the Connection Sharing pop-up menu.)
.Mac Cannot Be Reached -- This third troubleshooting message appears when there's a live Internet connection, but Back to My Mac cannot contact the .Mac service in the way it needs to in order to set up Back to My Mac. Apple suggests two causes: a firewall (perhaps in a corporate setting) that blocks outbound queries to port 5354, and a DNS proxy (a rare thing for typical users) that blocks certain queries needed to make Back to My Mac function.
These troubleshooting messages should go a long way towards helping users with a starting point for making Back to My Mac work. In fact, it should reduce frustration because the first two troubleshooting messages described by Apple sometimes can't be overcome - and it's better to know when you can't do something (and might need to switch ISPs to solve the problem) than to pound your head against a wall.
If you'll excuse me, I need to go and revise my in-progress book, "," which was nearing its final production phase. Apple's updates in 10.5.3 allow me to remove several pages of troubleshooting information that Mac OS X can now summarize for you. (The book should be out in a couple of weeks, along with a companion volume, " .")