[Editor’s note: Since this article was published, Glenn Fleishman has written two interrelated books about Back to My Mac use and troubleshooting, and Screen Sharing in Leopard. The ebooks are $10 each and $15 for both of them. You can read excerpts and purchase the books for immediate download.]
TheCodingMonkeys has released the free, open-source Port Map application to make it easy for users and developers alike to control a router’s capability to open up access for particular programs from the outside world. Most home network routers use network address translation (NAT) to connect private network addresses – IP addresses that are non-routable or unreachable from outside the local network – with a single routable IP address assigned to the router. Unfortunately, this method means that individual computers can’t offer up their own services, like a Web server, or accept incoming connections for games or other Internet-spanning programs, like TheCodingMonkeys’ collaborative editing package SubEthaEdit.
But NAT isn’t a brick wall, even though it’s often called a passive firewall. Most NAT-capable routers also include one of two standard methods of allowing software running on a computer with a private address to ask the router to open up a limited form of incoming access. Automatic port mapping protocols on the router open one or more ports – a kind of numbered slot that can be attached to an IP address – and hand the port number or numbers back to the requesting software. As long as the router itself has a publicly routable IP address that can be reached via the Internet, port-mapped applications can now be reached as well.
Static, manual port mapping, called either “port mapping” or “port forwarding,” lets you set a persistent port that you choose to map to a given computer and service on the local network. In contrast, automatic port mapping usually picks an arbitrary internal port that can change whenever the router is restarted or when you disable and re-enable the service you’re mapping.
All Apple Wi-Fi gear starting in 2003 includes a version of an Internet standard developed by Apple called NAT-PMP (Network Address Translation-Port Mapping Protocol). Most other Wi-Fi and broadband gateways use a more full-featured but balky technology known as UPnP (Universal Plug and Play). Port Map supports both NAT-PMP and UPnP.
To use Port Map, you need to figure out which ports are used by the program you want to expose to the Internet. This can be simple in some cases. For instance, Web servers almost always use port 80, although they can be configured to use another port. Port Map includes presets for a few programs and services; the list could be more fully populated. You may need to consult the user’s manual or online help to find the port or ports needed for your purposes.
You can use Port Map to request a particular public port on the router, although the router doesn’t have to honor that request, and only one service can use a given public port at a time. If you’re running a Web server that’s designed to be widely reachable, you want its public port to be 80, because that’s the port used implicitly by every Web browser. (It is possible to include a port number in a URL explicitly by adding a colon and the number, such as http://www.example.com:1633/.)
The related problem with automatic port mapping is that if you don’t use a well-known public port for a given service, you need to publicize the port. Back to My Mac uses NAT-PMP and UPnP, and it uses .Mac to pass information about what ports were assigned among your various Back to My Mac-enabled computers. With Port Map, you need to distribute that information. After setting up a port mapping, you can select it, and Port Map displays a URL that you’ve defined or that’s drawn from the preset information that you then give to others or use yourself to access the service remotely.
In practical use, Port Map would work as follows: I want to use SubEthaEdit with a friend. I launch SubEthaEdit and Port Map. I select the SubEthaEdit entry that I’ve already created and set it to On, or I create a new entry if one doesn’t exist. Port Map generates a URL, and I convey that to my friend via iChat, email, or phone. My friend then uses the URL to connect to my copy of SubEthaEdit.
Two alternatives to Port Map are available on the market. Codelaide Software’s Lighthouse ($12.99, 14-day demo) is similar to Port Map, but with a much greater set of features, including a long list of presets and the capability to import and export profiles. The company also regularly updates presets that can be downloaded into the software.
Bains Software’s ShareTool ($20, 15-minute-at-a-time demo mode) is a way to tunnel Bonjour discovery and resource access using automatic port mapping to enable the secure connection of two systems running their software. Since parts of Mac OS X (like file sharing and screen sharing) and many individual applications use Bonjour to advertise their availability, an encrypted tunnel for Bonjour traffic effectively extends your local network. This lets you stream music from a shared iTunes library outside your local network, for instance.
Port Map is clearly just a sketch of what can be done, and TheCodingMonkeys have released their code to encourage developers to incorporate more NAT sense into their Internet-enabled programs.