Accessing Home AirPort Networks From Remote October 27th, 2000
Good day, everyone! This week presented me with a question that I believe deserves a column of it's own. It's something I'm asked quite a bit, and figured I would go into detail about how all this works. If you have a question or comment of your own, feel free to e-mail me or visit the forums. Enjoy!
Phil Pearson writes, "Dave -- I've just set up AppleShare IP on my 20th Anniversary Mac and was wondering if there was a way of being able to tap in via TCP/IP with AppleShare from "remote" locations for ftp and print services. My Internet connection is through Earthlink, which is dialed-up from my Airport Base Station. Is this possible?"
The simple answer is "Yes, you can." There are, however, a few hurdles we need to address.
The first of these is that your 20th Anniversary Mac is "hidden" behind your Airport Base Station (which is really just an intelligent router that passes requests between 3 different interfaces - Airport, the built-in modem, and Ethernet). Your Airport Base Station dial's up your ISP and is given just one IP address. It then uses something called "IP Masquerading" to share that single IP address with all of your computers. With IP Masquerading, your Airport Base Station assigns "dummy" IP addresses in the 10.0.1.x range to all of your machines, and then intelligently routes the traffic in and out so that the right computer gets the right stuff back, but the outside world only sees the one IP address for your whole network. These "dummy" addresses are not reachable from the outside world, except specially through the Airport Base Station. For example, if someone at your G4 goes and loads up http://www.macobserver.com/, the G4 is really asking the Airport Base Station to go and get that page for it. The G4 doesn't realize this, because it thinks it has a static IP address in the 10.0.1.x range. However, since the Airport Base Station is the next "hop" away, the G4 just passes this request to that router, assuming it will know what to do with it. When the Airport Base Station receives that request from the G4, it translates it to show that it originated from the "real" IP address that was assigned by your dial-up provider (Earthlink). That way the rest of the Internet knows where it's coming from and, more importantly, how to get the requested data BACK to you. So the request goes out and the Web site responds and sends the requested data back to your Airport Base Station. The Airport Base Station sees this data and checks it's internal logs to see which machine on your network requested it. It figures this out, translates the data BACK to reflect the IP address of your G4 internally, and sends the data on its way. The G4 never realizes this, and thinks it's connected directly to the Internet. The Web site also never realizes this, thinking all along that it was just your Airport Base Station looking for the requested data. However, if the data passed through the Airport Base Station without being translated, the request would go unanswered because the rest of the Internet would have no idea as to where this request came from (the 10.0.1.x range isn't mapped to your Airport Base Station from the "outside world", in fact it's not mapped to anyone, because it's reserved for "dummy" networks such as this).
So, there's no way to assign a fixed IP address behind your Airport Base Station when all it's getting is one dynamically assigned address from your dial-up ISP. There are some ways to get around this, though. The first would be to talk to your dial-up ISP and see if they'll assign you multiple, static addresses via your connection. With cable and DSL being widespread these days, most dial-up ISPs will steer you that route if you want this type of service, since it's easier to provide static addresses over a fixed link than it is over dial-up. Still, it's possible, but it will probably cost you an arm and a leg if they'll do it at all.
The other way around this is to do what I do with my network at home. Let your ISP dynamically assign you an IP address as they're currently doing, and let your Airport Base Station do everything as described above. Then you'll need to add some services to do two things. One, you'll need to find a way to let people know your IP address every time it changes (since it changes every time you dial-up). Two, you'll need to tell your Airport Base Station to send requests from the outside world for AppleShare IP over to your 20th Anniversary Mac.
For the first problem, I recommend a solution like DynIP. Their service will, for something like US$35/year (with 30 day free trial!), let you have "myownhomenetwork.dynip.com" dynamically mapped to your home IP. To do this you download a little client application that you can run on any of your machines at home (you only need to run it on one, since you only get one "real" IP address). The client application goes and tells the DynIP servers what your IP address is when you dial-up, and their servers map the domain name you've chosen to that IP instantly! There are other services like this, but I've been quite happy with DynIP.
For the second problem of routing requests to the proper machine, the Airport Admin Utility has a button in the "Network" tab for Port Mapping. In there, you can tell it to map a certain port to a certain machine. For AppleShare IP, I believe the correct one is port 548. Map this to the IP Address listed in the TCP/IP Control Panel on your 20th Anniversary Mac, and every time your Airport Base Station receives a request on this port, it will just pass it along (with its magic translation, of course) to your 20th Anniv. Mac, and you'll be good to go!
I've been doing this for about a year-and-a-half here with my cable modem setup (with one IP address), and it works great!
If you have comments or questions about this or anything else (computer-related, preferably!), please either e-mail me at firstname.lastname@example.org, or discuss it in the forums!
P.S. Have a Nice Day.
is President and CEO of The Mac Observer, Inc. He has worked in the computer industry as a consultant, trainer, network engineer, webmaster, and a programmer for most of the last 10 years. During that time he has worked on the Mac, all the various Windows flavors, Be, a few brands of Unix, and it is rumored he once saw an OS/2 machine in action. Before that he ran some of the earliest Bulletin Board systems, but most of the charges have since been dropped, and not even the FBI requests that he check in more than twice a year.
Ask Dave is here to answer all the Mac questions you have. Networking, system conflicts, hardware, you ask it, he can answer it. He is the person from whom all Mac knowledge flows....