When Mac OS X Leopard’s Back to My Mac feature was first announced, it sounded great: a simple way to securely share screens and exchange files between two Macs over the internet. Sometimes, Back to My Mac really does work as intended: you enable Back to My Mac on the two Macs you want to connect, and you then see one system in the other’s Finder sidebar.

How to set up and use Back To My Mac

But more often, getting the service to function is maddening at best. And in some cases, it won’t work at all – no matter what you try.

Publicly accessible IP address
Part of the problem is that Back to My Mac (BtMM, for short) has four critical requirements, without any one of which it won’t work.

First, BtMM requires that your router have its own publicly reachable IP address – meaning a network address that any computer on the internet can reach. Unfortunately, many internet service providers (ISPs) assign only private addresses. Private addresses are generally unreachable, as if they were behind a firewall. Such addresses can help keep interlopers from easily accessing your computer, but on the flip side they can also block legitimate remote access.

Finding out whether your router’s IP address is publicly reachable can be tricky. If your ISP assigned you an address for your router that must be entered manually, and it doesn’t start with 10, 192, or 174, it’s probably public. If your router’s address is assigned by DHCP, launch AirPort Utility, select your router, click on Manual Setup, and then click on the internet icon to find the address assigned next to IP Address; again, if it doesn’t start with 10, 192, or 174, it’s probably public.

Beyond those two steps, the only reliable way to find out your router’s IP address is to check with your ISP. If you don’t have a publicly reachable IP address, you can request one. Some ISPs provide such addresses for free; others charge for them.

If your computer has its own publicly reachable IP address, your router’s address doesn’t matter, and BtMM should work just fine (assuming you can fulfill the other three requirements).

Automatic port mapping
The second requirement is automatic port mapping. Ports are to an IP address what flat numbers are to a block of flats. Back to My Mac needs to be able to ask your router to open specific ports on your router. The BtMM system on one computer passes those port numbers via MobileMe to any other BtMM system so that any two BtMM-enabled computers using your MobileMe account can communicate with each other.

Automatic port mapping comes in two forms. Network Address Translation-Port Mapping Protocol (NAT-PMP) is found only in Apple AirPort base stations released in 2003 or later. It’s enabled by default. To make sure it’s on, open AirPort Utility (/Applications/Utilities), select your base station, and click on the Manual Setup button at the bottom. Click on the Internet button, and select the NAT tab. Make sure Enable NAT Port Mapping Protocol is checked. If it isn’t, check it and then click on Update.

The other, more widely used form of automatic port mapping is called Universal Plug and Play (UPnP), and Back to My Mac works just fine with it. UPnP is found in nearly all broadband gateways from vendors such as
D-Link, Linksys, and Netgear.

Because of security concerns, UPnP isn’t always turned on out of the box. Enabling it varies from router to router. Typically, you’ll enter an IP address in your browser to connect to the router’s built-in configuration tool and then search for advanced or multimedia options. With nearly all of Linksys’s routers, for instance, you select the Administration tab, choose the Management tab beneath it, and select Enable next to the UPnP label; you then click on Save Settings to restart the router with UPnP turned on.

Unfortunately, many routers – most notably those from 2Wire, which provides broadband modems/routers to several major companies such as BT – don’t support UPnP at all, usually because of telco security concerns.

To find out whether your router supports either NAT-PMP or UPnP automatic port mapping, select the Back to My Mac tab in the MobileMe preference pane. It should tell you whether Leopard can properly get what it needs from your particular router. If you see an error about NAT-PMP or UPnP after turning on Back to My Mac, check your router’s manual.

Leopard and MobileMe
The third requirement for BtMM is Leopard itself; version 10.5.4 or later is best. If you want to connect to or from computers using Tiger, Panther, or even Windows, there are other ways to connect them.

Finally, BtMM requires a MobileMe account. BtMM needs a place to stash information about each computer that you control. MobileMe is that place.

For example, when you sign into MobileMe via its preference pane and have Back to My Mac turned on, Leopard asks the router for those port numbers behind the scenes and then passes that information on to MobileMe.

MobileMe also updates DNS records (the service that turns human-readable domain names into computer-readable numeric IP addresses), allowing each computer logged into the same MobileMe account to access what it needs to connect with any of the others.

You need a full MobileMe account to use Back to My Mac: either an individual account, or an account that’s part of a family pack. The cheaper email-only add-on account won’t work.

If you don’t meet all four of these requirements, Back to My Mac simply isn’t an option for you. When we first started testing BtMM in the autumn of 2007, we were able to use manual port mapping – in which we assigned fixed ports to BtMM – to get BtMM to work. But that didn’t work consistently, Apple doesn’t support it, and we’ve been unable to get it working in a while.

Note that BtMM is asymmetrical: if computer A is connected to a network that meets the Back to My Mac specs, and computer B is not, B can still connect to A; but the reverse is not true.