The Back to My Mac feature requires a .Mac account to function. The .Mac service is the central point for authentication (previously providing identity), and for connecting resources located in different places on the Internet.
This connection is responsible for linking several pieces, and it is worth seeing each of them separately:
Bonjour. Bonjour allows services on a computer or device to be advertised over the network so that they can be discovered by other computers. Printers, web servers and a whole host of protocols can be discovered over the local network using Bonjour. However, Bonjour only works over local networks; being blocked by gateways, such as the AirPort Extreme base station, which connects different networks such as the Internet connection of your local computers.
Port mapping. Most WiFi and broadband routers support a protocol called Network Address Translation (NAT). In part NAT was created to address the IP address shortage resulting from the current IP allocation system, known as IPv4. (IPv6 addresses this shortage, but implementation is extremely slow due to the vast amount of infrastructure that must be changed.)
NAT uses private IP address ranges that can be used on local networks. And these private ranges (starting with 192.168.0.0 and 10.0.0.0, for example) are guaranteed not to be used on the public Internet.
NAT gateways generally work with DHCP (Dynamic Host Configuration Protocol). A DHCP server at the gateway is in charge of providing an address from the private range, and NAT handles the requests that originate from the private range to the wide network, usually the Internet.
NAT uses ports to handle requests. Ports are a fundamental building block in the Internet. While IP addresses are responsible for unequivocally identifying a computer or server on the Internet, ports define the services available on these addresses. Think of a building, which has a unique portal number that is responsible for defining its absolute position, and the numbers of the different dwellings within said building, which would allow us to unequivocally find the different “hosted” offices by said building.
Common services such as the Web server, the Apple Filing Protocol (AFP), and FTP are associated with ports that are used throughout the network to handle incoming connections, such as requesting a web page. . Outgoing requests originate on randomly selected port numbers, as they are only important for creating the association.
For example, port 80 is the one used by default for all web servers. If I try to load Macworld.com, which has the IP address 184.108.40.206, from my browser, my computer first sends the request to the gateway, which my computer knows is the next step to reach the Internet. It may send a request for the address 220.127.116.11 port 80 from my computer at 192.168.1.100 port 11283. The NAT gateway receives the request, creates a note of the port that I used to send the request, and opens the connection to the web server of Macworld over its own harbor. When the connection returns to that port managed by NAT, the NAT gateway is responsible for passing the traffic to my computer on the private network.
These dynamically created NAT ports do not allow for persistent connections, which is necessary to reach a computer from outside the private network. This is where the NAT-PMP (Port Mapping Protocol) and UPnP (Universal Plug and Play) protocols come into play. NAT-PMP is a protocol developed by Apple and open to the industry; while UPnP is already used more widely today, although with some limitations. Back to My Mac works with both standards.
Both NAT-PMP and UPnP allow a program on a computer that is on a private network to maintain an open connection with the outside world in a persistent way. The gateway creates a fixed port for said program and allows the program to know which port is used. This in turn makes it possible to establish an external connection to said port so that the computer with the private address can be reached.
Where you can run into problems, within this scenario, is that Internet service providers tend to use NAT as well, either incorporated into the modems they provide or at a higher level of the network. In some cases you may be behind three levels of NAT, and that may be impenetrable for the current iteration of Back to My Mac.
You have Bonjour enabled, a static port that can be addressed, but how does Back to My Mac know which port to use? Let’s see how.
Wide area bonjour. Bonjour is designed to work over local networks, correct? But Wide Area Bonjour works over, well, wide area networks. Get it done by registering information in a DNS server (domain name system). DNS servers are used to provide a human-readable way of referring to IP addresses, linking names like www.macworld.es with your underlying IP address. They also report related information about the domain. Properly prepared DNS servers can work with wide-area Bonjour records, and AirPort Extreme Base Stations can interact with those servers to update those records.
Apple has told me that there is still little support between DNS hosts and ISPs (in fact they have not been able to give me the name of one that supports it) and therefore Apple has activated this support in a limited way on .Mac. The .Mac service manages the DNS for Back to My Mac, creating a temporary domain name for your computer and allowing you to manage Bonjour wide area records.
Let’s take a deep breath to tackle the last piece of the puzzle.
Dynamic DNS. Because ISPs often provide IP addresses that persist for only short periods of time (also called dynamic IP addresses), dynamic DNS (DDNS) emerges as a way to notify a DNS host that an IP address has changed. without having to manually modify the DNS record.
DDNS software is available for Mac, Windows, and other platforms, and essentially simply monitors your network to warn of any changes to the IP network. When this happens, it is responsible for updating the record on the DNS server. This allows mapping a static name against a dynamic address.
Apple uses DDNS with Back to My Mac to create a private host name that is not exposed, but can be used for each Mac that has the Back to My Mac feature enabled in Leopard. The DDNS record contains all the wide area Bonjur information.
And it’s that simple.