AT&T U-Verse: Configuring for Back To My Mac

Upon switching to AT&T’s U-Verse service, I had a bit of “fun” configuring the 2wire modem.

At the end of it, the Mobile Me Back To My Mac feature didn’t work. That bummed me out; it is an incredibly useful feature.

The problem is that the 2wire modems don’t support either NAT-PMP (NAT Port Mapping Protocol) or UPnP (Universal Plug and Play). A bit surprising.

To fix, the key is to make the 2wire modem as dumb and invisible as possible. Treat it like the incapable box that it is.

You will need a UPnP or NAT-PMP capable router (or a machine that you can configure as a router– Mac OS X’s built in “Internet Sharing” works just fine).

First, configure the router to “share a public IP address”. That is, configure the router to share a single IP to your internal network via DHCP. In particular, DHCP should be set to distribute IP addresses in the 10.0.*.* family (and if you have a dual-band Airport Base Station or Time Capsule, the guest network should be configured for 172.16.*.*).

The router must also obtain its WAN IP address via DHCP. There should be one ethernet cable from your router to the 2wire modem and no other ethernet cables else plugged into the 2wire modem (the U-Verse TV box being the one exception).

Next, go to Firewall – Settings page and configure your router to be the DMZplus host for your network.

This will route all incoming traffic to your router, including all of the Back To My Mac traffic.

I also needed to clear all record of the local network on the Troubleshooting – Resets page of the 2wire modem.

If you need to configure any specific port forwarding, etc, do so on your router, not on the 2wire box. As a matter of fact, I would suggest going through all of the 2wire configuration pages and turning off every single option you can find (save for the default firewall protections– they are a pretty reasonable set of frontline defense against some kinds of DoS and packet spoofing attacks). Certainly, turn off the wireless radio.

I have a machine internal to my LAN that has a fixed IP address, but obtains the router IP and DNS server information from DHCP.

For whatever reason, that machine glommed onto an incorrect DNS IP address and, thus, couldn’t resolve hosts. Easy to fix from the command line. Use sudo networksetup -getdnsservers Ethernet to check to see if there is a rogue DNS server configured. If so, you can use sudo networksetup -setdnsservers Ethernet Empty to get rid of it.

Speaking of DNS, a number of folks have indicated that AT&T’s & 2wire’s DNS configuration is borked. Certainly, they are playing games if http://gateway.2wire.net resolves to your modem’s administration interface.

Reverse DNS is certainly odd and that causes ssh logins to be really slow. Fix that by adding UseDNS no to /etc/sshd_config.

But that has been the only problem I have encountered with DNS so far and, thus, I haven’t tried, say, OpenDNS (frankly– their site scares me a bit… not sure I dig the whole content filtering emphasis. Any suggestions for services would be appreciated.)

Update: I’m not using a 3rd party DNS provider and I don’t recommend it. Many of the contact distribution networks [CDNs] will sometimes, sometimes often, rely on the location of a DNS server to determine the closest server to serve content to you, like streaming media. Using a 3rd party DNS server that is not co-located with your ISP’s point of connection for your service can totally destroy the efficacy of the CDN, rending your streaming performance unusable.



4 Responses to “AT&T U-Verse: Configuring for Back To My Mac”

  1. Andy Boyko says:

    Note that some corporate networks can end up blocking “Back To My Mac” if they don’t distinguish the direction of the traffic on the port (using stateless firewalls). “Back To My Mac” began working for me last week (to my home machines, on Comcast, behind a Time Capsule) after some changes in the network where I work.

  2. Twitter Trackbacks for bbum’s weblog-o-mat » Blog Archive » AT&T U-Verse: Configuring for Back To My Mac [friday.com] on Topsy.com says:

    […] bbum’s weblog-o-mat » Blog Archive » AT&T U-Verse: Configuring for Back To My Mac http://www.friday.com/bbum/2009/08/16/att-u-verse-configuring-for-back-to-my-mac – view page – cached #RSS 2.0 RSS .92 Atom 0.3 bbum's weblog-o-mat » AT&T U-Verse: Configuring for Back To My Mac Comments Feed bbum's weblog-o-mat BBEdit & command line editing BrownBlack Widow Saturday Revisited Furu Sato — From the page […]

  3. Paul M. Lambert says:

    Until today, I had a speakeasy DSL line with five static IPs. Since I used static NAT, BTMM wouldn’t work. I just got a Comcast Business account with 5 static IPs. It also uses static NAT, and so BTMM also doesn’t work.

    Your solution would be great, if I didn’t want my Mac to be reachable by a static IP. That’s what the static NAT is for. But BTMM assumes that a lack of uPNP and NAT-PMP means the host is unreachable, when it’s not.

    Any ideas on how I’d keep all my Macs with their external static IPs, but still have BTMM?

    The only thing I can think of is to use my routable, external IPs on my internal network. But that’d be pretty twitchy to get right!

  4. nick says:

    I have the same situation as you did but I still can’t seem to get everything to work. I have scoured the internets and still have yet to find a solution. It works in my head but no one said I was wired correctly. By chance you could help me out please email me back I would really like someone to talk to who has gone through this same situation.

Leave a Reply

Line and paragraph breaks automatic.
XHTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>