Aint that special

The internet has become as much a part of OS X as Mail.app. But if your like me, your mac is stuck behind several layers of security. My first layer of “protection” is Comcast. Comcast really does not want you running your own server with their cable system. They effectively block IMAP ports to prevent you from running your mac as a mail server. They have even begun to packet shape BitTorrent traffic. There is little the average user can do about this. This outline is about the other layers of security that prevent you from using VNC, Devonthink Server, Omnifocus server and many other applications that now offer data up over the internet. I’ve tailored it for use with the Airport Extreme base station

The first step is to get a static DNS entry and point it at your router. I use DynDNS. I chose something memorable so I don’t have to look it up all the time. If you can remember the IP address of your router, then you can probably skip this step.

Open up the Airport Utility and select your router. Click the “Manual” button in the lower left corner. The IP address that your provider has assigned to the router should appear at the bottom of the next screen. Write that down.

Now go back to the DynDNS web page and enter your routers IP address as the address that you would like traffic routed to. You’re telling DynDNS to make a readable URL address available and point all traffic to your router. Don’t worry, there are TWO firewalls between the internet and your Mac.

Get a static IP address for your Mac

Your Mac’s IP address can be found in the System Preferences. Open the “Network” preferences and select whatever connection you use to get on the internet. Mine is Ethernet 1. On the TCP/IP lozenge, choose “Using DHCP with manual address” as the method for “Configure IPv4″. Most likely, your router is distributing a series of IP address from 10.0.1.1 to 10.0.1.200. You need to choose an IP address outside this range. I suggest using 10.0.1.201. Type that into the box next to “IP Address”. The “Subnet Mask” and “Router” IP address should already be set. Set the DNS server to your router as shown. We only need the router to do the DNS look-up for us anyway.


Firewalls

The Airport Extreme is your first line of protection. No unsolicited traffic can make it past the router. That is, unless we tell the router to make some openings in the firewall. These are called Port forwarding or Port Mapping. To add port mapping to the Airport, click the “Advanced” button at the top of the Airport Utility window.

Now click the “Port Mapping” lozenge

Click the little plus sign underneath the “Allow:” box. The next pop-up window allows you to either choose a common service to add such as Apple Remote Desktop or Windows Sharing. A really useful port to open is the one used for VNC. This will allow you to control your mac remotely from anywhere on the internet.

To add a VNC port, do not select a service. We are going to create one instead. VNC typically uses port 5901, so type that into all the port boxes shown. Enter your Mac’s IP address as the destination of the ports forwarding. This essentially tells the router to send any traffic it receives on port 5901 directly to your Mac.

So now the router understands what to do with the traffic. You have to tell your Mac what to do with it. I said earlier that there were TWO firewalls. The first is the Airport Extreme. The second is the one built into your Mac. Back to the system preferences and open the “Sharing” preferences. Click the “Firewall” lozenge. If you have never done so, turn on your Mac’s firewall and then flog yourself for not maintaining your personal security. Never do that again!

Now click the “New” button to open up a new connection through the Macs firewall. From the pull down menu, select “Other” and enter 5901 as the port number to allow through.

Now the world can access port 5901 on your Mac. That’s kind of scary. You can always go into either Airport Utility or the Mac Firewall and turn off the port again without deleting all the work you did. The same technique can be used to open up BitTorrent or Telekinesis ports. There are several online tools that will tell you if the ports have been successfully unblocked.

Technorati Tags: Apple, Mac, OSX, Security, Tip, Trick, Web

If I had any doubt that technology was not living up to my expectations, I’m a believer now. I just installed iPhone Remote on my Mac Pro and all I can say is WOW! My iPhone can control my Mac over the Edge network.

iPhone Remote is brought to us by the good people at Google (code named Telekinesis). Maybe they got tired of waiting for the gPhone and decided to make the iPhone the device dreams are made of. The server software is a quick install. It’s a lot like a VNC server. It runs in the background and receives requests from some port that it is told to listen to. The server software then directs traffic to its own applications. Here is a quick run-down of what you can do remotely from your iPhone.

You can take a picture with your Mac’s video camera and receive it right on your iPhone (only one frame, not a video stream). Any file on your Mac at home can be accessed from your iPhone. How about taking a screenshot of your Mac’s desktop? Yup, you can do that. You want to do a Spotlight search for a file? No probelmo. I’ll illustrate a quick tour of the application below. The screen shots are taken from Safari running on my Mac Pro (since there is no way to take a decent picture of the iPhone interface). But you have to trust me, this looks great on the iPhone.

This first picture is of the iPhone Remote software running on my Mac. It’s very simple to use. Just open up the ports in your firewall and start the server. I like to have the “applications” open in a new window on the iPhone just for ease of use.

This is the main application view on the iPhone. Just tap one of the buttons. That background image is automatically pulled from the Mac running the iPhone Remote server. That’s my desktop.

This is the list of applications on my Mac. Did you forget to fire-up your BitTorrent client this morning? No problem. Just turn it on from your iPhone.

You can just as easily access your files. Click through directories and open up that PDF file right from your phone. I found a strange twist, that I don’t think was intended but could have very interesting consequences. When I clicked on a Subethaedit document that contained an HTML snippet, my Mac opened the document in Subethaedit (talk about remote control!) and my iPhone presented me with a rendered webpage, rather than the snippet of code. I don’t know which surprised me more, windows just poping open on my mac, or the iPhone rendering the HTML code. This opens up a very easy way to make your own web applications without having a web server. I’m not sure this method would support cgi though.

And if you don’t remember where that file is, just use the iPhone Remote’s Spotlight function. Here is a Spotlight search for the word “Perl”

A feature that has a lot of potential, is streaming media from your Mac at home to your iPhone. The server software can stream audio or video directly. You gotta have a remote to control that music, right? One is included.

While the Edge service may never be fast enough to allow for true Remote Desktop, there is a work around. You can actually select and then trigger Applescripts from your iPhone. This has potential to allow you to FTP upload to servers, start Backup software, or even secure a stolen computer.

Finally, for all those Leet Mac users, there is actually a Terminal application. Finally, we can run our cron jobs while we’re on the road.

The service works through a secure shttp connection, so you don’t need to worry too much about the data being transmitted. It’s all encrypted. However, it’s a little scary to think that if some nefarious person gets your user name and password, they can have complete snooping privileges. I like a suggestion I found on the Telekinesis Wiki which is to setup some Mail.app Applescript triggers. Send an email with the Subject “iPhone Remote On” and voila, your Mac starts up the server. Send another email to turn it off. It’s really just one more layer of security. You could even have the script look for a particular password in the body of the message before running.

iPhone Remote is a wonderful application. Apple may someday provide an SDK for the iPhone, but until then, a little creativity and elbow grease will carry the device a long way.

Technorati Tags: Apple, iPhone, Mac, Programming, Review, Security, Software, Tip, Trick, Web