Leopard and Back To My Mac tunnels

Back To My Mac seemed like a neat feature when Steve demoed it back at WWDC 07, but very little attention seems to have been paid to it since.

Remote NAT traversal for screen sharing and AFP is cool and all, but the most useful part is hardly mentioned anywhere: Back To My Mac can automatically establish on-the-fly tunnels to any machine with Back To My Mac enabled. You can just ssh foobar.joebloggs.members.mac.com, or curl something directly from the web server, or whatever. So long as you can make outgoing connections, it should work around any routers, firewalls, and other wrinkles in the network topology.

The catch is that it only works over IPv6. sshd on OS X has IPv6 enabled by default, as does Apache, but a lot of other stuff doesn’t.

I haven’t figured out how it works yet. It’s definitely not a straight IPv6 tunnel—the source IP of any connection is a private address (which kinda seems to defeat the purpose of using IPv6 in the first place). Any info or pointers appreciated.

Update: In the comments, JH points out that it’s not a private address, but an RFC 4193 unique local address.

This entry was posted on Thursday, December 4th, 2008 at 5:30 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.