If you want to enable Personal File Sharing, Windows Sharing, Personal Web Sharing, or FTP Access, here is what you need to know to make these services accessible to users the other side of your NAT router...
What are sharing services?
Personal File Sharing: Allows other Mac users to access the Public folder on your computer (if they sign on as a Guest) at afp://192.168.1.10/ (for example) or browse for the name of your computer by choosing Network from the Go menu in the Finder. Uses the Apple File Protocol, which Apple describes as the "the richest protocol for Macintosh file services", on ports 548 and 427. Note that if the user knows your Mac OS X user name and administrator password, they could log on and see all your files with same same privileges as yourself.
Windows Sharing: Allows Windows users to access your Mac at \\192.168.1.10\yourhome (for example). Uses the Server Message Block/ Common Internet File System or SMB/ CIFS protocol on port 139. Note that this service does not need to be turned on in order for you to connect to Windows shares by browsing Network in Panther's Finder (SMB connections to a Windows machine can allow you to share e.g. a PC floppy drive, printer etc. To connect you a Windows SMB share from Mac OS Connect to server menu, use the syntax smb://workgroup;server/share. Fro example:
smb://mshome;192.168.1.10/mydocumentsPersonal Web Sharing: Allows Mac or Windows users to view your computer?s Web site at e.g. http://192.168.1.10 or your personal Web site at e.g. http://192.168.1.10/~yourhome/. Uses Hypertext Transfer Protocol or HTTP on ports 80 and 427 and Mac OS X's built-in Apache Web server.
FTP Access: Allows Mac or Windows users to access your home directory at e.g. ftp://guestuser:guest@192.168.1.10/ (substituting the correct user name and password plus IP or domain address) or, if they use a Mac, to browse the home directory by choosing Network from the Go menu in the Finder. Uses FTP on ports 20 and 21. May be slower than AFP for Mac users?
All these types of sharing (plus other sharing options) can be activated/ deactivated from the System Preferences Sharing preference pane.
On NAT routers
If you use a NAT router, such as the popular DrayTek range, then you have at least two IP addresses to manage.
Most Internet Service Providers (ISPs) will give you a dynamic IP address which is your IP address as used in the world outside of your router. In practice, if you have an always-on ADSL Internet connection, and you never switch of your router, this "real world" IP address is not likely to change unless there is a technical failure with your service. You can check your real IP address by clicking here.
If you configure the computers on your home LAN to have a static IP address, rather than to receive a dynamic IP address from your router's built-in DHCP server, then you can make a persisting link between the IP address of a computer on your LAN and the one used by the router on the Internet.
Why? NAT, or Network Address Translation, lets you share one IP address among several computers using a single Internet access point. But each computer on the LAN needs it's own unique IP address in order to communicate with each other and with the router itself. The NAT router acts to redirect network traffic between these local IP addresses and the global IP address assigned by your ISP. This works fine for most things, like letting users at each computer browse the Web. But it causes problems when someone from outside of your local network wants to communicate with a user at a specific computer on your LAN using a specific application (such as iChat AV) or service (like file sharing). Such communication activities take place using certain numbered ports, a type of address that lets a client program talk to a server program. The problem, though, is how does the outside user know which computer on your LAN is the one with its ports "open" and ready for communicating?
Configuring the port re-direction table
This is where the port re-direction table comes in. If you give an outside user your real IP address (e.g. 82.128.155.80), then you can re-direct communication on a specific port to a specific computer on your LAN (e.g. 192.168.1.10 on port 548 and 427 for AFP file sharing services). Your table will look something like this:
del.icio.us,
Digg,
StumbleUpon
Translate this page: DE | ES | FR
Follow tag feeds: Mac, nat, network, osx, router.
Buy for yourself on Amazon.com or Amazon.co.uk, leave a "tip"
Thanks, just what i needed when i needed it!
This still doesn't help me know how to redirect a local smb address on a mac.
If I use smb://198....etc it only works in my office, i want to redirect it to send to my house too.
But if I try to connect to server it won't let me. so is there a way to redirect smb protocol so that it won't just work locally at my office but also work at home too?
Hi Michelle. Escaping from the LAN? Not something I've tried. I'm not clear whether you're trying to connect Mac to Mac (in which case AFP may be better) or Mac to PC, or what kind of servers you have available. I'm also no networking expert ;-)
It would seem it is possible to mount SMB shares over a VPN, but apparently getting it working can be problematic. You may need extra software. It might be easiest to consult your IT people (if you have them), or employ a networking specialist to sort things out. None of this stuff is as easy as it should be!