3 Replies Latest reply: Oct 12, 2012 10:55 AM by BobHarris
Adambr Level 1 Level 1 (5 points)

This is a very weird problem.


My home ISP is Xplornet. This is a rural "fixed wireless" set-up (antenna on the roof connected to the Xplornet modem). The Xplornet modem is connected to a Belkin router. The router connects wirelessly to my laptop.


The remote server (the office server) is connected to an Apple airport. The ISP is Bell, and we have a static IP.


Before we moved, I was with Rogers (cable Internet service). While with Rogers, I could connect remotely to my office server using the AFP protocol.


Now, here's the weird problem: Now that I am with Xplornet, I can connect to my server remotely from any location EXCEPT my house. I can go to a Starbucks and connect to my server. I can go on vacation in the U.S. and use the local WiFi to connect to my server. But I CANNOT connect from my house to the remote server.


I have spoken to Xplornet and they say it's an Apple problem (which is what every non-Apple tech always seems to say). Or, perhaps, they say, it's the local dealer (Sentel Communications).


Sentel says I need to pay for a static IP for my home (Huh?). Why would I need to pay for a static IP at home just so I can connect OUT to a remote server?


Is this somehow related to the Belkin router not letting me "out"?


Any thoughts and advice would be greatly appreciated.

PowerBook G4 (15-inch Double Layer SD), Mac OS X (10.4.11), Yes, my system is old.
  • 1. Re: Can access a remote server from all locations except from my house
    BobHarris Level 6 Level 6 (13,120 points)

    You are correct and they do not know what they are talking about.


    An out-bound connection does NOT need a Fixed IP address.


    And it is unlikely an "Apple Problem".


    However, it is possble your service blocks some known ports to keep the traffic on their wireless network to a minimum.  I'm just guessing, so it could be something else.


    I would start with can you "Ping" your work server's IP address?


    Applications -> Utilities -> Network Utility -> Ping


    That would tell you if you can even see your server from you home.


    You might try a port scan of ports 548 (AFP file sharing) and 5900 (Screen Sharing)


    Applications -> Utilities -> Network Utility -> Port Scan


    If you can see port 548, you should be able to do file sharing.


    If you can see Port 5900, you should be able to do screen sharing. (assumes you have  System Preferences -> Sharing -> Screen Sharing enabled.


    Finder -> Go -> Connect to server -> afp://your.work.fixed.address

    Finder -> Go -> Connect to server -> vnc://your.work.fixed.address


    If you cannot see your work Mac, you could try TeamViewer.com (free for personal use).  At least as a way to verify you can there there via some method.


    Another possibility is using Hamachi (free for personal use from LogMeIn.com).  Hamachi will create a Virtual Private Network (VPN) between your systems so that no one will actually know what ports you are talking to on your work server.

  • 2. Re: Can access a remote server from all locations except from my house
    Adambr Level 1 Level 1 (5 points)

    Thanks for responding, Bob.


    Below is the result of my Ping attempt, and port scans. I scanned 548, and 5003, which I use for FileMaker (which works fine from home), I don't use screen sharing. (I can confirm that both 548 and 5003 are open on Airport on the host machine.)


    So, from my home (remote) location, here's what I get (IP: 74.xx.xxx.xx):




    --- 74.xx.xxx.xx ping statistics ---


    10 packets transmitted, 10 packets received, 0% packet loss

    round-trip min/avg/max/stddev = 57.126/91.371/185.774/45.549 ms



    Scan of port 5003

    Port Scan has started ...


    Port Scanning host: 74.xx.xxx.xx


               Open TCP Port:           5003                    fmpro-internal

    Port Scan has completed ...



    Scan of port 548

    Port Scan has started ...


    Port Scanning host: 74.xx.xxx.xx


    Port Scan has completed ...



    So, 5003 is OK, 548 is not. I have to conclude this is related to my home ISP in some way?


    Unfortunately, the host server is running 10.3 (don't ask), which is not supported by Logmein. (I do use Logmein for a Windows machine on the same network, and I can connect to one area of the server via the PC, but not to the part I need, which might be the subject of a future thread.)


    Regardless, being able to connect to my work server remotely from every location EXCEPT from my home is infuriating.


    I just saw this thread about an ISP that has blocked port 548, although I always assumed the ports had to be open on the host side, but maybe not? (I have to confess, I do find the port stuff confusing.)


    If my home ISP blocks 548, then I guess that would prevent me from remotely accessing the server from home?


    If that is the case, is port 548 the only AFP option?

  • 3. Re: Can access a remote server from all locations except from my house
    BobHarris Level 6 Level 6 (13,120 points)

    If that is the case, is port 548 the only AFP option?

    This is a long shot, but you could try the 'traceroute' command from an Applications -> Utilities -> Terminal session


    traceroute -p 548 your.work.fixed.address


    In theory this should tell you where along the path to your work Mac port 548 was blocked.  It is a theory because I do not have a blocked port to test against.


    Besides we already know you cannot get there from here vai port 548, so now can you get there via an alternate means.


    One approach is using an ssh tunnel.  There are free GUI utilities that will up an ssh tunnel that you can then run file sharing over.


    This assumes that your ISP does not block port 22 (ssh port) and you enable System Preferences -> Sharing -> Remote Login on your work Mac.  That will enable port 22 (ssh port).


    If you were setting up an ssh tunnel from a Terminal session it would look something like:


    ssh -L 54822:localhost:548 username@your.work.fixed.address

    password: xxxxxxxxxx<return>


    where you will not see your passworded echoed, just type it blindly and then <return>


    Once the tunnel is established, you use Finder -> Go -> Connect to Server -> vnc://your.work.fixed.address:54822


    The choice of 54822 is arbatrary, but should not be a port commonly used by some other service you need locally.


    Like I said there are free ssh GUI tunnel setup tools you can use to establish this tunnel.  Try searching for 'ssh' or 'tunnel' over at <http://macupdate.com>


    There is an advantage to using an ssh tunnel, in that your connection will be encrypted and everything you send/receive will be encrypted across the internet.