How to access my time capsule remotely (late soft and hard) use duckdns.org or port forward ?

Test using the actual public IP.

Most people with dynamic IP find it only changes once every 24 hours and perhaps even less.

It is helpful to open setup over WAN in the TC. This is not actually necessary for file access and should be turned off. But to ensure your are actually able to get access remotely to your TC simply open the Airport Utility on the Mac you are using for remote access and use Configure Other.

Try using it with both the actual WAN public IP address and the dyndns value.

If that does not work then access is blocked possibly by ISP at either end.

Do note that a lot of ISP now use CGNAT. This is not accessible remotely.

Read the wiki article.

https://en.wikipedia.org/wiki/Carrier-grade_NAT

Of course that covers only IPv4.. not IPv6 but IPv6 is much more difficult to configure.

I have yet to see a description of how to setup and use IPv6 for remote access.

Remote access will not work if you have a Double NAT condition on the TC.

Your first check would be open up AirPort Utility and click on the icon of the TC.

A smaller window will appear

Look for Status

Do you see Double NAT there?

If you do, your Xfinity "modem" is not really a modem at all. It is a modem/router or gateway device. To clarify, please provide the make and model number of the device that you call your modem.

Hopefully, you have a simple modem. It will have only one Ethernet port, like the example below:

If you have a modem/router or gateway device, things become much more difficult. This type of device will look something like this example

If all is working correctly, your Time Capsule (TC) should have a publicly-reachable WAN-side IP address. That is, something that does not start with 10, 172, or 168. In addition it would also have a default Private (LAN-side) IP address of 10.0.1.1.

When you configure the TC for port mapping, in this case for file service access using the AFP protocol, the setting on the port mapping page should look something like the following:

• Description: Personal File Sharing
• Public UDP Ports: <leave blank>
• Public TCP Ports: 8888
• Private IP Address: 10.0.1.1
• Private UDP Ports: <leave blank>
• Private TCP Ports: 548

To access the TC's internal drive from a remote location, you would use: AFP://<your WAN-side IP address>:8888

Note that:

• Port mapping is only for IPv4. IPv6 does not use NAT or its associated ports.
• The WAN-side IP address will depend on, whether or not, your ISP is providing you with a static (typically comes part of a business-grade Internet service) or a dynamic (most consumer-grade Internet service) IP address. As you can imagine, a dynamic address will change periodically and you would need to know what the new IP address is in order to access the TC remotely. This is where using a DDNS service comes into play.
• This port mapping is only to access the TC's hard drive, not for general access to your local network.

As a test, try using only afp://Time Capsule WAN IP address when you try to connect from a remote location.

For example, if the WAN IP address of the Time Capsule is 123.45.78.90, then you would enter afp://123.45.78.90 when you use the Connect to Server command. when you try to connect the Mac from a remote connection.

Access the setup is purely to test your connectivity from the outside world to the TC.

If it works you know that both ISP .. the one you are connected to in remote location and the home one are allowing packets through.

Having determined that you should be able to access the TC remotely.

You need to use a Mac.. since nothing else supports AFP and that is the only protocol available.

You need to port forward from the TC WAN to LAN side.. as Tesserax has shown.. but again do it with straight port 548 instead of port translation. And then pray a lot. I would also use actual IP not a DNS service.. because the TC is not reliable updating IP. With all of that happening on a good day.. with correct moon quadrant and wind in the NW you will get access. Hopefully!!

Lao_Hsiang wrote:

What is Double NAT, is it good things not to have it ?

Two NAT routers one after the other..

Most people today have a combined modem router.. and if they use another router like Time Capsule behind that it makes it twice as difficult to reach at the very least.

It is a very bad thing.. i.e. a good thing not to have when attempting remote access to the second router.. because NAT blocks internet which is why you use port forwarding.. and if you use two NAT routers it just makes it doubly difficult.

In your case no problems because your modem is a pure simple dumb modem.. no routing.. no NAT.

I can probably help with Method #3, but not with Method #2. The downside to method #3 is that you need a Static Public IP address from your provider.or at least an IP address that does not change very much.

The Public IP address is the first IP address that you see when you open AirPort Utility, click on the TC, then look at the smaller window that appears. The LAN IP address that you see should be 10.0.1.1 unless you have changed the IP address range.

The actual settings that I use are slightly different than the settings in the support document, so while they work for me reliably, I cannot say whether they will work for you.

Post back if you want to proceed.

It shouldn't matter which DNS servers you use. Also if you are using duckdns.org for DDNS (not the same as DNS), they would have provided you with a domain name to use instead of your dynamic WAN-side IP address. You would then use: afp://<your duckdns.org domain name>:8888 to access it from a remote location.