Manual port-forwarding to Time Capsule behind firewall (NVG589)
A happy new year to all. I'm writing seeking help with my computer setup in a well-connected home. In short, here is what I want to do: I want to get access to my latest-gen Time Capsule (wireless AC) from outside my house, so that I can read or write files on the 2TB HD on my time capsule, using the Back to My Mac feature in the Time Capsule (with my Apple ID). I have no interest in sharing screens or anything else, just in the data on the drive.
Now, my current setup, which otherwise works like a charm.
- ATT Uverse's Motorola NVG589 is the incoming modem/gateway/firewall for my entire house (using their 'Power' service, the fastest): it is possible via various tricks and hacks to put the NVG589 into 'near-bridge mode' or to root the modem via and exploit and through it into full bridge mode (which the Motorola NVG589 is capable of, but ATT does not expose that functionality [imagine the tech calls!]). I'm resisting the temptation to do so, because I don't want to the run the risk of messing up service to our house, and a call to ATT tech support. If it ain't broke, don't fix it.
- The Motorola NVG589 has its DHCP service on and doles out IP addresses to everything else in the network (thankfully it also has a hidden mDNS system, too, allowing me Bonjour functionality inside my whole house). The Time Capsule, however, has a static-IP that I've assigned, and I also have a DHCP reservation for the Time Capsule in the NVG589's DHCP table.
- One crucial thing is that the Motorola NVG589 does not expose UPnP or NAT-PMP to the user, which means that I'll have to do the work manually to allow externally-originating traffic to pass through the Motorola NVG589 to the Time Capsule.
- Apple's latest Time Capsule 2TB unit, in bridge mode, so that its IP address is the one given it by the Motorola NVG589 (192.168.1.x, not the usual 10.0.0.x that the TC would give out were it the router). No double-NAT, in other words. The Time Capsule is solely a wireless access point and a passive shared disk (and my target for Time Machine on my Mac).
- Nothing else on my home network needs to be accessed from the outside world, no gaming, no servers, no Back to My Mac for any individual Mac computer (we have four).
So what I'm looking for is help knowing what holes to poke into the NVG589's firewall to direct to my time capsule. I've searched through many docs here on Apple's support site, and the number of potential ports I could open is dizzying. Security concerns require that I open the necessary ports, and no more.
I'd be grateful for any help.
Time Capsule (AC) 2TB-OTHER, OS X Mavericks (10.9.1)