I have a Time Capsule 2TB from 2014 and it is set as my primary router. I would like to remotly access my media on the tc.
Here is the problem, my ISP has bloked port 548 in there intere network, so i cannot connect to the tc from another wifi.
Is it possible for the tc to use another port, like 21 ftp, so i can access remotly ? Is there another way ?
Br
Time Capsule 2TB 2014-OTHER, 7.7.3
You must use 548 as the TC does not provide FTP access.. but you do not have to use 548 externally.. you simply port translate to the TC.
ie from outside you can use 6548 and port forward that to 548 in the TC.
On the other end you will need to force the connection to a different port.
ie when you mount the disk in finder..
AFP://publicIPaddress:6548
As LaPastenague mentions, 548 is an "internal" or "private" port setting on your local network, which is shielded from your Internet connection, so your ISP will not "see" this setting on your local network.
I have not ever had any issues accessing the Time Capsule from anywhere on the Internet using the settings below.....which were recommended by another forum expert, Tesserax.
You can enable the Back to My Mac functionality for the Time Capsule via the base station tab of airport utility. Back to My Mac uses Kerberos and IPSec - and does not use port 548.
Hey guys
Thank you for all the help and good information, really appreciate it.
I'am still having some problems getting this to work though.
When i want to "connect to server" I type:
"external ip address + port" = afp://188.183.154.190:8888 (fake ip)
Current settings in the network tap:
Network->port settings->
What am i doing wrong ?
The example that I provided shows a setup where the Time Capsule is the main router for the network.
The screenshot that you posted indicates that you must have another router there....and the Time Capsule is a separate device on the network. If that is the case, then port mapping must be set up on the "main" router.....not on the Time Capsule, since the Time Capsule must be in Bridge Mode.
If the Time Capsule is also your main router, the Private IP Address for the Time Capsule must the same as its LAN address, which would be 10.0.1.1.
It would help if we knew the following:
What is the make and model number of your modem?
What is the make and model number of the device (your "main" router) that is connected directly to your modem?
Of course.
My home setup:
1. I have a Netgear GC3000 modem/router:
http://www.netgear.dk/service-providers/products/cable/gateways/cg3000-cg3100.as px#tab-techspecs
2. I have deactivated the router-function and set the GC3000 into brigdemode.
3. From the GC3000 there is an ethernetcable to the Time Capsule. The Time Capsule is set to do DHCP and NAT.
I have changed to port settings to:
I have a Netgear GC3000 modem/router:
Then it is the Netgear modem/router that must be setup for port forwarding......not the Time Capsule.
The Time Capsule needs to be in Bridge Mode, so it can pick up the network settings from the Netgear modem/router. There are no port configuration settings for the Time Capsule in Bridge Mode, since port forwarding will be handled by the Netgear modem router.
I think with our new marvellous layout bob might have missed that you have turned off NAT in the CG3000.
So the TC must be your only router and it should have the public IP on the WAN interface. As long as that is the case then you should have no problem accessing the disk on the TC on port 548.. as long as you correctly port translate.. remembering you MUST have equal access from both ends. ie if you are testing from a WAN connection that has a private IP then port 6548 must be open all the way through and back again.. on whatever port is chosen. Two way comms means both ends must be full open to allow connections.. so it is difficult to test.
Use my email if you want someone to test your settings.. I am happy to give it a go..
Out of curiosity - I tested remotely accessing my time capsule via AFP - using both port 548 and 6548 (forwarded to 548 internally on the Time Capsule). Both methods worked fine. I tested from the neighbor's network (NAT with private IP and no ports open/forwarded on their router). My ISP is not blocking 548 - but they do block 139 (SMB). It is not necessary to open the ports on the remote gateway for this to work - it is only necessary to open ports 548 (or 6548) on the home router. In the case of an ISP blocking 548 - then port forward TCP 6548 on the WAN side to 548 on the LAN side.
From what I am reading - I am not seeing that AFP is secure - only the login credentials are encrypted - all other data goes plain text across the line. The general consensus seems to indicate that exposing any file system via AFP/SMB/NFS, etc. on the internet is a bad practice and inviting potential problems. My advice for the OP is to get the port forwarding working so that the issue can be considered resolved - and then close port 548/6548 and use a more secure method of remote file access. Granted - it sounds like the OP's Time Capsule only contains media files and not sensitive data - thus the exposure is probably minimal - however - how long before it is forgotten that the TC drive is exposed to the internet and sensitive data is inadvertently placed on the time capsule. At a very minimum the TC needs to be secured using both a user id and password (vs the default of just a device password). The OP should consider getting a new router that supports a VPN endpoint (much more common and affordable these days) - or at least consider using Back to My Mac - which still employs AFP - but runs the AFP connection through an IPSEC tunnel (somebody please correct me if I am wrong about this). I tested both an AFP share via port 548 (file sharing) and via Back to My Mac. To my surprise the performance was about the same - as I was expecting the Back to My Mac connection to be much slower.
~Scott
VPN makes very good sense now and as you say routers with vpn are not that expensive.. I do recommend them as alternative.. still the AFP whilst subject to man in the middle attack is also pretty unlikely. and the password is encrypted so i think it is reasonably safe for home or domestic type of use.
There are many situations BTMM doesn't work.. or is very flakey.. However it is secure.
Remote access to Time Capsule without using port 548 ?
