«
»

openwrt, dnsmasq, linuxigd, and Back To My Mac

September 10, 2009, 11:12 pm

Sim­ple task: set up my wrt-54g (run­ning open­wrt) with mini­up­npdlin­ux­igd so that “Back To My Mac” works[1].

mini­up­npdlin­ux­igd: triv­ial. Click a few but­tons to enable it, done. I tried mini­up­npd first; but althought it ini­tially looked good, I couldn’t get it to work consistently.

How­ever, that’s when I start get­ting the MobileMe pref­pane telling me that BTMM couldn’t start because “Your DNS server isn’t respond­ing”. A lit­tle bit of search­ing on Google finds me pages like this one, which baldly state that “Back to My Mac isn’t com­pat­i­ble with dnsmasq.”

Well, dear inter­nets, I’m here to tell you that you are wrong. BTMM is per­fectly com­pat­i­ble with dns­masq. Sure,openwrt’s default set­tings don’t work, but that doesn’t make the two incompatible.

It did take me a while to fig­ure out what was going on. The clue also came from Apple’s forums, which told me to do this:

betelgeuse:~ james$ echo "show State:/Network/BackToMyMac" | scutil

<dictionary> {

  zhasper.members.mac.com : <dictionary> {

    ExternalAddress : 143.211.101.234

    StatusMessage : GetZoneData failed: _afpovertcp._tcp.username.members.mac.com.

    AutoTunnelExternalPort : 4500

    StatusCode : -65554

    LLQExternalPort : 5353

    RouterAddress : 192.168.0.1

    LastNATMapResultCode : 0

  }

}

The vital clue was the Sta­tusMes­sage, which tells you exactly which DNS lookup failed. The impor­tant thing is that the host­name starts with an underscore.

Take a look at the dns­masq man page, specif­i­cally the filterwin2k option. Once upon a time, SRV records (and records with under­scores) really were a sign that you had win2k machines on your net­work. Once upon a time, “trig­ger­ing dial-on-demand links” was actu­ally some­thing to be wor­ried about. Those times are long past.

I turned this option off (vi /etc/dnsmasq.conf, add a # at the start of that line to com­ment the option out, save the file, and run /etc/init.d/S65dnsmasq to restart the ser­vice). As expected BTMM now works fine. Well, as fine as you could expect.

[1] I’m ide­o­log­i­cally opposed to all things UPnP, and BTMM in par­tic­u­lar. What’s the point of hav­ing a fire­wall if you’re going to allow every­thing inside to poke so many holes in it it may as well not be there? There’s noth­ing BTMM can give me that a small fire­wall hole (to allow SSH on a non-standard port) + ssh port­for­ward­ing can’t give me in a more con­trolled way — and with­out shelling out $$$ to Uncle Steve, too. Nevertheless…

Category: slugworthy  |  Comment (RSS)  |  Trackback

Leave a Reply