openwrt, dnsmasq, linuxigd, and Back To My Mac

Simple task: set up my wrt-54g (running openwrt) with miniupnpdlinuxigd so that “Back To My Mac” works[1].

miniupnpdlinuxigd: trivial. Click a few buttons to enable it, done. I tried miniupnpd first; but althought it initially looked good, I couldn’t get it to work consistently.

However, that’s when I start getting the MobileMe prefpane telling me that BTMM couldn’t start because “Your DNS server isn’t responding”. A little bit of searching on Google finds me pages like this one, which baldly state that “Back to My Mac isn’t compatible with dnsmasq.”

Well, dear internets, I’m here to tell you that you are wrong. BTMM is perfectly compatible with dnsmasq. Sure,openwrt’s default settings don’t work, but that doesn’t make the two incompatible.

It did take me a while to figure out what was going on. The clue also came from Apple’s forums, which told me to do this:

betelgeuse:~ james$ echo "show State:/Network/BackToMyMac" | scutil

<dictionary> {

  zhasper.members.mac.com : <dictionary> {

    ExternalAddress : 143.211.101.234

    StatusMessage : GetZoneData failed: _afpovertcp._tcp.username.members.mac.com.

    AutoTunnelExternalPort : 4500

    StatusCode : -65554

    LLQExternalPort : 5353

    RouterAddress : 192.168.0.1

    LastNATMapResultCode : 0

  }

}

The vital clue was the StatusMessage, which tells you exactly which DNS lookup failed. The important thing is that the hostname starts with an underscore.

Take a look at the dnsmasq man page, specifically the filterwin2k option. Once upon a time, SRV records (and records with underscores) really were a sign that you had win2k machines on your network. Once upon a time, “triggering dial-on-demand links” was actually something to be worried about. Those times are long past.

I turned this option off (vi /etc/dnsmasq.conf, add a # at the start of that line to comment the option out, save the file, and run /etc/init.d/S65dnsmasq to restart the service). As expected BTMM now works fine. Well, as fine as you could expect.

[1] I’m ideologically opposed to all things UPnP, and BTMM in particular. What’s the point of having a firewall if you’re going to allow everything inside to poke so many holes in it it may as well not be there? There’s nothing BTMM can give me that a small firewall hole (to allow SSH on a non-standard port) + ssh portforwarding can’t give me in a more controlled way – and without shelling out $$$ to Uncle Steve, too. Nevertheless…

Leave a Reply