Pocket PC Networking - Running Server-like Programs (incl. games, RealOne Player, PocketIRC) on a Firewalled PDA; why ActiveSync
Don't be afraid of the long-winded title – the subject of this article is far easier than you would think. I just wanted to put everything I discuss in the title so that people having problems with, for example, streaming to the Pocket PC version of the RealOne Player will see at once this article is targeted at them too.
So, what will be explained in this article? It's pretty simple: why some programs require full Internet access, why this can't be done through a simple ActiveSync Internet pass-through connection or behind a so-called firewall and how you can still use these applications without buying/setting up Wi-Fi access points.
The concept 'firewall' includes a lot of things (and, therefore, I use the word 'firewalled' to denote all these kinds of connections); for example, the most dial-up connections, which include GPRS and other mobile connections. I also consider ActiveSync-based connections firewalled to simplify the discussion (even if they are even more restricted than normal behind-the-firewall devices. More on this later.)
Several very good pages and articles discuss this problem. One of the most comprehensive and full discussions can be found at PortForward. Of them, I highly recommend this article, with all the linked articles from it.
Because the PortForward article explains everything, as far as firewalling and port forwarding is concerned, I don't devote much space to explaining the basics it discusses. On the other hand, I concentrate on things that those articles do not explain: namely, software routers and setting up popular Pocket PC (PPC) applications. That's because the PortForward article only contains information on self-standing hardware (not software!) routers and desktop (not Pocket!) PC applications.
So, is there software that needs a "real" Internet connection, you may ask. Indeed there is!
The most important example is the RealOne Player. If your PDA only has a firewalled connection, then, you won't be able to listen to any RealOne broadcasts; the PPC client will plainly display "Response or data from server timed out" 20-22 seconds after you try to connect to the server. Noone has ever come up a really decent solution – people have either suggested transcoding Real streams into a firewall-friendly one like ASF or putting the PDA into the DMZ, which is impossible with a software-only solution (that is, without a hardware router). This is why it's really worth reading this article if you would like to listen to your streams on your PDA if it can't be put into a DMZ (please see the description of DMZ in the PortForward article if interested – I won't speak of it more because setting up a DMZ in a software-only environment is impossible).
Other examples of running IP-based multiplayer games on PDA's. Then, with some games (the most important example is The Travel Collection), if the server is firewalled, clients won't be able to connect to it.
You may also want to run your Web, VNC or FTP server on your PDA. They also require that you know what port forwarding is and, more importantly, if you'd like to do this your PDA hooked up to your desktop PC and not a hardware router, the way you can configure software port forwarding.
Also, questions like using DCC from PocketIRC must also be discussed in here. You also need to have (almost) full Internet access to be able to fully utilize the potential of DCC-capable IRC clients like PocketIRC.
There're some other applications; for example, PPC FTP clients. These, however, aren't that problematic – if you use your FTP clients in passive mode (and you can use all of the current FTP clients in passive mode!), then, you won't have problems, not even through a really restricted Internet connection like that of ActiveSync.
So, I have read the PortForward series of articles and now understand what the problem is. However, I don't know how I can do port forwarding on my PC, to which my PDA is connected, you may ask. (Note that if you have a hardware, say, Wi-Fi access point your PDA directly connects to, you won't need to read the ActiveSync and software router-related sections of this article. You'll only need to know what ports to forward for enabling the above-mentioned applications.)
Yes, you're absolutely right. This is what my article will explain. Fortunately, port forwarding (and, in general, giving PDA's almost full Internet access) is much easier than many would think.
First, some words on ActiveSync
ActiveSync has been providing an Internet pass-through for some years to WindowsCE devices. It's, however, very restricted: unlike full-fledged local area networks like a Bluetooth Personal Area Network (BT PAN for short), which I'll use in this article to show everything, it doesn't add a new (software) network to the PC.
What does this mean? If you set up a BT PAN between your PDA and a desktop computer, you can access it from both the desktop PC the PDA is connected to – through both pinging (as you'll see) and any other means (for example, direct access to servers set up on the PDA). You, however, can't do the same through a simple ActiveSync connection.
Much as a PDA also gets an IP, 192.168.55.101, when it's connected through ActiveSync to the desktop, you can't access anything on it from the desktop via this IP. This means this IP is, unlike "real" LAN addresses, can't be accessed/used from the outside. Therefore, you must use some kind of another physical networking to make your PDA accessible to both the desktop and the software routers for port forwarding on the desktop.
This is where Bluetooth comes into the picture. If you have Bluetooth (BT for short) in your PDA and you're fortunate enough not to have the Microsoft BT stack (which is highly likely if you have a pre-WM5, non-HTC, non-Mitac combo PDA with built-in BT) and also a BT USB stick (or, built-in BT support) in your desktop computer, do the following (please note that the following tutorial also assumes you have a Widcom/Broadcom BT stack on the desktop PC too. If you have a Microsoft BT stack in there, you aren't lost – check out my earlier BT PAN set-up tutorial here; look for the post starting with 'Setting up PAN with the XP SP2 BT drivers'):
1. Pair the PDA and discover its BT PAN service. This will add a "Bluetooth Network" to your "Network Connections" list.
2. share your "main" Internet connection with the newly set up BT PAN network. For this, go to Start/Settings/Network Connections. You'll see your active Local Area Connection listed there:
Just ignore the two other "Local Area Connection"'s here (the postfix-less and the one with postfix 3); you most probably won't see anything similar on your PC. If you do, just ignore them if they are "Disabled", like the VPN one on the screenshot. Only go for a "Connected" "Local Area Connection" which does show a physical network card (and not, for example, "Microsoft TV/Video connection" as in the above screenshot).
Also note that this window also lists the newly created "Bluetooth Network" in the "LAN or high speed Internet" section. It's this "Bluetooth Network" that you'll need to share your Internet connection with, in the way described below.
3. It's this LAN connection (again, "Local Area Connection 2") Internet connection that you must share. Therefore, right-click it and choose Properties:
4. go to the Advanced tab and, in the "Internet connection sharing" group, check "Allow other network users to connect through this computer's Internet connection".
5. Choose "Bluetooth Network" in the "Home networking connection" drop-down list. (Again, you need to choose this because it's this name that your BT PAN connection has.)
6. now that the PDA it connects with the desktop computer already has a connection, you can start the BT PAN network on the desktop. For this, click this icon, right-click the BT PAN connection icon of your PDA and choose Connect:
7. the PDA will prompt you for allowing the connection; choose Accept:
8. the PDA will also prompt you to decide what network ("The Internet/Work") it connects to upon the very first BT PAN connection. Choose "The Internet".
9. go to Settings/Connections/Network Cards on WM2003SE (or, Settings/Connections/ Connections /Advanced/Network Card on WM2003) devices and choose "Bluetooth PAN User Driver":
Write down the value of the "IP address" field. It'll most probably be 192.168.0.2, as in the above screenshot.
10. on the desktop PC, check whether it can really see the PDA; open a command window (Start/Run/cmd) and enter the ping command, giving the IP address you've just looked up:
Great! Now, your PDA already has a working LAN connection where you can already forward ports. (Again, you can't do the same to the PDA that only has access to the Internet through the ActiveSync Internet pass-through – you can't just forward ports to the pseudo-IP 192.168.55.101.)
Now comes the port forwarding part. For this, you can use both the commercial ($74.95 for 3 users; not cheap but, in my opinion, it may be worth it because it's not just a port forwarder tool but also a really good firewall / proxy combination) WinGate (download page here) and the built-in Windows Internet Connection Sharing (ICS for short).
Let's start with the latter!
Port forwarding with the Windows XP ICS
Assume you want to forward port 9000 (the Chess game of The Travel Collection). Go to the same (Advanced) tab of your Internet connection (here, "Local Area Connection 2") where you've already enabled connection sharing, and click the Settings button in the ICS group (that is, the second Settings button from the top). In the dialog that comes up, click Add and fill in the Description (anything can come here), Name or IP address... (give it the local IP address of the PDA; that is, 192.168.0.2) and the External Port number... (give it 9000) fields as follows:
Note that you can only give it one port to forward (as opposed to WinGate, which is far more flexible in this).
It's this simple to forward ports with the already built-in and free ICS! Now, you can start a networked Chess game of The Travel Collection; clients will already be able to connect to you.
Incidentally, you can find (but you don't need to read it – everything said so far is sufficient for configuring port forwarding) a lot of additional information on ICS here (some sublinks of interest: XP ICS ; ICS in general; ICS How-To Center; Help me decide!).
Port forwarding with WinGate
After installing WinGate, go to Start/Programs/WinGate/Gatekeeper, log in (if it's the first time after the installation you log in, log in without any password and set up a new one after just loggin in) and double-click Extended Networking in the list on the left. Make the settings like as follows:
That is, make sure NAT is active (it's on by default). It's on the same screen that you can disable routing (it is not needed for 'plain' port forwarding). The built-in firewall should be, on the other hand, enabled; even in "Low security mode", to be able to fine-tune NAT.
Now, click "Port Security" in the "Configuration" list in the same dialog and choose Add. Fill in the Ports field with the ports you want to forward to the PDA. With The Travel Collection, for example, it's 9000...9006 (the separate games use separate server ports; for example, Chess uses port 9000, Checkers use port 9001 and so on – in the previous, Windows ICS section, we've only set up forwarding port 9000 because, again, Windows ICS is unable to forward more than one port with a single rule). Furthermore, in the Action group, choose "Redirect Packet to IP address" and fill in the IP of the PDA:
You don't need to make any other changes here.
Incidentally, the following two WinGate help pages explain what you've done:
Network Address Translation:
ENS/ Port Range Configuration:
You don't need to understand everything in these help pages, though.
Now, just click OK and you can start the game on the BT PAN-connected PDA as a server and the firewalled PDA's as client.
Now, you see how both the built-in Windows ICS and the commercial WinGate can be used to forward ports and have also seen how you can enable The Travel Collection to host games behind a firewall to be connected by other clients.
As far as other PDA server applications are concerned:
- PocketIRC requires, by default, port forwarding of TCP ports between 5000 and 5100 for DCC originated chat/send to work. You can find the WinGate settings screen in the already-linked article on Pocket PC IRC clients. To be used with Windows ICS, you'll need to drastically reduce the number of ports used by PocketIRC in its preferences (to, say, 5000....5010) and define a ICS rule for each of these ports.
- RealOne Player, the most important and very often asked-for one, is a much more complicated case. As you'll see, simple port forwarding won't be sufficient.
First, let's have a look at what local ports are connected to by the Real server (here, 194.252.88.2 – the RealOne server of YLE, the Finnish Broadcasting Company). To find it out, originate a request from the PDA and see what ports are connected to:
As can be clearly seen, in rapid succession, the server tries to bind to UDP port number 28378 (it's the last-but-one column; the previous one is the Destination IP; I've collapsed it so that I needn't have used graphics editing to hide my static IP). With other requests, the target port will be totally different; between 5000 and 30000.
Unfortunately, forwarding all these UDP ports just won't work if there's no additional, for example, cabled ActiveSync connection – the PDA must be put in the DMZ to operate. In the following communication history, it can clearly be seen that BT PAN-originated requests are all lost; it's only locally-originated requests that get through.
Therefore, to make RealOne usable in such a configuration with WinGate, forward UDP ports 5000-30000 to the PDA:
And leave the PDA in the cradle so that, in addition to BT PAN, it also has an ActiveSync connection, while listening to broadcasts. Unfortunately, as simple port forwarding doesn't work, that's the only way – unless you use a RTSP proxy, which will promptly be explained.
If you find the above-explained way of listening to Real broadcasts pretty awkward (as I do), a decent alternative is using RTSP proxies. You can point the PDA Real client to a proxy like this in Options/Preferences/Network/Use RTSP Proxy:
Incidentally, the IP here, 192.168.0.1, refers to the first (this is why the IP ends at 1) connected computer in the LAN; that is, the desktop computer. I could have, of course, used its global IP address too (assuming it has any and it's not changing).
Now, you only need to run a RTSP proxy on the desktop. Fortunately, WinGate can help in this too: go to the Services tab in the left main frame and check whether "RTSP Streaming Media" is running.
If you use a RTSP proxy, you won't need any kind of port forwarding (not even the UDP ports 5000-30000) over a "real" LAN (that is, a BT PAN network). Unfortunately, simple ActiveSync-based Net access won't work in here either.
Incidentally, you may ask if you can use other RTSP proxies than WinGate. I've spent quite a lot of time checking the alternatives and didn't really find anything. A breakdown of the alternatives (there're many; for example, please see this and this):
CCProxy 6.3.2 (this isn't listed the above pages): supports a lot of other proxies and costs $69. Unfortunately, its RTSP proxy didn't work with the PPC Real player.
Apple Darwin: Unfortunately, much as it's referred to as having proxy functionalities, its documentation doesn't contain anything on it.
Helix: Unfortunately, the only free Helix app, Helix Server — Basic, doesn't support proxy functionality. Helix Proxy, on the other hand, costs thousands of dollars.
Finally, some remarks on alternatives of WinGate:
Vicomsoft's SoftRouter (see for example the comments here) has been integrated into InterGate; it costs 99$/5 users. No trial version is available; therefore, I haven't tested it (I don't understand why some software developers can't understand that providing trial versions is essential...).
Other (non-essential) links
EDIT (29/11/2005): please note that I've also posted a strictly RealOne-related blog entry HERE. You may want to start with it right away to see the possibilities of RealOne streaming in a tabular form.
- Login or Register to post comments
Printer-friendly version
