Nintendo Wii Networking Guide Version 0.82
Copyright 2006, TJ Nardi (MS3FGX@gmail.com)
================================================================================
= Contents =
================================================================================
1. Introduction & Overview
1.1...Introduction
1.2...About this Guide
2. Wii Configuration
2.1...Connection Settings
2.1.1...New Connection Profile
2.1.1.1...Search for an Access Point
2.1.1.2...Nintendo Wi-Fi USB Connector
2.1.1.3...Manual Configuration
2.1.1.3.1...Device Settings
2.1.1.3.2...Security Settings
2.1.1.3.3...TCP/IP Settings
2.1.1.3.4...DNS Settings
2.1.1.3.5...Proxy Settings
2.1.1.3.6...MTU Settings
2.1.2...Existing Configuration Profile
2.1.2.1...Use this Connection
2.1.3.2...Connection Test
2.1.3.3...Change Settings
2.1.3.4...Clear Settings
2.2...Console Information
3. Configuring a Basic Connection
3.1...Router
3.2...Nintendo Wi-Fi USB Connector
3.2.1...Requirements
3.2.2...Pre-Installation
3.2.3...Installation
4. Configuring an Advanced Connection
4.1...GNU/Linux
4.1.1...Hardware Configuration
4.1.2...Software Configuration
4.1.2.1...TCP/IP
4.1.2.2...Routing
4.1.2.3...Static IP
4.1.2.4...DHCP
4.1.3...The Complete Wii_Route Script
4.2...Windows
4.2.1...Wireless
4.2.2...Wired
4.2.2.1...Hardware Configuration
4.2.2.2...Configuring ICS
4.3...Mac OS
4.3.1...Configuring Internet Sharing
4.3.2...Configuring AirPort Options
4.3.3...Connecting the Wii
4.4...Nintendo Wi-Fi USB Connector
4.4.1...Using the Nintendo Wi-Fi USB Connector with AOL
5. Network Security
5.1...WiFi Security
5.1.1...Cloaked SSID
5.1.2...MAC Filtering
5.1.3...Encryption
5.1.3.1...Use a Strong Key
5.1.3.2...Use the Highest Encryption Possible
5.1.3.3...Limit your Bandwidth
5.1.3.4...Rotate your Key
5.1.3.5...Combine Forces
5.2...Securing your WiFi Router
5.2.1...Use a Strong Password
5.2.2...Disable Wireless Management
5.2.3...Disable Remote Management
5.2.4...Disable Remote Upgrade
5.2.5...Enable HTTPS
5.3...Nintendo Wi-Fi USB Connector
5.4...Firewalls
5.4.1...Hardware Firewalls
5.4.2...Software Firewalls
5.4.2.1...GNU/Linux
5.4.2.2...Windows
5.4.2.3...Mac OS
5.4.3...Practical Application
5.4.3.1...Inbound Firewalling
5.4.3.2...Outbound Firewalling
6. Reference
6.1...Networking Glossary
6.2...Software AP Compatible WiFi Hardware and Drivers
6.2.1...GNU/Linux
6.2.2...Windows
6.2.3...Mac OS
6.3...Finding the Current TCP/IP Information
6.3.1...Under GNU/Linux
6.3.2...Under Windows
6.3.3...Under Mac OS
6.4...Correctly Configuring a Static IP
7. Playing With My Wii
7.1...Dial L for Lag
7.2...My Wii no WAN
7.3...Not-So-Universal Serial Bus
7.4...Channel Surfing
8. Misc
8.1...Version Information
8.2...Future Additions
8.3...Credits
================================================================================
= 1. Introduction & Overview =
================================================================================
--------------------------------------------------------------------------------
- 1.1 Introduction -
--------------------------------------------------------------------------------
This Guide is an adaptation and extension of my DS Wireless Networking Guide,
which I started back in 2005 to address the lack of a comprehensive
documentation of that system's networking capabilities.
When I heard some of the first details about the Wii, it's networking model,
and the fact it would also be using the Nintendo Wi-Fi Connection, I decided to
start writing a new Guide focusing on the Wii, which would make use of some of
the information I put together for the DS Guide.
At the same time, there are a number of new fields to be covered and
investigated for the Wii. For example, the Wii supports both WiFi and Ethernet
connections, so while the information about sharing your Internet access to the
system over WiFi is still going to be valid here, I will also be going into how
to do the same thing over an Ethernet network.
As the Wii also supports non-gaming online functions, such as content downloads
and digital distribution, I will also be covering how to share a dial-up
connection with it. For the DS, I did not cover this due to the fact that
dial-up users on the gaming network would bring it down for the rest of us, but
now that there are other things to do online than simply playing games, I will
cover it (and just hope nobody tries to play online games with it).
I encourage anyone who reads this Guide to email me with their impressions or
suggestions. I am always open to new ideas for the Guide, so drop me a line if
you think there is something I should cover. Even if you don't have a technical
comment or idea, general feedback is always welcome as well.
As with the DS Guide, all of the information in this Guide has been tested on
my own network, with my own hardware, as thoroughly as possible. Everything has
been written by myself, but I certainly do not forget the help and support I
receive from others, and they will all be listed in the credits.
I hope that you enjoy this Guide, and more importantly, I hope that it helps
you.
--------------------------------------------------------------------------------
- 1.2 About this Guide -
--------------------------------------------------------------------------------
Hey, you know the drill.
This Guide was written entirely in Vim. I did not use word wrap, and instead
manually entered carriage returns at or before 80 characters as I wrote it. I
did however use the spell check built into Vim, rather than checking it
separately in Aspell as I have done in my previous works. A true revolution in
my technique.
As if there was any doubt, it was indeed, big fun.
================================================================================
= 2. Wii Configuration =
================================================================================
The Wii offers a considerable amount of configuration options in regards to
Internet connectivity. You can configure your Wii to connect to a wireless
network; and if you have the optional Ethernet Kit, can also connect it to a
standard wired network.
Overall, the network configuration system is very similar to that of the
Nintendo DS, so if you have used that system, you should feel pretty
comfortable here.
To start the configuration on the Wii, you need to make your way to the
"Internet Settings" menu. This is the main menu for the Internet configuration
on the Wii.
To get to this menu, you need to select the "Wii" icon on the lower left side
of the Wii's startup screen, then select "Wii Settings". From here, move over
to the second page of settings.
On this page, select "Internet". If Parental Controls are enabled on your Wii,
you will be asked for your PIN to proceed.
The following screen will have two buttons "Connection Settings" and "Console
Information".
--------------------------------------------------------------------------------
- 2.1 Connection Settings -
--------------------------------------------------------------------------------
This screen lists the three connection profiles available.
There isn't a whole lot of information presented on this screen. The right side
of each connection profile does indicate if it is wired or wireless, so that
you don't have to go into each profile to figure out what it is using.
Selecting any of the profiles will bring up one of two different screens,
depending on whether or not this profile has been configured before.
--------------------------------------------------------------------------------
- 2.1.1 New Connection Profile -
--------------------------------------------------------------------------------
The first option you will have when starting a new connection profile is which
device you want to use. You can either use the Wii's built-in WiFi, or a USB
Ethernet adapter.
To select which device, you will press one of two large buttons labeled
"Wireless" and "Wired".
Selecting "Wired" simply starts the Connection Test, as it assumes you want to
use DHCP for a Ethernet connection. There is really nothing to configure (that
is unless something goes wrong with the Connection Test).
However, if you select "Wireless", there are a number of configurable options.
Let's take a look at those now.
--------------------------------------------------------------------------------
- 2.1.1.1 Search for an Access Point -
--------------------------------------------------------------------------------
This is the mode most people are looking for; this will enable you to get the
Wii configured with your WiFi router in just a few seconds (unless something
goes wrong, of course).
To enter this mode, click on the button, "Search for an Access Point". You
should then get the message "Searching for an access point..." along with a
noise and a spinning icon on the lower right. This will take a few seconds,
and afterwards you will be presented with a list of all the Access Points
detected (if any were found).
For each AP, you will see three pieces of information:
The first, and perhaps most relevant is the name of the WiFi network, or SSID.
This is the name that was given to the network to help identify it. You will be
using this name to figure out what device you are actually connecting to.
Second is an image of a lock. Very simply, if the lock is open, there is no
encryption on the network and you will be able to immediately connect to it. If
the lock is closed, that means encryption is in place.
The last piece of information is a basic indication of signal strength. This
should be pretty simple for most people to decipher, since it is very similar
to the signal strength indicator on cell phones. The more bars, the better the
signal. Additionally, the icon itself will be green, yellow, or red, indicating
the condition of the connection. Green is obviously the best, and red is
either very low, or no connection at all. You might as well ignore any APs that
show up consistently as red, as it is likely the signal is not strong enough to
connect.
Now that we know what all that means, take a look at the list and decide which
one you want to connect to. Simply click on it, and it will automatically setup
the connection. If the network is encrypted, a prompt will come up asking you
for the appropriate key.
You will then see a message asking you if you want to save these settings,
select OK. After that it will ask to run a Connection Test. Assuming everything
worked and you have a good signal, you should get a message saying "The
connection test was successful". If you got this message, you are ready to play
online.
Now, this is obviously the easiest and most applicable of the connection
options. However, it depends on a few things which may be a problem depending
on the network setup. First, it depends that the network you are connecting to
has SSID Broadcast enabled. This is not always true, as many people chose to
cloak their SSID to make it less obvious to other WiFi users. Second, this
depends on a DHCP server on the network. A WiFi router contains a DHCP server
element (though it might not be enabled on the particular router you are
connecting to), but a more advanced network (using WiFi APs and not
consumer-type hardware) may or may not have network-wide DHCP enabled.
If you fall into a group where any of that is a problem, or else you just want
more control over the process, then you should check out Section 2.1.1.3,
"Manual Configuration".
--------------------------------------------------------------------------------
- 2.1.1.2 Nintendo Wi-Fi USB Connector -
--------------------------------------------------------------------------------
You use this option to configure a connection to Nintendo's proprietary Wi-Fi
Connector device. This is the same device as was released for the Nintendo DS
in 2005, so anyone who got one of those will have no problem. In fact, the
setup is identical between the two systems.
Once you have clicked on "Nintendo Wi-Fi USB Connector", you will be prompted
to setup the Wi-Fi Connector on your computer, and to select "OK" once you have
done so.
You should already have the Wi-Fi Connector setup on your computer, but if you
have not, then jump to Section 3.2 and read up on the setup procedure. If you
have your Wi-Fi Connector setup already, then just keep reading.
Click "Next" on the screen to connect to the Wi-Fi Connector. After a few
seconds, you should get a pop-up on your computer saying that a user wants to
connect to the Nintendo Wi-Fi Connection. Open up the Registration Tool by
double clicking the WFC logo, and you will see a list of devices (keep in mind,
the Wi-Fi Connector works with both the DS and the Wii, so you will see both on
this list) that are trying to connect to your computer. To identify individual
consoles, the list shows the nickname that the user entered on that system.
Simply right-click on the console you want to manage, and either Allow or Deny
access for it.
After granting permission for the Wii, you will see a message on the screen
that says "Nintendo Wi-Fi USB Connector setup is complete.", and a "Next"
button. Select "Next" and it will run the Connection Test as usual. If the test
passes, you are ready to play online.
--------------------------------------------------------------------------------
- 2.1.1.3 Manual Configuration -
--------------------------------------------------------------------------------
There are many options under "Manual Configuration", and you will want to know
what everything does before you start changing anything.
The "Manual Configuration" menu is setup like the "Wii Settings" menu from
earlier, you are presented with multiple pages of options that you can cycle
through by pressing the left and right arrows on the edges of the screen.
Let's take a look at these options, one page at a time.
--------------------------------------------------------------------------------
- 2.1.1.3.1 Device Settings -
--------------------------------------------------------------------------------
The first thing you will see on this screen are the buttons to select whether
the current profile will use the internal WiFi hardware, or the USB Ethernet
adapter. This is actually redundant, since you already told it what device you
were using, but since you can access this menu later, they decided to just
leave the option there anyway.
If you are using the Ethernet adapter, the only other thing you need to look at
is the TCP/IP and DNS configuration. But if you are using WiFi, there are a
number of additional options that you also need to set.
On WiFi, you need to put your network's SSID in the center box. This option is
here for people who do not have their routers set to broadcast their SSID.
If you press the right arrow, you will see the security screen.
--------------------------------------------------------------------------------
- 2.1.1.3.2 Security Settings -
--------------------------------------------------------------------------------
Here you are able to select which form of wireless encryption you would like to
use. The Wii supports all current forms of encryption, so you won't have any
issues as we did on the Nintendo DS.
You need to select which encryption scheme you want to use by selecting it's
respective icon, and then you will be prompted to enter in the key for it.
After you are done with that, press the right arrow again to see the TCP/IP
configuration page.
--------------------------------------------------------------------------------
- 2.1.1.3.3 TCP/IP Settings -
--------------------------------------------------------------------------------
This page of the configuration allows you to define the basic TCP/IP settings
your console will use to connect to the network.
The Wii uses DHCP by default, so generally you should not have to setup a
manual IP. But if you would like to do so, simply select "No" under
"Auto-Obtain IP Address", and then select "Advanced Settings" to manually enter
your TCP/IP information.
On the "Advanced Settings" screen, you will be presented with a number of
fields, which you will use to enter in the appropriate information.
+------------------------------------------------------------------------------+
| Setting | Description |
+------------------------------------------------------------------------------+
| IP Address | This allows you to manually assign an IP |
| | address for the Wii to use. |
|------------------------------------------------------------------------------|
| Subnet Mask | This allows you to manually assign the |
| | subnet mask for the Wii to use. |
|------------------------------------------------------------------------------|
| Default Router | This is the IP for whatever router you are |
| | using to connect out to the Internet. |
+------------------------------------------------------------------------------+
However, this is not enough. To actually connect to the Internet, you also need
to configure DNS, which is how the Wii resolves domain names to IP addresses.
--------------------------------------------------------------------------------
- 2.1.1.3.4 DNS Settings -
--------------------------------------------------------------------------------
The DNS page is identical to the TCP/IP page. There are two large buttons
labeled "Yes" and "No" to enable or disable automatic DNS configuration. When
disabled, you can select "Advanced Settings" to enter in your own DNS servers.
You will need a primary and a secondary DNS server. The IPs of these servers
can be found in the documentation you received from your ISP, or by looking at
your computer's TCP/IP configuration.
Read Section 6.3, "Finding the Current TCP/IP Information" for a detailed
explanation on how to find appropriate DNS servers for your network.
--------------------------------------------------------------------------------
- 2.1.1.3.5 Proxy Settings -
--------------------------------------------------------------------------------
I was surprised to see this on the Internet configuration for two reasons. For
one it isn't something many people need (Nintendo didn't even include it on the
DS), but mainly I was surprised because this feature was not available on the
initial firmware. The "Proxy Settings" page does not come up until after you
have updated your Wii. At least, that is true on the launch models. Later Wiis
will presumably be shipping with newer firmwares.
On this page you will see two large buttons, "Use" and "Don't Use". Their
functions are fairly self-explanatory. Now, if you select "Use", you can then
select the button "Advanced Settings", which will bring you to the proxy setup
page.
Here you will see a number of configurable options. The most prominent one
being right at the top, "Proxy Server". Here you enter the address for the
proxy server you want to connect to, in the form of a domain name. Under that
is "Port", which will be the port on the server you wish to connect to.
Next is the heading "User Name & Password". Here you can select "Yes" or "No",
with "Yes" enabling the "Advanced Settings" button. When you select "Advanced
Settings", you will be brought to a screen that requests your username and
password on the server.
Again, this is an option that few people will need, so if you don't know what
this is for you can safely ignore it.
--------------------------------------------------------------------------------
- 2.1.1.3.6 MTU Settings -
--------------------------------------------------------------------------------
I will be honest, until I have time to do some more experimentation with the
Wii, I have no idea why this option is even included. Generally you are given
an adjustable MTU for WAN connections, but since the Wii lacks any of the
authentication protocols that would be required for it to directly connect to
a WAN, this option really doesn't make much sense.
But, for whatever reason, here it is. All you do on this screen is enter in
the size of the MTU in bytes.
--------------------------------------------------------------------------------
- 2.1.2 Existing Connection Profile -
--------------------------------------------------------------------------------
If you are editing an existing profile rather than starting a new one, you will
see a different set of options upon profile selection. The following Sections
cover each option, and it's function.
--------------------------------------------------------------------------------
- 2.1.2.1 Use this Connection -
--------------------------------------------------------------------------------
This option simply sets the current profile as the default connection to use.
--------------------------------------------------------------------------------
- 2.1.2.2 Connection Test -
--------------------------------------------------------------------------------
As on the Nintendo DS, this option starts a connection test which verifies that
your console is able to successfully connect to the Internet.
If this test passes, you should have no problems getting online. If it fails,
you should go over your settings again and make sure everything has been
entered correctly.
--------------------------------------------------------------------------------
- 2.1.2.3 Change Settings -
--------------------------------------------------------------------------------
This option is the same as selecting "Manual Configuration" when you start a
new connection profile, so I won't go over it again here.
Read Section 2.1.1.3, "Manual Configuration" for all of the details on what is
available to you here.
--------------------------------------------------------------------------------
- 2.1.2.4 Clear Settings -
--------------------------------------------------------------------------------
This option allows you to completely wipe the settings for the current profile,
and return it to it's default state.
When you go back and select this profile screen again, it will take you to the
screens as described in Section 2.1.1, "New Connection Profile".
--------------------------------------------------------------------------------
- 2.2 Console Information -
--------------------------------------------------------------------------------
This screen simply shows the MAC addresses for both the internal WiFi hardware,
and the USB Ethernet adapter, if you have one connected.
The MAC addresses are important, as you might want to allow only specific
devices to connect to your network, and you will need to have the MAC for the
Wii to set that up.
================================================================================
= 3. Configuring a Basic Connection =
================================================================================
Nintendo has aimed to make connecting their consoles to the Internet as simple
as possible. With the Wii, they have managed to succeed in this goal more so
then they were able to on the Nintendo DS, for a number of important reasons.
The first improvement is the inclusion of Ethernet support. Even though this is
optional (and thus costs more); it is a very important feature to have for
people who do not have, or do not want, WiFi. While the DS had to remain
wireless just because of the nature of portable gaming, Nintendo originally was
not going to offer Ethernet on the Wii either, but they wisely changed their
minds towards the end of the Wii's development.
A very important update is support for more WiFi encryption types. The DS only
supported the outdated and largely useless WEP encryption, while the Wii
supports all current forms of WPA, in addition to WEP (many people still chose
to use WEP, for various reasons). This means you can get your Wii online
without having to compromise your network security.
Another big improvement is with the TCP/IP stack itself. The DS's DHCP
implementation was very problematic. In many situations, users were forced to
setup a manual IP since the DS was not able to configure itself. This is not
easy for the average computer user, and made the DS configuration too difficult
for some people. The Wii does not have this problem, or at least, it is not
nearly as widespread as it was on the DS.
Finally, the Wii is using a standard WiFi chipset this time around,instead of
the DS's problematic proprietary hardware. This means less compatibility issues
with standard WiFi hardware.
So now what we know how wonderful it is, let's actually look at how you would
configure your Wii with some common devices.
--------------------------------------------------------------------------------
- 3.1 Router -
--------------------------------------------------------------------------------
This is the method of connection that the majority of people will be using.
Using a router is the easiest, most efficient, and best documented way of
getting your consoles online.
With the Wii, you have two options when connecting to a router. If your router
is wireless (as most are, at this point), then you can use WiFi. If you would
rather use Ethernet, then you can purchase the Ethernet Kit and connect that
way as well.
Let's briefly go over how a router operates, and what you will need to get one
setup in your home.
The general concept of a home router is simple. It takes your existing Internet
connection, and separates it so that multiple devices can connect. It can do
this wirelessly through WiFi, or via Ethernet.
To use a router, your existing broadband modem will have to support Ethernet
itself. USB modems will not work with a standard router.
Once you get the router, you will connect the modem up to the appropriate port
on the router. It will generally be called "Internet", "WAN", or something
similar. Once connected, a corresponding light on the front of the router
should come on.
You will now need to connect a computer up to one of the LAN ports on the
router. For this you will need to have a network interface card (NIC) in your
computer, again USB is not going to work. Connect the Ethernet cable between
the router and the computer, and then restart the computer. Alternately, you
could have the computer renew it's DHCP lease, the method of which will be
different depending on what operating system you are using.
Once you have an IP from the router, you will then use your web browser to
log into it. Consult your manual for the default IP, username, and password
required to connect to the router, as each model and brand is different.
The first thing you need to do is configure the WAN interface of the router to
actually get it online. You will need to select which type of Internet
connection you have, and generally some form of authentication (a username and
password used to connect to your ISP). This information should be provided by
your ISP, and a quick call to them should be able to provide you with all of
the information you need. Some routers also have an automatic configuration
option which will allow them to figure out their own WAN settings, but again,
this will depend on the router itself. You should check your manual to verify
what options are available to you.
Once you have configured your router for Internet access, you should then move
on to the WiFi configuration (assuming you have purchased a wireless router,
obviously) and apply some security settings so that you aren't running an open
network. Take a look at Section 5.1, "WiFi Security" for more details on that.
Once you are able to get online through the router, and your WiFi network has
been setup with some basic security settings, your router configuration is
complete.
--------------------------------------------------------------------------------
- 3.2 Nintendo Wi-Fi USB Connector -
--------------------------------------------------------------------------------
The setup for the Wi-Fi Connector is pretty straight forward, there isn't a
whole lot you need to do, or much that can go wrong (as long as you follow all
of the directions, anyway).
The most likely problem you will face is if you use a software firewall. You
will need to allow the Wi-Fi Connector software though the firewall, but
unfortunately some of these products do not work properly with the Wi-Fi
Connector, and so that isn't always possible. Due to the amount of firewall
products out there, I can't advise on how to correctly configure each one to
work with the Wi-Fi Connector software. You will have to check the help files,
or the developer's website, to find out how to allow programs though the
firewall, and what (if any) adjustments need to be made for the Wi-Fi Connector
to work with it). The Nintendowifi.com website also contains some information
on software firewalls which might help you if you run into a problem.
--------------------------------------------------------------------------------
- 3.2.1 Requirements -
--------------------------------------------------------------------------------
There are a few requirements you need to meet to be able to use the Wi-Fi
Connector. Check to make sure your setup is compatible before you purchase, or
try to install, the Connector.
You will need:
Broadband Internet
Windows XP
USB 2.0
A few notes on these requirements:
The source of the Internet connection does not really matter. Technically, it
doesn't even have to be broadband. All that matters is you have a network
interface on your machine that can connect out to the Internet in some way.
This interface can also be wired or wireless. So for example, if your Wii is
not able to connect directly to the router due to low signal strength or some
other issue, but you have a laptop equipped with a wireless adapter and a free
USB port, you could use the Connector with that to get the Wii online.
Windows XP is required for the Wi-Fi Connector to work. It does not work on any
other version of Microsoft Windows. Be sure you understand this before you
purchase it.
The Wi-Fi Connector does not work with USB 1.0 or USB Hubs. Be sure you have
one free USB 2.0 port before you purchase the Connector. The Connector comes
with a USB extension cable, so don't worry if your only free port is in the
back of the computer, you can use the extension cable to bring the actual
Connector to the front of the machine. If you do not have USB 2.0 in your
computer, you can purchase a USB 2.0 PCI card for around $20 - $30 at most
retailers, such as Radio Shack, CompUSA, or BestBuy.
--------------------------------------------------------------------------------
- 3.2.2 Pre-Installation -
--------------------------------------------------------------------------------
Before you do anything, go to the Nintendowifi.com site and download the latest
version of the Wi-Fi Connector software. The version on the CD that came with
your Connector is likely out of date, and there are important fixes in the
latest versions.The latest version of the Wi-Fi Connector software can be
found at the following address:
www.nintendowifi.com/consumerservice/downloads/Nintendo_WFC_USB.zip
Don't insert the Wi-Fi Connector until the installation process tells you it is
time to. If you plug the Connector in first, it will start the "New Hardware
Wizard", and it will not be able to find the appropriate drivers.
You will want to make sure ICS is not already setup and in use on your system.
By default it is not, and unless you specifically setup ICS on your machine
before, it will not be running, and there should be no problem.
The Wi-Fi Connector documentation recommends that if your computer is connected
to a router with an IP of 192.168.0.1 or 192.168.1.1, that you should change
the router's IP to 192.168.2.1. Personally, I don't understand why they
recommend this, since the Wi-Fi Connector sets up an IP range that isn't even
in the 192.168.x.x range. When I did the research for this section of the Guide
I did it with my main router at 192.168.1.1, and had no problems at all. Still,
Nintendo recommends it for whatever reason, so I mention it in case anyone
actually has a conflict with their router at those IPs.
Now that you have checked your system to make sure it meets the requirements,
and completed the pre-installation steps, you can continue on with the actual
installation.
--------------------------------------------------------------------------------
- 3.2.3 Installation -
--------------------------------------------------------------------------------
You should have downloaded a file named "Nintendo_WFC_USB.zip". Inside this
archive there will be a folder called "NintendoWFCReg", extract this to the
Desktop.
Open the folder you just extracted, and double click the "Setup.exe" file
inside to start the installer. You will see a welcome message and a warning
that firewall or anti-virus software could effect the Connector. Click OK.
You will then be shown a box that contains multiple languages. Highlight the
language you want the installer to continue in, and click OK.
Let the installer run for a bit as the progress bar fills. After a minute or
two, the installer will ask you to plug the Connector into the computer. The
installer does not make a noise or have a pop-up to tell you to do this, so if
you aren't paying attention, you can miss this line, and the installer will
just sit there doing nothing. I know I missed it the first time I installed the
software.
Once you plug in the Connector, the message on the installer should change, and
the progress bar will start moving again. The "Found new hardware" pop-up will
also come up, as well as a few other windows that involve the installation of
the drivers. You don't have to do anything with these other windows or pop-ups,
the installation software will take care of it all, just ignore them.
At this point, the light on the Connector should be blinking.
After the windows about the new hardware, you should also see a message about
the computer finding a new network device. Ignore this as well. Around this
time, the installer will say it is setting up ICS.
Soon after, the installation will finish, and the installer will say "Setup
Complete". Click OK to exit the installer. You may now delete the
"NintendoWFCReg" folder if you wish.
After closing the installer, the registration tool should start in the task
bar, which appears as the WFC logo.
At this point, the installation of the Nintendo Wi-Fi USB Connector is
complete. You will now need to setup and register your Wii with it to actually
connect to the Internet.
================================================================================
= 4. Configuring an Advanced Connection =
================================================================================
Anyone can go buy a router and hook their Wii up to that, it's no big deal. But
maybe your needs are a little more specific, or you just don't want to put out
the cash for a router. Well, you are in luck then, as this Section of the Guide
aims to address you specifically.
In the following sections, I am going to cover how to share an Internet
connection out from your own computer to your Wii, either over Ethernet or over
WiFi. This process is not always easy, but for the most part it is fairly
straight forward.
However, it is important to remember that special hardware is required in every
one of the following situations.
For sharing your connection over WiFi, you need a WiFi device that is capable
of "Master mode" in your particular OS. That is not always an easy order to
fill.
For Ethernet connections, you not only need the Ethernet Kit for the Wii
itself, you also need to have two network devices in your computer, and a
cross-over Ethernet cable to connect the Wii to the computer. The cross-over
cable is the most important, as this is NOT a standard Ethernet cable, but one
that is specifically designed to allow two devices to connect directly to each
other, rather than connecting to an intervening switch or hub.
Before attempting any of these advanced connections, please make sure you have
the required hardware.
--------------------------------------------------------------------------------
- 4.1 GNU/Linux -
--------------------------------------------------------------------------------
While GNU/Linux is without a doubt the most capable and flexible operating
system covered here, this comes at a price. The wealth of configuration options
available can be very overwhelming, and without a standardized GUI across all
distributions, we must stick to the console and Bash scripts; not what the
average user is accustomed to.
But then again, if you are running a Linux system you are already probably more
advanced than most readers of this document, so I am confident most people will
have no problem here.
Under Linux, the WiFi and Ethernet configuration is largely the same, so they
will be covered simultaneously. In addition, unlike the other operating systems
covered in this Guide, I will be providing a program that can be used to
automatically configure the system for you. I will still be explaining each
step for those who don't want the automated option, however.
--------------------------------------------------------------------------------
- 4.1.1 Hardware Configuration -
--------------------------------------------------------------------------------
If you are sharing a connection to the Wii over Ethernet, then you don't have
to do anything other than physically connecting the console to the NIC in your
computer with a cross-over cable.
However, if you wish to use WiFi, there is a bit more to it than that.
First of all, you need to have a WiFi device that has good Linux support. This
isn't always easy. Getting your WiFi device to work properly under Linux is
well out of the scope of this document, so I can't help you there.
What is important here is that, whatever type of drivers your device is using,
that it supports Master mode. Master mode is an operating mode that allows your
WiFi device to work as an access point, rather than a client device as it
normally does.
While many drivers support this, not all do. Fortunately, it is very easy to
test if your device supports Master mode, you simply have to run the following
command (where wlan0 is the name of your WiFi device):
bash# iwconfig wlan0 mode Master
If you get an error along the lines of "Operation not supported", then your
drivers don't support Master mode.
If you get nothing back, and it just returns to a new line on the console, then
your card is now in Master mode, and should work fine.
Now, we have the WiFi device acting as an AP, but we still need to configure it
to actually be able to connect to it.
First we need to give it an SSID:
bash# iwconfig wlan0 essid "LINUX_AP"
The SSID can be whatever you chose. Choose something that is short and easy to
remember.
You should also set the channel, as there is no telling what your particular
driver is going to initialize it to.
bash# iwconfig wlan0 channel 6
Channel 6 is fine for the US, but in other countries, WiFi APs run on different
channels, so you may need to adjust the channel based on your region.
This will complete the actual hardware setup. But we still have a ways to go.
Now we need to configure the interfaces with TCP/IP settings, and configure
routing between them.
--------------------------------------------------------------------------------
- 4.1.2 Software Configuration -
--------------------------------------------------------------------------------
Next, we are going to go over some of the required and optional software
configurations to actually get the Wii online.
For the purposes of this example, we are going to assume that you already have
a working Internet connection in place through your Ethernet card, either by
being directly connected to a wired router, a broadband modem, or some other
network.
However, if you want to connect over some other interface; such as a dial-up
modem or WiFi card, then you only need to replace "eth0" with the name of your
source interface.
--------------------------------------------------------------------------------
- 4.1.2.1 TCP/IP -
--------------------------------------------------------------------------------
You will need to decide what IP range to use for your new network. You will
need to use an IP range that is both in the Class C range and is NOT the range
your source interface is in.
A good range that follows these rules is 192.168.2.x. Most routers are setup
to use either 192.168.0.x or 192.168.1.x, so 192.168.2.x should be out of the
range that any router would have assigned.
So for this document, I will use 192.168.2.x as the IP range for the Wii's new
network. If this does not fit your network for whatever reason, you can of
course change this, but keep in mind the two rules you must follow.
You will now want to give your destination interface this new IP. To do so, you
simply need to run a command such as this:
bash# ifconfig wlan0 up 192.168.2.1
This will bring up TCP/IP on the WiFi card, and give it the IP 192.168.2.1. If
you are sharing out a connection over Ethernet, simply substitute "eth0" for
"wlan0" in the previous command.
Now that we have an IP for our destination interface, let's get the rest of the
networking sorted out.
--------------------------------------------------------------------------------
- 4.1.2.2 Routing -
--------------------------------------------------------------------------------
The next thing you need to get setup is a route between your source and
destination interfaces.
To do this, we will be using something called IP masquerading or NAT (Network
Address Translation). This allows one computer with an Internet connection to
share that Internet connection with many clients.
To do this in Linux, you will need to use iptables. To use iptables, you will
need to be running a kernel release of 2.4.x or above.
The following commands will setup NAT between your Ethernet card and WiFi card:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
We now have a connection bridged between your computer's Internet connection,
and the WiFi AP. Again, simply substitute your interface names where necessary.
Next up, we need to give the Wii an IP. To do this we have two options, either
setting it up manually, or using DHCP. As manual configuration is the quicker
of the two, let's cover that first.
--------------------------------------------------------------------------------
- 4.1.2.3 Static IP -
--------------------------------------------------------------------------------
To setup a static IP follow Section 2.1.1.3, "Manual Configuration".
Entering the following information will get the Wii connected in our example
setup:
SSID
LINUX_AP
IP Address
192.168.2.2
Subnet Mask
255.255.255.0
Gateway
192.168.2.1
Primary DNS/Secondary DNS
4.2.2.2
4.2.2.3
(These are public DNS servers which should work for most people)
After entering this data, save the configuration and run the Connection Test.
If everything has gone well so far, it will pass.
Congratulations, you have just setup a basic software AP, and avoided having
to buy a proprietary device! Hooray for open source!
--------------------------------------------------------------------------------
- 4.1.2.4 DHCP -
--------------------------------------------------------------------------------
To use DHCP, you will need to have the DHCP server installed on your machine.
The easiest way to check this is to run "which dhcpd", which should give a
response like:
bash# which dhcpd
/usr/sbin/dhcpd
If you get a message like that, your system already has the DHCP server
installed. If you get an error, then you will need to install it.
The installation process will depend on what distro you are running, so consult
it's documentation to find out how to install the DHCP server package.
Now that we have the DHCP server, we will need to feed it a configuration file
so it can setup a DHCP pool to use, as well as auxiliary information such as
the default gateway and DNS servers.
Take a look at the following section to see the complete DHCP configuration
file.
--------------------------------------------------------------------------------
- 4.1.3 The Complete Wii_Route Script -
--------------------------------------------------------------------------------
So here it is, the complete script that will automatically setup NAT between
two interfaces on your machine to get your Wii online through either Ethernet
or WiFi.
The reason I give this last and detail everything first is that I want you
to understand what is going on here, so that you can fix any problems that
may come up. I also want you to understand the requirements for this script
to work (see Section 4.1.1, "Hardware Configuration").
If you think you have everything you need, then copy the following text to a
file named "Wii_Route.sh"
#!/bin/sh
#
# Wii_Route
VER="Version 1.0"
# A script to share out an Internet connection over both WiFi and Ethernet,
# based on DS_APv2.
# Written by TJ Nardi for the Wii Networking Guide
# Send bugs, questions, and comments to MS3FGX@gmail.com
#-CHANGELOG-
# v1.0, First Release
#-------------------------User Configuration Section---------------------------#
# DHCP Configuration:
# Disable/enable DHCP server (0 = Disable, 1 = Enable)
# Enable this if you want to automatically configure the Wii with correct
# TCP/IP information. The default is 1, Enable.
USEDHCP=1
# DHCP configuration file
# If you want DHCP support, you need this file. You need to give both the
# path and file name. The default is "DHCP.conf", located in the current
# directory.
CONFFILE=./DHCP.conf
# Hardware Configuration:
# Operating Mode (0 = Ethernet, 1 = WiFi)
# This is a very important option. It selects which mode Wii_Route runs in,
# either "Ethernet" or "WiFi". This determines the type of connection you
# want to use on the Wii, not the type of connection you use to connect this
# computer to the Internet. If you select the wrong option here, this
# script will not run properly. The default is mode 0, Ethernet mode.
OPMODE=0
# Source Interface
# This is the interface connected to the Internet. This can be any interface
# on your machine. The default is your primary Ethernet card, eth0.
SRC="eth0"
# Destination Interface
# This is the device that will be used to share the connection to the
# Wii. This can either be an Ethernet card, or a WiFi device capable of
# going into Master mode. Use the test mode to make sure your WiFi hardware
# is compatible if you want to use WiFi. Also, make sure you set this option
# correctly in regards to the Operating Mode selection. The default is your
# secondary Ethernet card, eth1.
DST="eth1"
# Bring up source with DHCP before starting AP (0 = Disable, 1 = Enable)
# Enable this if you want the source interface to be configured with DHCP
# before the script runs. Usually you don't need to do this, so the default
# is 0, Disable.
SRCUP=0
# DHCP hostname (only used if above is enabled)
# If you want to configure your source interface with DHCP, this will be the
# hostname it sends to the DHCP server. Useful if you want to see this
# machine in your router's DHCP logs.
DHCPHOST="WiiRoute"
# Destination IP
# This is the IP address given to the destination interface. The default
# should be fine, you shouldn't change this unless you know what you are
# doing.
IPADDR="192.168.2.1"
# WiFi Configuration:
# SSID
# The name that your new wireless network will go by. If you don't see this
# come up when you are searching for an AP, something is probably wrong.
SSID="LINUX_AP"
# Channel
# 6 should be a safe default, but if you get interference, you might want
# to change it to something else.
CHANNEL=6
# DS Compatibility Mode (0 = Disable, 1 = Enable)
# Enable this option if you are having problems connecting to Wii_Route with
# a Nintendo DS. This will tweak the settings a bit to communicate better
# with the DS. The default is 0, Disable.
DSCOMPAT=0
#-------------------------No need to edit past this line-----------------------#
# Values for debug
MODE="Master"
DHCPTIME=20
ErrorHandler ()
{
# Takes two arguments. The first is the form of error, the second is
# the actual error text to display to the user.
# Error text must be 52 characters long.
if [ $1 == ERR ]; then
# This is a critical error, game over.
echo ""
echo "+----------------------------------------------------+"
echo "| ERROR! |"
echo "| |"
echo "|$2|"
echo "| |"
echo "| This is a critical failure. The script must abort. |"
echo "+----------------------------------------------------+"
# Bail out
exit 2
fi
if [ $1 == WARN ]; then
# This is only a warning, we can continue after this, but things might not
# work right.
echo ""
echo "+----------------------------------------------------+"
echo "| WARNING! |"
echo "| |"
echo "|$2|"
echo "| |"
echo "| This is a non-critical failure. The script will |"
echo "| continue, but may not operate properly. |"
echo "+----------------------------------------------------+"
fi
}
VerifyCommand ()
{
# Checks to see if given command exists
# First argument determines if it will print message, second is the
# command to check
if which $2 > /dev/null 2>&1; then
if [ $1 == 1 ];then
echo "OK"
fi
return 1
else
if [ $1 == 1 ];then
echo "FAILED"
fi
return 0
fi
}
ConfigSRC ()
{
# Bring up source interface with DHCP
VerifyCommand 0 ifconfig
if [ $? == 1 ];then
echo "Setting up ${SRC}..."
echo " Checking if DHCP is running..."
# Check if PID file exists, hopefully this catches all distros
if [ -f /var/run/dhcpcd-${SRC}.pid -o -f /etc/dhcpc/dhcpcd-${SRC}.pid ]
then
# If dhcpcd has already been run on this interface, don't run it again
ErrorHandler WARN " Interface already appears to be configured! "
else
# If dhcpcd has not been run, then run it now
echo " OK, DHCP not running on ${SRC}"
VerifyCommand 0 dhcpcd
if [ $? == 1 ];then
echo " Starting DHCP on ${SRC}..."
# Get DHCP IP
dhcpcd -t ${DHCPTIME} -d -h ${DHCPHOST} ${SRC}
else
# If dhcpcd is not found, print error message
ErrorHandler ERR " dhcpcd not found! Please install it and try again. "
fi
fi
else
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
}
ConfigDST ()
{
# Set IP for DST Interface
VerifyCommand 0 ifconfig
if [ $? == 1 ];then
echo "Configuring TCP/IP on ${DST}..."
if ifconfig ${DST} up ${IPADDR} > /dev/null 2>&1; then
echo " Interface ${DST} given IP of ${IPADDR}"
else
ErrorHandler ERR " Unable to bring up TCP/IP on ${DST}! Wrong device? "
fi
else
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
}
ConfigWiFi ()
{
# Setup the WiFi hardware
VerifyCommand 0 iwconfig
if [ $? == 1 ];then
echo "Setting up ${DST}..."
echo " +---------------------+"
# Set mode
if iwconfig ${DST} mode ${MODE} > /dev/null 2>&1; then
echo " | Mode | ${MODE}"
# Set SSID
iwconfig ${DST} essid ${SSID}
echo " | SSID | ${SSID}"
# Set channel
if iwconfig ${DST} channel ${CHANNEL} > /dev/null 2>&1; then
echo " | Channel | ${CHANNEL}"
else
# Show a warning if card failed to change channels
ErrorHandler WARN " Failure while attempting to change WLAN channel! "
fi
# Set data rate
# Check for DS compatibility mode to determine rate.
if [[ ${DSCOMPAT} = "1" ]]; then
RATE="2M"
else
RATE="Auto"
fi
if iwconfig ${DST} rate ${RATE} > /dev/null 2>&1; then
echo " | Rate | ${RATE}"
else
# Show a warning if card failed to change rate
ErrorHandler WARN " Failure while attempting to change WLAN rate! "
fi
echo " +---------------------+"
else
# Show an error if card failed to go into master mode
ErrorHandler ERR " This WLAN device will not work with Wii_Route. "
fi
else
ErrorHandler ERR " iwconfig not found! Is wireless-tools installed? "
fi
}
StartNAT ()
{
# Enable NAT through IPtables
VerifyCommand 0 iptables
if [ $? == 1 ];then
echo "Setting up Network Address Translation..."
iptables --table nat --append POSTROUTING --out-interface ${SRC} -j MASQUERADE
iptables --append FORWARD --in-interface ${DST} -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
else
ErrorHandler ERR " iptables not found! Make sure /sbin is in your path"
fi
}
StartDHCP ()
{
# Configure and start the DHCP server, if it has been enabled by the user
VerifyCommand 0 dhcpd
if [ $? == 1 ];then
echo "Setting up DHCP Server..."
# Make sure the server isn't already running
if [ -f /var/run/dhcpd.pid ]; then
ErrorHandler WARN " dhcpd is already running! "
else
# Check that config file is where it is supposed to be
if [ -f ${CONFFILE} ]; then
# Start dhcpd with DST interface and config file
dhcpd ${DST} -cf ${CONFFILE} 2> /dev/null
else
ErrorHandler ERR " Configuration file not found! Cannot configure DHCP"
fi
fi
else
ErrorHandler ERR " dhcpd not found! Please install dhcpd and try again"
fi
}
SystemTest ()
{
# Run some basic tests to verify and hardware capability and system sanity
clear
echo "Wii_Route Diagnostic Mode"
echo
echo "Hardware Configuration"
echo "---------------------------------"
if [[ ${OPMODE} = "0" ]]; then
echo "Operating Mode: Ethernet"
else
echo "Operating Mode: WiFi"
fi
echo "Source Interface: ${SRC}"
echo "Destination Interface: ${DST}"
if [[ ${OPMODE} = "1" ]]; then
echo -n "Checking for Master mode on ${DST}: "
if iwconfig ${DST} mode master > /dev/null 2>&1; then
echo "OK"
else
ErrorHandler ERR " This WLAN device will not work with Wii_Route. "
fi
fi
echo
echo "System Checks"
echo "---------------------------------"
echo -n "Checking for ifconfig: "
VerifyCommand 1 ifconfig
if [ $? == 0 ];then
ErrorHandler ERR " ifconfig not found! Make sure /sbin is in your path"
fi
echo -n "Checking for iwconfig: "
VerifyCommand 1 iwconfig
if [ $? == 0 ];then
ErrorHandler ERR " iwconfig not found! Is wireless-tools installed? "
fi
echo -n "Checking for iptables: "
VerifyCommand 1 iptables
if [ $? == 0 ];then
ErrorHandler ERR " iptables not found! Make sure /sbin is in your path"
fi
echo -n "Checking for dhcpcd: "
VerifyCommand 1 dhcpcd
echo -n "Checking for dhcpd: "
VerifyCommand 1 dhcpd
echo -n "Checking for DHCP Configuration: "
if [ -f ${CONFFILE} ]; then
echo "OK"
else
echo "FAILED"
fi
}
# This is where execution actually starts.
# Make sure the user is running with root permissions
if [ "$UID" -eq "0" ]
then
# OK, the user has root permissions, let's get rolling...
# Determine operating mode based on the argument used to start Wii_Route
case "$1" in
'start')
# This starts Wii_Route
# Print the boilerplate
clear
echo "Wii_Route ${VER}"
echo "------------------------------------------------------"
if [[ ${OPMODE} = "0" ]]; then
echo "Starting Wii_Route in Ethernet Mode..."
else
echo "Starting Wii_Route in WiFi Mode..."
fi
echo
# Setup SRC
# If enabled, setup source interface
if [[ ${SRCUP} = "1" ]]; then
ConfigSRC
else
echo "Skipping Source Interface Configuration..."
fi
# Setup DST
# If WiFi, then configure the card first
if [[ ${OPMODE} = "1" ]]; then
echo
ConfigWiFi
fi
echo
ConfigDST
# Start NAT
echo
StartNAT
# If enabled, setup DHCP
echo
if [[ ${USEDHCP} = "1" ]]; then
StartDHCP
else
echo "Skipping DHCP Configuration..."
fi
echo
echo "Wii_Route Started!"
exit 1
;;
'stop')
# This stops Wii_Route
# Print the boilerplate
clear
echo "Wii_Route ${VER}"
echo "------------------------------------------------------"
echo "Stopping..."
echo
if [[ ${OPMODE} = "1" ]]; then
echo "Setting ${DST} to sane defaults..."
iwconfig ${DST} mode managed channel auto rate auto 2>/dev/null
echo "Done!"
echo
fi
echo "Shutting down ${DST}..."
ifconfig ${DST} down 2>/dev/null
echo "Done!"
echo
echo "Shutting down DHCP server..."
# Kill it, then remove PID, since it doesn't seem to do so on it's own
killall dhcpd 2>/dev/null
rm /var/run/dhcpd.pid 2>/dev/null
echo "Done!"
exit 1
;;
'test')
SystemTest
;;
*)
echo "usage: $0 start|stop|test"
esac
# If the user doesn't have root permissions, they end up here
else
echo "Sorry, you need to have root permissions to run this script."
echo "Either login as root, or run this though sudo. If using sudo,"
echo "make sure /sbin is in your path."
fi
# EOF
Now, you will want to make the file executable, so run the following command in
the directory where Wii_Route.sh is saved:
bash# chmod +x ./Wii_Route.sh
Now, for the DHCP section to wor, you will need to have a DHCP configuration
file.
Paste the following lines into a file named "DHCP.conf" and save it in the
same directory as Wii_Route.sh (the location of the DHCP file can be changed in
the configuration if you wish).
# DHCP.conf
#
# A simple DHCP configuration file to go
# with the Wii_Route script.
#
#-CHANGELOG-
# v1.0, First Release
#
# Global Options
# This line defines the DNS servers the Wii will use
# feel free to change these to those of your ISP
option domain-name-servers 4.2.2.2, 4.2.2.3;
ddns-update-style none;
# IP Range
subnet 192.168.2.0 netmask 255.255.255.0
{
# This will allow for 50 clients
range 192.168.2.100 192.168.2.150;
option routers 192.168.2.1;
}
# EOF
You will want to read over the top section of Wii_Route.sh and make sure those
settings are correct in relation to your hardware and LAN setup. You have to
make sure the destination interface is in a different IP range than your
current network (source interface). I wrote the scripts to use the 192.168.2.x
network, since I know of know home router that uses this network (they mainly
use 192.168.1.x, and some use 192.168.0.x). If anyone has a home router that
uses the 192.168.2.x network, please send me an email so I can modify the
scripts to use something else.
The top section of the script also lists a few optional features that you might
want to use. The comments explain them pretty well I think, so just read what
I have written before each setting, and you should be able to understand
everything.
Generally speaking, the default settings for both the IP ranges and features
should work in most situations.
Also, as with most things involving system configuration in Linux, you will
need to run the Wii_Route.sh script as root, or at least though sudo. The
script will warn you if you don't have the proper permissions to be running it.
If you are using sudo, make sure that /sbin is in your path, as most of the
system configuration programs needed are in there.
As for the actual operation of Wii_Route.sh, there are three arguments that it
will take which make it do different things. If you run Wii_Route.sh without
any arguments, you will get output that looks like this:
bash# usage: ./Wii_Route.sh start|stop|test
Going over each mode briefly:
Start:
This starts NAT between the source and destination interfaces, and activates
your WiFi device if you are operating in WiFi mode.
file.
Stop:
This will turn off the destination interface (if it is a WiFi device, it will
return it to a normal operating mode as well), and stop the DHCP server if you
enabled it in the first place.
Test:
Handy for troubleshooting, this will run through some basic tests to see if you
have all of the required programs installed, and if your hardware is configured
properly. This will also test if your WiFi card supports Master mode.
After you have the files installed and you think everything is correctly setup,
run "./Wii_Route test" and see if you have any failures. You should also verify
that the interfaces it is using are correct.
If everything looks good there, run "./Wii_Route.sh start" and hope for the
best.
--------------------------------------------------------------------------------
- 4.2 Windows -
--------------------------------------------------------------------------------
Windows is a troublesome one. There is simply no easy way to share out an
Internet connection over WiFi. It isn't impossible, it is just complicated.
On the other hand, sharing the connection out over Ethernet is no problem. But
the method to share a connection over Ethernet is completely different than
over WiFi. So they will be separated into their own Sections, rather than
covered in one large Section as in Linux and Mac OS.
--------------------------------------------------------------------------------
- 4.2.1 Wireless -
--------------------------------------------------------------------------------
I swear, I am really working on this.
[INCOMPLETE]
--------------------------------------------------------------------------------
- 4.2.2 Wired -
--------------------------------------------------------------------------------
Sharing an Internet connection over a local network is pretty easy. Windows
includes what is known as ICS, or Internet Connection Sharing, for this
purpose. This is basically Microsoft's own little take on NAT. It allows you
to quickly setup a configuration where your primary Internet connection is
routed out to a secondary interface (usually a network card), and a DHCP server
is automatically setup for you.
The following information is based on Windows XP, but should be applicable to
all versions of Windows since Windows 98 SE. The actual steps will be slightly
different in previous versions of Windows, and in 98 SE you will actually have
to install ICS from the Windows CD, but the overall concept will remain the
same.
--------------------------------------------------------------------------------
- 4.2.2.1 Hardware Configuration -
--------------------------------------------------------------------------------
The first thing you need to figure out is which network connection you are
going to setup ICS on. This connection can be anything, a NIC connected to a
router, a USB modem, a WiFi card, it could even be a dialup connection. Any
interface that is able to properly connect to the Internet can be used.
Generally you would use your primary Internet connection, but again, you can
use whatever one you like. Once you figure out which interface you want to use
as the source, it might be helpful to rename it so you can keep track of which
one it was.
Next you need to figure out which device the Wii will actually be connecting
to. Unlike the source interface, this is limited to being a standard NIC. For
example, if you have two NICs and one is connecting you to the Internet, then
you would connect the Wii to the second one, which is likely going to be called
something like "Local Area Connection 2". You should definitely rename this
connection for future reference, call it something like "Wii Connection".
Now that we have decided on the interfaces we are using, lets go ahead and
actually configure ICS.
--------------------------------------------------------------------------------
- 4.2.2.2 Configuring ICS -
--------------------------------------------------------------------------------
Click "Start", then "Control Panel", when it opens up, click on "Network and
Internet Connections". Finally, click on "Network Connections" down on the
bottom.
Here you will see all of the networking devices on your computer. Remember the
device you determined to be the one connecting you to the Internet? Well, right
click on that device, and click on "Properties", then click on the "Advanced"
tab.
On this page you should see a heading called "Internet Connection Sharing".
Under it, you will want to click the box next to "Allow other network users to
connect through this computer's Internet connection".
There is also an option that says "Establish a dial-up connection whenever a
computer on my network attempts to access the Internet". If you are sharing out
a connection from a dial-up modem, you will want to enable this. It allows your
computer to automatically dial out and connect to the Internet whenever a
computer (or in this case, a Wii) wants to get on the Internet. If you don't
have this enabled, you will need to manually connect up to the Internet on the
computer running ICS before you try to get online with the Wii.
Now click on "OK". A message should pop up telling you that the NIC will take
the IP of 192.168.0.1. Just click "Yes".
This completes the ICS configuration, all that is left to do is connect the
Wii. Once the hardware is connected, you simply need to start a new profile
and select "Wired" as described in Section 2.1.1, "New Connection Profile".
--------------------------------------------------------------------------------
- 4.3 Mac OS -
--------------------------------------------------------------------------------
Compared to the other operating systems in this Guide, sharing out a connection
is by far the easiest to do in Mac OS.
With only a few clicks you can select between using Ethernet or WiFi. Because
of this, the two methods are covered in the same section, as the process is
almost completely the same.
--------------------------------------------------------------------------------
- 4.3.1 Configuring Internet Sharing -
--------------------------------------------------------------------------------
To enable "Internet Sharing", you first go to the "System Preferences" menu,
then click on "Sharing", under "Internet & Network".
You should now see a bar with three sections: "Services", "Firewall", and
"Internet". For the time being, we are only interested in the "Internet" tab,
so click that.
You will now be on the "Internet Sharing" page. You will see a box that lists
the networking devices on your Mac. You should see at least two entries here.
You may or may not have more devices listed, but you need at least two, one to
connect the Internet, and the other to connect to the Wii itself.
Now, there will be a line saying "Share your connection from:", followed by a
drop down box. This is the source interface for "Internet Sharing", select
whatever device that you use to connect out to the Internet.
Under the section that says "To computers using:", you need to click the box
next to the device you wish to use to share the connection out. You can either
select one of the Ethernet cards, or you can select "AirPort" if you have an
AirPort card installed in your machine. When you select the destination device,
it will link the two and establish routing between them.
That is all for the "Internet Sharing" configuration.
Clicking "Start" would activate "Internet Sharing", and begin routing packets
between the two interfaces. However, if you selected "AirPort", you will first
need to configure the WiFi settings. If you have selected an Ethernet device,
you can just click on "Start" and then proceed to Section 4.3.4, "Connecting
the Wii".
--------------------------------------------------------------------------------
- 4.3.2 Configuring AirPort Options -
--------------------------------------------------------------------------------
On the "Internet Sharing" page, click on the button "AirPort Options...".
The first option you will see is going to be "Network Name". This is the SSID
of the WiFi network you are about to create. Set this to whatever you like, but
just make sure you remember it.
Next you will see "Channel". Leaving this on "Automatic" should be fine, but if
you experience problems with interference you might want to try setting the
channel manually.
Moving on, you will see the section dealing with encryption. If you want to
enable WEP on your new soft AP, this is where you would configure it. After
clicking the box next to "Enable encryption (using WEP)", you would then enter
a key to use. If you are planning to use 128 bit WEP then enter in a 13
character key, and if you want to use 40 bit WEP then enter a 5 character key.
If it is not obvious, you should use 128 bit encryption, but the choice is
yours.
After you have made these settings, click "OK". You have now configured the
AirPort card. If you are following this Guide exactly, you should now be back
on the "Internet Sharing" page that you started from. Everything should be
setup correctly now, so click on "Start" to enable "Internet Sharing".
--------------------------------------------------------------------------------
- 4.3.3 Connecting the Wii -
--------------------------------------------------------------------------------
The problem here is that the Wii, just like the DS, does not seem to work with
the OSX DHCP server, which means it can not automatically configure itself
against your newly created soft AP.
I am working on a way around this problem, but for the time being, you will
need to configure your Wii manually.
To configure a manual IP for the Wii, you need to find the IP for your
destination interface. Take a look at Sections 6.3.3 and 6.4, which will guide
you on how to find the current TCP/IP information and adapt it so you can enter
it into the Wii.
For an easier way to find the TCP/IP settings for a particular device, you can
go to "System Preferences", click "Network", then select the interface you are
interested in from the device listing. Click on the "TCP/IP" tab, and you will
be presented with an easy to understand listing of the relevant TCP/IP
information.
By default, the destination interface should have an IP address of 10.0.2.1,
with the subnet mask 255.255.255.0. So the appropriate settings for the Wii
would be as follows:
+--------------------------------------------------+
| IP Address | 10.0.2.2 |
|--------------------------------------------------|
| Subnet Mask | 255.255.255.0 |
|--------------------------------------------------|
| Default Router | 10.0.2.1 |
+--------------------------------------------------+
Once you have determined the proper IP settings to use, follow Section 2.1.1.3,
"Manual Configuration". You will enter the SSID of your AirPort card (if you
are using WiFi), then the IP information you got from your system. You will
also need to enter in your WEP key if you chose to enable encryption under the
"AirPort Options" menu.
After that, run the "Connection Test" and hope for the best.
--------------------------------------------------------------------------------
- 4.4 Nintendo Wi-Fi USB Connector -
--------------------------------------------------------------------------------
While the Wi-Fi USB Connector is designed to make getting online as easy as
possible for people without being too technical, there are still some advanced
things you can do with it, though completely unintentional on Nintendo's part.
--------------------------------------------------------------------------------
- 4.4.1 Using the Nintendo Wi-Fi USB Connector with AOL -
--------------------------------------------------------------------------------
It seems like a lot of people are asking this same question, so I decided to
add it to the Guide.
The key to using the Wi-Fi Connector (and any other soft AP) with AOL is to not
use the official AOL software to connect. You must create a new connection, and
use that to log in.
To do this in Windows XP, you will first click "Start", then "Control Panel",
then "Network and Internet Connections", finally, click on "Network
Connections".
You will now see a screen that shows your current Ethernet connections. On the
top left hand corner of this window, you should see a small box that says
"Network Tasks". Within that box there is an option that says "Create a new
connection", click it to start the "New Connection Wizard".
The first page of the wizard describes what it can help you do. Click "Next",
and it will ask what kind of connection you want to make. Make sure the radio
button next to "Connect to the Internet" is selected (by default, it is). Then
click "Next".
Select "Set up my connection manually", and click "Next".
Select "Connect using a broadband connection that requires a username and
password", and click "Next".
The wizard will then prompt you for the name of this new connection. You can
use anything you like, but it is probably a good idea to make it something
you will remember later. Naming it "AOL WFC" would not be a bad idea. After you
have entered the name, click "Next".
Now you will need to enter your AOL username. Enter your username, with the
aol.com suffix (I.E. username@aol.com). You can then either enter your password
here to have it saved, or leave the box blank so that you will be prompted for
the password every time it tries to connect. It doesn't matter either way for
the purposes of the Wi-Fi USB Connector, so do whatever you feel comfortable
with.
After entering in your credentials, then remove the check for "Make this the
default Internet connection", but leave the other two options enabled. Then
click "Next".
On the final screen, you will see an overview of the setup for the connection
you just made. Look over it to see if it appears correct, if not, go back and
check everything. There is also an option to "Add a shortcut to this connection
to my desktop". Selecting this would probably save you some trouble down the
line. If you are happy with everything, click "Finish".
Now, when you want to use this new connection, you would either click the
shortcut the wizard made, or select it from the "Network Connections" screen.
After you have signed into AOL with this new connection, go ahead and install
the Nintendo Wi-Fi USB Connector, and all should be well.
A little note, I said to make sure to disable "Make this the default Internet
connection" so that you could still use the AOL software to get on the Internet
normally. If you would like to bypass the AOL software completely, keeping that
option enabled will make that your primary Internet connection, and allow you
to use the Internet without the AOL software.
================================================================================
= 5. Network Security =
================================================================================
Security, it is an elusive beast to be sure. It's a topic that many people do
not truly understand, which puts them at great personal risk in today's modern
world.
Perhaps an FAQ for a game system is not exactly the place to get too heavy on
users for not using good security practices. I realize this, and I also realize
I run the risk of getting off-topic with such a section in this Guide (in fact,
I have dialed this section back considerably from it's DS counterpart).
But I really do believe this information is critical, and just because you are
having fun playing games doesn't mean you should get lax with common sense.
--------------------------------------------------------------------------------
- 5.1 WiFi Security -
--------------------------------------------------------------------------------
Wireless security is essentially a myth. The very concept of sending data over
the air using hardware that any consumer can purchase cheaply and without a
license makes it a dangerous technology.
Over the years, many different technologies have been developed to help
increase the security of WiFi networks. It is only until very recently where
they have reached the level at which we can run a WiFi network without too much
concern.
Obviously, not everyone can afford the latest and greatest hardware, so not
everyone has access to these new technologies. Because of this, it is important
to cover even the older technologies.
Here I will explain what each technique does, why it works; and at the same
time, why it doesn't.
--------------------------------------------------------------------------------
- 5.1.1 Cloaked SSID -
--------------------------------------------------------------------------------
Cloaking simply means that your WiFi device does not publicly broadcast the
SSID. This will cause general purpose WiFi devices and software to not list it,
essentially hiding it from people who did not know the network was there.
The problem with this feature is that it can make setting up new devices
difficult. The Wii does not list networks unless their SSID is being broadcast;
so to configure it with such a network, you would either need to manually set
it up, or temporarily enable SSID broadcasting.
So how effective is this in the real world? Well, not very, unfortunately. It
doesn't do a whole lot more than make configuring your own devices a bit more
complicated.
If your goal is to block your neighbor from casually connecting up to your
network (perhaps by mistake), a cloaked SSID would have the same effect on
them, their hardware would not show the network. If you are dealing with a
person that is not actually trying to access your network, but perhaps just
doesn't know any better, this would deter them. But to anyone more advanced, it
is nothing more than a parlor trick.
The flaw with cloaked SSIDs is that every time a client device authenticates
or deauthenticates, the SSID is sent out in the 802.11 frames. Good software
like Kismet can pick up on this, and find the SSID even if you have enabled
cloaking.
This makes cloaked SSIDs all but completely useless as a serious security
device.
But hey, it sounds cool, right?
--------------------------------------------------------------------------------
- 5.1.2 MAC Filtering -
--------------------------------------------------------------------------------
MAC stands for Media Access Control, it is a unique identity that all network
devices must have. MAC addresses are part of the second level of the OSI Model,
and are mapped to IP addresses on the third layer of the OSI Model via ARP. MAC
addresses are an essential element to TCP/IP, and it is vital that both the MAC
addresses and ARP tables are valid for TCP/IP to function properly.
By design, there can never be two devices with the same MAC address (though as
with everything, accidents do happen, I have heard about NICs shipping from the
factory with identical MACs in the past), so they can be used as a form of
physical security. Locking out all but specific MAC addresses can secure a
network from unauthorized access.
Well...in theory, anyway.
In concept, MAC filtering is a bulletproof approach to wireless security. In
the real world however, it is possible to "spoof" (fake) the MAC address of the
network card in a computer. That means an attacker can gain access to a MAC
filtered AP simply by sniffing the network traffic for an allowed MAC and
cloning it to his own network card.
To the AP, the attacker's computer would appear to be one of those allowed to
access the network, and therefore get full access. At first glance, it would
appear that MAC filtering is almost completely useless against a knowledgeable
attacker.
But, not all is lost. As TCP relies on sane MAC addresses to function properly,
two MAC addresses cannot exist on the same network without serious problems
coming up. Because of this, a MAC can only be reliably spoofed when the card
that actually owns that MAC address is not active. This obviously limits the
attacker's access, and needs to be circumvented if their goal is to setup a
long-term connection to the network.
To do this, the attacker would either have to disable MAC filtering, or add
the real MAC of his network card to the list of authorized devices. Either
action will not only make his presence known, but would also require the
attacker to get access to your router or AP's configuration (more on that in
Section 5.2, "Securing your WiFi Router").
Also, if the only WiFi device accessing your MAC filtered router is the Wii,
you are in a bit better shape, since you won't be authenticated with the AP
nearly as much with the Wii as you would be with a computer. The attacker would
have to get lucky enough to be sniffing your AP at the same time you were
playing a game, to be able to get the MAC of your Wii.
If the attacker can't sniff a MAC that is authorized to connect to the AP,
there is no way they can get though the MAC filtering.
So with the proper application, you can see a realistic benefit from MAC
filtering. Just make sure to keep an eye on the MAC filtering configuration on
the router, and limit the amount of time you spend authenticated to the AP, if
possible.
--------------------------------------------------------------------------------
- 5.1.3 Encryption -
--------------------------------------------------------------------------------
Encryption is the most effective method of defending against an attacker from
connecting to your network.
While on the DS we were limited to the very week WEP, the Wii supports all
current forms of WiFi encryption. Still, even the highest forms of encryption
can be circumvented if not deployed properly.
The following information is very general in nature, and will not necessarily
apply to all forms of encryption. However, for the sake of simplicity, I will
list them all under the general concept of "Encryption".
--------------------------------------------------------------------------------
- 5.1.3.1 Use a Strong Key -
--------------------------------------------------------------------------------
A universal truth with all passwords or keys is that anything in the dictionary
is inherently insecure. Such passwords can be quickly cracked with so called
"dictionary attacks", which (as the name implies) go though all of the words in
a predetermined dictionary file to attempt to guess the correct password.
Dictionary attacks are many many times faster than actually cracking the key
by decrypting it. If you can successfully protect yourself from such attacks,
you will instantly make your network more difficult to compromise.
There are a number of tips to protect yourself from dictionary attacks:
Be sure to never use a word that can be found in the dictionary. This includes
names of people or places.
Obfuscate your key with alternating capital letters and numbers.
To really create a secure key, add in some symbols or even non-printable Hex
characters.
Using these tips will help you create a key that is much more secure than just
plain text. For example, rather than using "password", you could use
"\[P4$5W@r|)]/".
Try finding that in Webster's.
--------------------------------------------------------------------------------
- 5.1.3.2 Use the Highest Encryption Possible -
--------------------------------------------------------------------------------
This one is fairly obvious. Use the highest encryption that your hardware
supports.
If you are using 64 bit WEP, you are a much easier target for an attacker, as
it can be cracked in literally minutes. If you are using WPA with a strong key
you are in much better shape.
That is why it is important to use the highest form of encryption that all of
your devices will support. You are limited here by your most outdated piece of
hardware. All modern routers are going to support WPA, but some older devices
may not (as covered previously, the Nintendo DS only supports WEP).
At least this time around, the Wii is not going to be the limiting factor. You
just have to find out what is the best encryption every one of your WiFi
devices supports, and then enable that on your router.
--------------------------------------------------------------------------------
- 5.1.3.3 Limit your Bandwidth -
--------------------------------------------------------------------------------
A lot of data needs to be sniffed out of the air to successfully crack most
forms of encryption. If you can limit the amount of data you transfer, you
can make it that much more difficult to crack.
Unless your devices really need to be wireless, connect them via Ethernet. If
you can get it down so that only one (or even none) of your devices is
connected to your WiFi network, then you will sharply reduce the amount of data
you are sending though the air.
If the only device that ever uses your WEP protected AP is a single Nintendo
Wii, it would take a very, very long time to generate a significant amount of
data.
How long? Well, let's see:
On average, it takes about 700 MB worth of sniffed traffic to crack a 128 bit
WEP key.
Meanwhile, let's say the only thing you do on your Wii is download SNES games
from the Virtual Console. Let's say they are about 3 MB each.
Doing some simple math, you would have to download about 233 games to generate
700 MB of traffic. This is of course a very rough estimate, and doesn't take
a number of things into account, but it gets the point across.
Clearly, no casual attacker is going to sniff your connection for months just
to get online. After a day or two, he is going to move on to an easier target.
--------------------------------------------------------------------------------
- 5.1.3.4 Rotate your Key -
--------------------------------------------------------------------------------
As covered in the previous section, cracking a key requires significant data to
be transferred over the network for the attacker to sniff and analyze. Because
of this, the process of cracking the key can take a long time, depending on the
rate of data being transferred over your network.
Therefore, you can conceivably change the key often enough that it isn't
possible to generate sufficient data to successfully crack it before it is
changed again.
If you were to change out your key every 25 days or so, by the time an attacker
had collected an appreciable amount of data, you would already be using a new
key, making his collected data completely useless.
--------------------------------------------------------------------------------
- 5.1.3.5 Combine Forces -
--------------------------------------------------------------------------------
Even with the steps above, WiFi can still be a liability. That is why you
should not rely on just a single method of security for your network. You need
to have a comprehensive plan that covers multiple vectors.
It is important to pair smart encryption practices with other techniques, such
as MAC filtering, cloaked SSIDs, and firewalls.
By combining all of these security features, you can create a network that is
simply not going to be worth the effort for a casual attacker.
No WiFi network is completely safe from attack, and if there is an attacker
that has for whatever reason specifically targeted you, with enough effort,
they will get in.
But if the only threat to your network are leachers and WarDrivers, 9 times out
of 10, if they see a network that is using multiple security measures, they
will simply move on a bit down the street to the next network, which will
almost certainly have little to no protection.
--------------------------------------------------------------------------------
- 5.2 Securing your WiFi Router -
--------------------------------------------------------------------------------
An important aspect of wireless security, one which many people forget, is
properly securing the wireless router itself.
If you are using a soft AP, including the Nintendo Wi-Fi USB Connector, there
is not much to worry about. Granted the security of your computer is very
important, but you are not going to have a browser-based configuration system
just sitting out in the open on your computer, like you do on a standard WiFi
router.
Though this configuration page on your router, it is possible to do all sorts
of nasty things, including locking you out of your own router, and even
destroying it by doing an improper firmware flash on it.
Also, as mentioned in Section 5.1.2, "MAC Filtering", the router configuration
also holds the MAC filtering information, and can be used to allow an attacker
to add his MAC to your router's authorized list, and get full access to the
network.
It is vitally important to lock down your router to prevent anyone else but
yourself from accessing it. There are number of things you can do to secure
your router, but not all hardware will support all features, so just do the
best you can with whatever the router supports.
--------------------------------------------------------------------------------
- 5.2.1 Use a Strong Password -
--------------------------------------------------------------------------------
It's very important to use a strong password for you router's web interface, as
it is much easier to guess, brute force, or dictionary crack the password on a
router than an encrypted network.
It is possible to detect the manufacturer of your router by it's MAC OUI, and
many sniffing programs will automatically show the attacker what brand router
you are using. From there, it is a simple Google search to find the default
username and password that company uses. If you never changed your password
from the default one, you have just been compromised in a matter of seconds.
If you changed your password, but made it something simple, like "secret"; you
aren't in much better shape. The web authentication that most home routers use
can be dictionary cracked very rapidly. Running tests on my own routers, it
only took a few minutes for a dictionary cracking program to run though a list
of over 3000 common passwords, and find the simple password I had set for the
test. As with the default password, the process of getting control of the
router was simple and over in took only a few minutes.
Now, let's say that you follow the guidelines I talked about in Section
5.1.3.1, "Use a Strong Key". Such a password would not be discovered with a
dictionary attack, so the only option for the attacker would be to attempt a
brute force attack. In a brute force attack, the software is set with the
minimum and maximum length of the password, and what characters to use (for
example, numbers only, alphanumeric, capital letters only, etc), the software
will then attempt every possible password combination within the given
parameters.
As you could imagine, this would take a massive amount of time to complete.
Take for example the password I gave in that section, "\[P4$5W@r|)]/". To have
a 100% chance of cracking the password, the brute force software would need to
be configured to go up to 13 characters, and use full ASCII key-space.
That gives us 2,812,901,617,993,870,347 possible combinations. Go back and read
that again.
At best, you are only going to be able to try 5 passwords per second or so
against the router, given the speed of the connection and the response time of
the router itself.
As if it had to be said, that would take many, many, many, many, years to
complete. But to be precise, it would take about 17,839,305,000 years to crack
that password using a brute force attack.
--------------------------------------------------------------------------------
- 5.2.2 Disable Wireless Management -
--------------------------------------------------------------------------------
Wireless Management allows users connected to the router via WiFi to access the
router's web configuration.
This is almost certainly not what you want to do. If your computer is connected
to the router over Ethernet, then you will absolutely want to disable this
option.
All this does it makes it possible for an attacker to get into your router
configuration from outside of your home.
If your router supports it, and it won't effect your usage of the device, then
disable this immediately.
--------------------------------------------------------------------------------
- 5.2.3 Disable Remote Management -
--------------------------------------------------------------------------------
Remote Management is a feature on some routers that allow the web configuration
page to be accessed over the Internet, with the idea that you could manage your
router from anywhere on the planet.
Obviously, this is almost completely useless in every way, and should be
disabled.
There are few good reasons you would ever need to access your router from
outside your home, and they certainly don't outweigh the considerable risk of
having your configuration open up to all of the Internet to see.
--------------------------------------------------------------------------------
- 5.2.4 Disable Remote Upgrade -
--------------------------------------------------------------------------------
Remote Upgrade allows your router to be flashed with a firmware sent to it over
the Internet.
This is a disastrously stupid option, and should be disabled and completely
forgotten about.
--------------------------------------------------------------------------------
- 5.2.5 Enable HTTPS -
--------------------------------------------------------------------------------
Some routers will allow you to chose HTTP or HTTPS for the web administration
page. HTTPS is more secure than HTTP as it encrypts data sent to and from the
site. In this case, the data you want to secure is your password.
If you are using just HTTP, it would be possible for a attacker connected to
your network to sniff your router password as you login. If this happens, it
doesn't matter how good your password is, he will have it.
--------------------------------------------------------------------------------
- 5.3 Nintendo Wi-Fi USB Connector -
--------------------------------------------------------------------------------
While it might not have been Nintendo's initial goal when creating the Wi-Fi
Connector, the device does manage to offer considerable security.
Each DS or Wii is identified by the Connector though the console's nickname,
rather than the MAC address of the device. While it is very easy to sniff the
MAC of the DS with even the most basic software, capturing the nickname is
another story entirely. It is possible, but well out of the realm of standard
WiFi cracking.
Not only that, but each console needs to be interactively authenticated by the
user from the computer with the Wi-Fi Connector. There is no way for a device
to sneak onto the Wi-Fi Connector.
In fact, the Wi-Fi connector doesn't even show up to standard WiFi hardware.
Bottom line is, there is currently no known way to spoof an authenticated
DS or Wii and connect up to a Wi-Fi Connector.
--------------------------------------------------------------------------------
- 5.4 Firewalls -
--------------------------------------------------------------------------------
The firewall is the key element in network security. Essentially, a firewall is
anything that blocks incoming or outgoing traffic to a computer or network
based on a set of predefined rules. Firewalls can protect your internal network
from attacks from the Internet, or keep users from sending out information that
they are not allowed to.
On the same note, firewalls also tend to be a big source of trouble for
non-technical users. The same protection that keeps attackers from accessing
your computer from the Internet can also block your computer games from
connecting to other players, or your file transfers from completing.
A common, and very unfortunate, mistake that many users make is to simply
disable the firewall if it blocks a protocol they are trying to use. This is a
very bad idea, you should never disable your firewall. Instead, make the effort
to find out what ports and protocols your program needs, and allow them in the
router configuration. This way your software will continue to work, and you
will still be protected.
In the following sections, I will cover the two main types of firewalls;
hardware firewalls and software firewalls (in Linux, Windows, and Mac OS).
--------------------------------------------------------------------------------
- 5.4.1 Hardware Firewalls -
--------------------------------------------------------------------------------
A hardware firewall is any dedicated device that filters traffic into a
network. I say network, rather than computer, because hardware firewalls are
almost always used when there is more than a single client to protect (though
hardware firewalls designed to be used with a single computer do exist).
When talking about hardware firewalls for the home user, you are going to be
dealing with SOHO routers, which almost all include a basic firewall.
These small firewalls are almost all inbound firewalls. I know of no consumer
router that offers outbound firewalling from the factory. Though more advanced
hardware firewalls are capable of it, however.
Hardware firewalls are a good deal for the user that has their own small LAN
they want to protect, as they can protect all of the machines equally. However,
they are likely overkill for a user that simply has one computer connected up
to the Internet.
To allow traffic into a network, hardware firewalls will generally have
multiple rules which you can configure to forward specific traffic to a
predetermined IP address within the network. Most consumer hardware firewalls
also include a DMZ function, which allows all traffic from the Internet to
access the IP address specified. While it is never a good idea to place your
personal computer in the DMZ, it is occasionally necessary to place a device
there that needs access to multiple ports at once, like a game console.
Hardware firewalls work on the Network layer of the OSI model, which means they
have the advantage of working seamlessly with any operating system or device
capable of connecting to an Ethernet network.
--------------------------------------------------------------------------------
- 5.4.2 Software Firewalls -
--------------------------------------------------------------------------------
A software firewall is actually a program that runs on the computer it is
protecting, and actively monitors and filters all traffic on that computer.
Software firewalls can act as both inbound and outbound firewalls. Outbound
firewalling is easy to do in a software firewall, since the firewall is running
on the computer right along side the programs that need to access the Internet.
Some software firewalls will interactively notify the user when an inbound
connection has been blocked, or when a program is requesting an outbound
connection. While helpful, these messages and requests for confirmation tend to
annoy some users.
The exact opposite of a hardware firewall, the software firewall is a good
choice for protecting a single computer, but is not suitable to protect an
entire network. Software firewalls also tend to require more configuration than
their hardware counterparts.
Since a software firewall is just that, a piece of software, each operating
system uses a different software firewall program. Some operating systems
include this ability, while others might require the user to install their own
software firewall.
--------------------------------------------------------------------------------
- 5.4.2.1 GNU/Linux -
--------------------------------------------------------------------------------
Linux includes it's own firewall system built into the kernel. In 2.2 kernels,
it uses IPChains, and in 2.4+ kernels, IPTables is used. As every standard
distribution is using at least a 2.4 kernel, you only need to worry about
IPTables.
IPTables is capable of nearly any form of firewalling or NAT possible, so the
sky is the limit when it comes to configuration.
IPTables is generally configured from he command line, or more accurately, by
putting commands into a script, and having that run at boot time.
If a GUI is your thing, there are some good front-ends for IPTables, such as
Firestarter, Guarddog, Firewall Builder, and Knetfilter.
--------------------------------------------------------------------------------
- 5.4.2.2 Windows -
--------------------------------------------------------------------------------
Windows has not had a built-in firewall included until very recently, not until
Windows XP Service Pack 2, to be specific.
Also, not surprisingly, the Windows firewall is not very advanced; and can only
do inbound firewalling, not outbound firewalling (very unusual for a software
firewall). This limitation is due to Microsoft's concept of computer security,
and that the firewall's only duty is to protect a computer from infection, not
protect a computer that is already infected with a trojan. Right or wrong, this
behavior is confirmed to be in the Vista as well.
Configuration of the Windows firewall is essentially selecting which services
will be open on a specific interface, and which ones will be blocked.
As the Windows firewall is very basic, it is advised to download and install an
alternate software firewall (if you don't already have a hardware firewall
upstream, that is).
I would recommend Kerio Personal Firewall 2.1.5 (the last freeware version of
Kerio's firewall product). Besides being free and more advanced than the
Windows firewall, Kerio PF also has the advantage of working on
Windows 98/ME/2000.
--------------------------------------------------------------------------------
- 5.4.2.3 Mac OS -
--------------------------------------------------------------------------------
OSX includes a fairly complete firewall that is built into the kernel, not
unlike IPTables in Linux, known as ipfw. IPTables and ipwf are pretty similar
in their operation. They both use individual rules to build the firewall, can
be setup though scripts, and support detailed logging.
Like IPTables, ipfw does not have any GUI in and of itself, but OSX does
include a GUI for it by default. However, ipfw is capable of much more than
it's fairly simplistic GUI can present to the user.
Many of the more advanced capabilities of the OSX firewall cannot even be
accessed from it's GUI, they need to be enabled from the Terminal. This
includes the ability to block outbound traffic, as by default, the OSX firewall
only blocks inbound traffic like the Windows firewall.
Having to use the Terminal to configure the more advanced aspects of ipwf has
always been a criticism of the OSX firewall system. However, even when limited
to only the GUI interface, the OSX firewall is still more capable than the
Windows firewall. The GUI attempts to be a balance between the most commonly
used features, and ease of use. At least you are always open to using those
advanced features if you feel you need them, while the Windows firewall just
isn't capable of them in the first place.
An interesting note about the OSX firewall, it cannot be turned off. This is
part of Apple's security model, to help protect their machines by having the
firewall active from the very first time the computer is setup.
--------------------------------------------------------------------------------
- 5.4.3 Practical Application -
--------------------------------------------------------------------------------
All the information in the world is useless if you don't have a way to
practically apply it to your situation. In the following sections, I will cover
how you the user can implement some of the firewall technology previously
covered to help protect your network when opening it up to wireless access.
--------------------------------------------------------------------------------
- 5.4.3.1 Inbound Firewalling -
--------------------------------------------------------------------------------
The easiest and most reliable way to setup inbound firewalling for your network
is though the use of a hardware firewall. As mentioned before, the primary form
of hardware firewall for the average consumer is a home router. This device
will include a inbound firewall capable of blocking all unsolicited requests to
the machines on your network, wired and wireless.
The firewall contained in the average home router is enabled by default, and
does not require any setup from the user. The moment you connect your computer
to it, you are under it's protection. This makes the hardware firewall the
easiest to deploy out of all the options available.
The only configuration you may need to do on your hardware firewall is allowing
traffic into your network that you specifically want. For example, if you want
to run an FTP server from your computer, you would need to forward that traffic
to the IP of your computer.
As I mentioned before, all of the software firewalls are also capable of
inbound firewalling. It is important to remember though, that this will only
protect the computer it is running on, and not the rest of the network. These
also will involve a bit more setup than the hardware firewall.
Speaking about the Wii specifically, you generally will not have to make any
adjustments to an inbound firewall to get online and in a game.
However, on some routers there are bugs or inconsistencies in the way it
handles NAT and forwarding, and it might be necessary to do some additional
setup for you to connect to the WFC service.
If you are getting errors when connecting to the WFC though a router, you might
want to setup port forwarding to the Wii, or place it in the DMZ. In either
event, it would help if you setup the Wii with a static IP to make the
configuration easier.
If your Wii is connecting to the Internet though your computer, either via
the Wi-Fi Connector or other soft AP, the incoming firewall may need to be
adjusted to allow all traffic into the Wii if you are experiencing errors while
playing.
--------------------------------------------------------------------------------
- 5.4.3.2 Outbound Firewalling -
--------------------------------------------------------------------------------
As I mentioned previously, consumer hardware firewalls generally do not posses
any outbound firewalling capability. For that reason, they will not be
mentioned in this particular section. This section is only concerning software
firewall products.
I won't go into a lot of detail here. As the software firewall setup is going
to be completely different for every platform, it is better than I go into
specifics in each operating system's individual section.
The general concept here is that you can limit how a device can connect out to
the Internet, in an effort to only allow legitimate traffic through. Speaking
about the Wii specifically, you can use outbound firewalling on the computer
that is sharing it's Internet connection to the system.
This has a very real benefit, especially if you are running a standard soft AP
that any device can connect to. You can limit outbound connections from the
wireless side to only connect to Nintendo's WFC servers, blocking everything
else. This will prevent somebody from connecting up to your soft AP and using
your Internet connection.
================================================================================
= 6. Reference =
================================================================================
Here is some general information that may be of use to people reading this
Guide, I will add more to this as the Guide expands.
--------------------------------------------------------------------------------
- 6.1 Networking Glossary -
--------------------------------------------------------------------------------
These are simple definitions for some of the terms used in this document.
IP Address
An IP address is the human-readable address used to define a device on the
network. The easiest way to think of an IP address is like a phone number.
Everyone with a phone has a phone number and that number is unique to that
person but not necessarily to that phone. A phone can have it's number changed,
just as a device on the network can have it's IP changed.
DHCP
DHCP is system that allows the automatic assignment of IP addresses to
devices on a network. Almost all home routers have a DHCP server, and the
majority of people connected to home routers, wired or wireless, are using
DHCP. DHCP is advantageous as it makes adding new devices to the network very
simple.
DNS
If the IP address is to be compared to a phone number, then DNS could be
compared to the phone book. A DNS server holds records that equate hostnames
to IP addresses. This is used to convert human-friendly addresses, like
Nintendo.com, to IP addresses. A device is generally configured with the
addresses for two different DNS servers, a primary and a secondary. This allows
for a backup in the event the primary DNS server is not responding.
Gateway
A gateway is another term for a router. In this case, the gateway is
generally a home router of some sort, though in the case of one of the advanced
connections, the gateway is actually the computer sharing out the Internet
connection.
Proxy
A proxy is best described as an intermediary between two networks. A client
connects to the proxy server, and then the proxy connects to the destination
server or network on the client's behalf. This is used for a number of things,
such as making your presence on a network anonymous or connecting through a
encrypted proxy rather than on the open network. This is not something the
average home user needs, or even understands, but may be required on more
advanced networks.
NAT
NAT stands for "Network Address Translation". It is the method in which an
Internet connection can be shared to other devices. This allows you to connect
multiple devices to the Internet without each device needing a dedicated
connection.
ICS
ICS stands for "Internet Connection Sharing". This is Microsoft's term for
NAT, and while it is fairly limited in scope and capability (as are most
Microsoft products), it is effective enough for the home user.
MTU
MTU stands for "Maximum Transmission Unit". The MTU is the size of the
largest packet a particular protocol can transmit. Generally speaking, the
higher the MTU the better, but a overly high MTU can lock up a slow network
interface.
WEP
WEP is an outdated method of WiFi encryption. It contains numerous
vulnerabilities which allow it to be circumvented very rapidly. Whenever
possible, a higher form of encryption than WEP should be used. This is not
always possible however, as not all devices support higher forms of encryption,
such as the Nintendo DS.
WPA
WPA was designed to replace the flawed WEP encryption system. While WPA is
certainly not without it's faults, it offers much more secure operation. At
this time, circumvention of a WPA network is not enough of a threat for the
average person to even consider.
Access Point
An access point, for the purposes of this document, is a device that serves
as a WiFi master. Other devices can connect up to the AP, and through that, to
the network.
MAC Address
The MAC address of a device is built into it's networking hardware. Every
network-enabled device has a unique MAC address that can be used to identify
it.
--------------------------------------------------------------------------------
- 6.2 Software AP Compatible WiFi Hardware and Drivers -
--------------------------------------------------------------------------------
The following lists hardware and drivers that either I have personally tested,
or have on good authority, should work with a software AP setup.
--------------------------------------------------------------------------------
- 6.2.1 GNU/Linux -
--------------------------------------------------------------------------------
+-------------------------------------------------+
| Device | Interface | Driver |
+-------------------------------------------------+
| Realtek RTL8180 | PCMCIA | rtl8180 + sa2400 |
| Linksys WM11 | PCMCIA | HostAP |
| AmbiCom WL1100C | CF Card | HostAP |
| Centrino | Mini-PCI | IPW2100 |
+-------------------------------------------------+
--------------------------------------------------------------------------------
- 6.2.2 Windows -
--------------------------------------------------------------------------------
+-------------------------------------------------+
| Device | Interface | Driver |
+-------------------------------------------------+
| Centrino | Mini-PCI | Offcial Drivers |
| RT2500 | PCI | Gigabyte SoftAP |
+-------------------------------------------------+
--------------------------------------------------------------------------------
- 6.2.3 Mac OS -
--------------------------------------------------------------------------------
+-------------------------------------------------+
| Device | Interface | Driver |
+-------------------------------------------------+
| AirPort Extreme | PCI | AirPort Drivers |
+-------------------------------------------------+
--------------------------------------------------------------------------------
- 6.3 Finding the Current TCP/IP Information -
--------------------------------------------------------------------------------
The following sections will cover how to find your current TCP/IP information
(IP, subnet, gateway, and DNS servers) in Windows, Linux, and Mac OS.
Note, for all of the operating systems listed, the first DNS server listed is
always the primary, and the next server listed is the secondary. In reality,
the order that the DNS servers are queried does not really matter for most home
users, so don't worry too much about the order in which you enter them on the
Wii. In fact, some users might find they don't even have a secondary server
listed.
If you are unclear as to the meaning of any of the information below, consult
Section 6.1, "Networking Glossary".
--------------------------------------------------------------------------------
- 6.3.1 Under GNU/Linux -
--------------------------------------------------------------------------------
Under Linux, there are a few commands you will want to run to get all of the
TCP/IP information.
The first command we will look at is "ifconfig", which will show you the IP
settings for any interface on the system.
The output of "ifconfig" will look something like this:
bash# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:E6:D0:17:93
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2763 errors:0 dropped:0 overruns:0 frame:0
TX packets:2986 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1543179 (1.4 MiB) TX bytes:390496 (381.3 KiB)
Interrupt:11 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:61 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6708 (6.5 KiB) TX bytes:6708 (6.5 KiB)
Your system may have more interfaces than this, but the one you are most likely
going to want to look at is eth0, your primary Ethernet adapter. The entry for
"inet addr" is your machine's IP, and the entry for "Mask" is your subnet.
Now that we have the IP information, we will now look for our default gateway.
To find the default gateway, run the command "route".
The output of "route" will look something like this:
bash# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Here, the last line is the important one. This shows the default router your
machine is using to connect out to the Internet.
Finally, we will find the DNS servers the machine is using to resolve hostnames
to IP addresses. To find the current DNS servers, we will look in the file
"/etc/resolv.conf".
To read the file, we will use the command "cat /etc/resolv.conf". The contents
of the resolv.conf file will look similar to this:
bash# cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
nameserver 151.204.0.84
nameserver 151.197.0.39
--------------------------------------------------------------------------------
- 6.3.2 Under Windows -
--------------------------------------------------------------------------------
Under Windows, there is really only one command you need to know to find out
the current TCP/IP information for your machine. First, you will want to open
up the command interpreter. To do this, click the "Start" button, then click on
"Run" and in the dialog box, type in "cmd". Then hit enter.
You will be presented with the command interpreter window, in this window, you
will type the command "ipconfig /all".
The output will look similar to this:
Windows IP Configuration
Host Name . . . . . . . . . . . . : MyComputer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Generic Ethernet Controller
Physical Address. . . . . . . . . : 00-XX-00-XX-00-XX
Dhcp Enabled. . . . . . . . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 151.204.0.84
151.197.0.39
--------------------------------------------------------------------------------
- 6.3.3 Under Mac OS