This is sort of a continuation of my previous post about getting around a college firewall but with the intent of getting the Nintendo Wii online. The Wii expects a regular HTTP proxy, so the SOCKS based one that I used for my YouTube fix won’t work. I chose the easiest solution based on the equipment I had available: I set up an old desktop computer I built out of spare parts as a dedicated server on the local network. The system only has a 900Mhz K7, but that is overkill for the task at hand.
Picture It
I drew out a visualization of the network before I started. Sorry, no fancy Visio diagrams this time!
Excalibur is my Macbook Pro. HolyGrail is my Ubuntu based server running both HTTP and SOCKS services. This allows me to have a tunnel on my macbook pro and iPhone anywhere on the campus network without having to reconnect every time I put my macbook to sleep. On the other end of the SSH tunnel is my (dv) from Media Temple.
A Note Before You Start
I’ll warn you beforehand that I ran into a problem (bug), that I haven’t been able to resolve yet. I still can’t play any multi player games! Everything from system updates to the internet channel work fine but multi player will still not work. From my research it appears to be a bug in Nintendo’s proxy implementation when you’re in game mode. Looking through Apache logs I discovered that the incoming requests are being garbled so Apache returns errors. I’m positive that it is not a network problem because the garbled connection headers are the same as those sent when connecting to say the weather channel which works perfectly fine. The problem also is not game specific. I tested 3 different games with the same results.
I did not setup wireshark to dig further since I’m moving out of the dorm in less than 2 weeks. But even though games don’t work you can still get firmware updates, news, buy and download games etc. so you may still be interested in setting this up
Platform
I installed the latest stable version of Ubuntu on my new server and the instructions I’ll write will be geared towards that platform. However, the process should be relatively the same no matter what you run because Apache runs on virtually everything now days. I initially tested on Mac OS X Leopard since Apache is preinstalled.
Let’s Begin
The first thing to do on your new Ubuntu installation is to install Apache. This is very easy on Debian-based systems. All you have to do is open a Terminal window and type:
apt-get install apache2
Now that apache is up and running enable the proxy module:
a2enmod proxy
And now edit the configuration file /etc/apache2/mods-enabled/proxy.conf as needed. To test things out I allowed all requests. This could be a security problem so after you have everything working you might want to go back and only allow your Wii IP address. Here’s what my configuration file looked like for testing:
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests On
<Proxy *>
AddDefaultCharset off
Order deny,allow
# Only allow from Wii IP address
Allow from all
#Deny from all
#Allow from .example.com
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia Full
</IfModule>
Save your changes and restart Apache
/etc/init.d/apache2 restart
Connect Your Wii to The College’s Wireless Network
My original plans of using an ad-hoc network were foiled. I could not get the Wii to connect for the life of me so I was forced to go through the college’s wireless network. They require all new devices to register by entering a student ID number and password. This was a problem because I did not have the Internet Channel at the time.
To get around this I spoofed the Wii’s IP and MAC address on my MacBook Pro and registered it as if it was a new device. Presto! I can now connect the Wii to the local wireless network.
Spoofing your MAC address on Mac OS X and Linux is very easy:
Open a terminal window and type ifconfig. Record your current MAC address so that you can set it back without restarting your computer (if you want).
To change your MAC address just run sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
Be sure to replace en0 with your current interface and aa:bb:cc:dd:ee:ff with the MAC address of your Wii
Your Wii MAC address can be found under Wii Options -> Wii Settings -> Internet -> Console Information
Configure the Wii to Use Your Proxy Server
On your Wii, navigate to Wii Options -> Wii Settings -> Internet -> Connection Settings. Select your current network and change it’s settings. On the Proxy Server page choose Use and then click on Advanced Settings.
Set the address to the IP address of your local proxy server running on Apache and change the port if needed. Confirm and save your changes and a connection test will be made. If all went well the Wii should ask if you would like to perform a system update at this time!
Troubleshooting
If something went wrong the first place to go is the apache logs. They will contain any error messages. If you’re not getting any error or access logs then chances are the connection isn’t making it to your proxy server so step through everything one at a time looking for the problem.
- Is the Wii properly connected to the wireless network?
- Is your Wii and proxy server on the same network or accessible? One way to test is to use a laptop and simulate the Wii.
- Is there a firewall on your server that could be blocking the connection?
You see where this is going, so I’ll leave you to your fun!
Good Luck!
About the reason why multiplayer does not work, it is because it is trying to initiate an https(ssl/tls)connection during that time instead of http, which is exactly the same thing I ran into with the ps3 (able to download firmware updates, etc except load multiplayer games). Your proxy will have to be able to differentiate between http and https traffic and redirect accordingly and then it will work. I hope this helped.
salamander, fantastic! That never even crossed my mind. I wouldn’t have thought multiplayer game data such a security issue that it needed to be encrypted. Hopefully that information help those still subject to draconian firewall rules get the games flowing.
Thanks for that tidbit 😀
There is also the possibility that it sends out additional tcp/udp data outside of the proxy. I’m not sure whether the wii sends all it’s data through the proxy or whether it only uses it for authentication to the servers, but for the case of the ps3 this is true. I’ve had to sniff the tcp/udp coming exclusively from the ps3 and that’s where I found out that it has additional traffic beyond the usage of the proxies. With that traffic, you might consider trying to setup at least one comp on the network as a gateway, and have that comp use a vpn or route all the tcp [and if possible udp] streams into an ssh tunnel. Getting around a firewall sure is lotsa work lol.
Hey Jon,
In your “Connect Your Wii to The College’s Wireless Network” section you said ‘Be sure to replace en0 with your current interface…’ What does interface mean, would I replace it with en1? Or is that supposed to be the current MAC address of my MBP?
Thanks and sorry I’m kind of a noob at this stuff.
The interface is the unique ID for each network device on your computer. For example, en0 is the ethernet card and en1 is the wireless card on my MBP. These unique identifiers may vary from system to system. Running the ifconfig command in the Terminal will show all of these IDs.
Thanks Jon..
It seems as though updates to Leopard has either changed or disabled the ability to spoof MAC addresses. I am running 10.5.6 and from what I’ve found that terminal command and there’s another one floating around both do not work. You wouldn’t happen to know any others would you?
Make sure you’re running the command as an administrator user with sudo. Are any error messages shown? There won’t be any return on success.
I just gave it a shot on 10.5.6 and it still works.
No errors, but when I checked the MAC on en1, there was no change.
Interesting…. It could be the particular wireless card in your Mac. Fortunately you shouldn’t need to spoof the address unless you have to register your console on the network. If that’s the case you may have to explore other options like using a different network adapter or adding a browser to your console from somewhere else so that you can go through the registration process on the console itself.
I actually didn’t reach that step because routing the connection over port 80 worked. I originally thought that I would need the SSH tunnel to bypass the bandwidth throttling. For some reason my Wii sends corrupted headers in gaming mode with proxy enabled so I didn’t need the bandwidth. I never got gaming to work but all other internet functionality operated properly which frustrated me.
Hey Jon,
Just wondering how you configured apache to use the SSH tunnel to connect to the internet. I see that the wii is using the http proxy on Holy Grail but how have you configured Holy Grail to use the SSH tunnel as it’s primary means of connecting to the internet?