Home Network

Windows/MSN Messenger Problems

Most people have a home network much like this where a single computer is connected directly to the Internet via a modem. Everything works just fine.

More adventurous people might have bought a switch or a hub to create a local network for their home to connect several computers together, one of which acts as the gateway to the Internet (via a modem). Running Internet Connection Sharing on that gateway computer allows everything to run just fine.

A more advanced network will have a router in the network which acts as the gateway to the Internet. In this case almost certainly connecting to the Internet via an ADSL connection. This is more advanced as you do not need to have the Internet Connection Sharing computer running for any of your other computers to connect, just a little black box in the corner. This is broadly how most companies are connected to the Internet albeit with a leased line rather than ADSL.

But there is a problem with this final connection strategy, by default Messenger apparently won't allow other people to see or hear you. You can chat but several other features of Messenger (sharing applications, video and audio connections) only seem to work one way. That is you can see/hear whom you are connecting with but they can't see or hear you.

The problem is with your router and the way Messenger works. Your router will be acting as a Network Address Translation (NAT) device which means it invisibly turns your local network IP addresses into your ADSL/dial-up IP address. That is, no matter how many PCs there are on your network, the Internet thinks there is only one machine at your house. Part of the way NAT boxes work is to prevent any unscrupulous people on the Internet attacking your home PCs by preventing people initiating connections from outside your network to computers on the inside. Like a one-way mirror, you can see out but they can't see back in.

That's just fine for most applications as your connection outbound allows for the other end to reply (Web surfing, Messenger chat, email etc.). Unfortunately, Messenger wants other people to connect back in to you to get your video/audio stream. There are three possible choices at this point:

  1. Do nothing. Not really a good choice if you want to have video conversations.

  2. Open up your NAT box and do dangerous things. Those dangerous things being to allow anyone on the outside to connect to almost any port on your computer (such is the range of possible ports that Messenger can use). This is a feasible solution but not a very good one, for two reasons:

    1. It means the natural firewall effect of your NAT box (the one-way mirror) is defeated.

    2. If you have several computers from which you might be running Messenger, how do you know which box to send the incoming requests to? Some Firewalls might be able to read the contents of application specific packets and guess which computer to route the packets back to but NAT boxes are simple (and therefore reliable) technology.

  3. Enable Universal Plug and Play (UPnP) on everything.

So what's that third one again? Well, it turns out that in the second home network example above, Internet Connection Sharing is acting as a NAT gateway (and, if you desire, a simple firewall) but more importantly is a UPnP NAT gateway.

So what? Well, it turns out that not only is Messenger UPnP NAT gateway aware but the UPnP protocol allows applications to tell the NAT gateway which ports to open up to the outside world and tell it which computer to route the incoming packets back to. In fact, everything that the very clever firewall might do by peering into the packets but is a touch more elegant in that it is application driven. The application, of course, has all the facts whereas the firewall has to second guess them.

Your router has to be UPnP enabled which it probably isn't by default. The reason for this is that opening holes through NAT gateways is still a security risk, after all, the opening application could crash, leave the hole open and another innocent and unexpecting application could get an undeserved stream of requests into it from the Internet. At least the protocol supports timeouts on the NAT holes so they will clear up eventually.

You must enable UPnP on your computer. This is a Windows component so you are likely to find it somewhere along the lines of: Control Panel :: Add/Remove Programs :: Windows Components :: Networking :: Details :: Universal Plug and Play. And, of course, reboot even though it appears not to be necessary.

As a check, afterwards you should be able to go into the Network Connections display and you should see a new element: Internet Gateway with an icon for your router.

Finally, start hounding people with Messenger. Great!