Server Administration

In this section:

Setup

Overview of tasks

How ATCSMon works in a client/server environment

1. When a client tries to connect to ATCSMon, a TCP request is sent to port 4800 on the server computer. (Other ports are common, like 4799 or 4801)
2. The server computer replies with a number greater than 1024.
3. The client then attempts a UDP connection on that port. E.g. if the server replied 1089, the UDP connection would initiate on port 1089.
4. This can be verified in the Servers Connected window.
5. ATCS packet data is then sent over that UDP port. Also, special Keep Alive messages are sent periodically in cases where there is little ATCS traffic. This is done to keep traffic-based port forwarding active.

Configuring ATCSMon as a server

1. Configure > Options > Data Source.
2. Ensure Server Mode Listener is checked, and verify the port number listed, default is 4800.
3. Remove any server entries listed below that, if any remain from previous remote listening sessions.
4. Set the option for Deny server access. While this seems counter-intuitive, you are really saying "deny nothing" since you have no entries in the box above that.
5. Recommended option, in the notes field add Base=30000,30 which specifies a UDP port range starting at 30000 and allowing 30 concurrent connections. You may change these values however you want. By specifying the UDP port range this facilitates specification of port forwarding in home routers for the UDP traffic.
6. If you have a second server instance running (for an BCP or additional railroad, etc), make sure your port numbers and ranges don't overlap. So the second one could be TCP Server Mode Listener 4801 and UDP Base=30030,30.

Firewalling and Port Forwarding

1. Depending on your ISP and home network, you may have up to three locations providing firewalling services, and possibly two providing port forwarding. You'll need to configure the devices on your network (DSL/cable modem, wireless router, and server PC) so that only one is providing firewall and port forwarding services.
2. PC Firewall. Unless you know what you're doing with the software firewall, just disable it entirely, at least until you know the rest of the server setup works. If you re-enable it, you'll want to test again and configure firewall exceptions ("holes" allowing specified network traffic through the firewall) in it as needed.
3. DSL/Cable Modem. Most modern DSL and cable modems now include router functionality which includes port forwarding and firewall services. If your network also has a router (e.g. a Linksys wireless router, Netgear, D-Link, etc) in addition to a modem, the best thing to do is put the modem in "bridge" mode which turns off the extra services. Additionally, in "bridge" mode, the modem makes your ISP-assigned public IP address available to your router - in other words, making it so that your router is now "on" the Internet so that you can now allow the router to handle your ATCS server traffic.
4. Wired/Wireless Router. This is where you'll need to set up port forwarding to both the TCP and UDP port ranges your server will need. Doing so allows Internet traffic to access only those ports on your server.
   1. Consider assigning a static IP address to the server PC. In layman's terms, each computer on your network is assigned an IP address by your home router. However, these addresses are not consistently assigned to the same computer, as each assignment typically only lasts a day or so. (This IP address assignment is provided by the DHCP service on your router). Since the IP of your server could change in DHCP, there's some chance the IP may change someday, breaking the port forwarding you'll be doing on your broadband router. So with all that, you'll want to manually configure your server PC with a static (non-changing) IP.
   2. On your router, look to see what range of IP addresses are assigned using DHCP. For instance, on a Linksys router this range is often 192.168.1.100 to 192.168.1.149.
   3. On your PC, at a cmd prompt, type ipconfig /all to see the IP, Mask, Gateway, and DNS Servers that DHCP assigned to you. Configure your network card TCP/IP information using the Subnet Mask, Gateway, and DNS Server values you obtained. Then, assign a new IP address that is outside of the IP address range referred to above. If the range is 192.168.1.50 through .150, pick something like .151 so that the router doesn't assign that IP address to another computer on your network. Typical subnet mask values are 255.255.255.0. If you know what you're doing you can set that to something else like .3 or .253.
   4. Record your server PC IP address and gateway, which you'll need when configuring your router. From a cmd prompt, type ipconfig to see these.

Enable port forwarding on broadband router or firewall

The idea here is to poke pinholes in the router so that when someone connects to your public (internet) IP using the port number you specify, that request gets forwarded to the private (internal) IP of your ATCS Monitor server. This exposes only the small required range of ports at your PC, so it's really adequately secure for a typical home setup.

1. You can normally get to the configuration page by web browsing to http://(ip_address) and logging in. (HowToFindRouterIPAddress)
2. Make a forwarding entry for the TCP port number you chose when you set up the Server Mode Listener port above, and forward that to the IP address of your server PC. In the example above, you'd forward 4800 or if the entry requires a range, it's from 4800 to 4800. You do NOT need to specify TCP and UDP...just TCP.
3. Make a forwarding entry for the UDP port range you chose when you set up the UDP range above, and forward that to the IP address of your server PC. In the example above, the entry would range from port 30000 (Base) to port 30029 (which is 30 ports, inclusive).
4. If you have a second server instance running (for an BCP or additional railroad, etc), make sure your port numbers and ranges don't overlap. So the second one in the example could be TCP 4801 and UDP 30030 to 30059 forwarded to the same server PC IP address. Alternately, you can just combine the group, if contiguous, so TCP 4800 to 4801 and UDP 30000 to 30059. See?
5. If you experience trouble, go back and verify the ATCS Monitor setup you did above, and verify the PC software firewall such as Windows Firewall is disabled. If still you have issues, you could try to use a setting on some routers called "DMZ" just for testing. Don't leave this set, as it exposes all ports on the server PC, a relatively unsecure method of operating a server. Also, verify that another device (e.g. another router, or your DSL/cable modem) is not providing it's own firewall or port forwarding service and is properly configured.

Dynamic DNS Clients

You'll probably want to install a Dynamic DNS client which runs on the server, and updates a Dynamic DNS registry with your home router's IP address.

http://www.dyndns.org/

Maintenance and Administration

Remote Administration

Radio site servers commonly run in what is called "headless" mode, which means that no monitor, mouse or keyboard is connected to the system. All administration work is done via remote control software via the network (either ethernet or wifi) or Internet.

For the Windows XP systems (Pro only), one can make use of the built in Remote Desktop Protocol (RDP) feature (sometimes also referred to a Windows Terminal Services). Originally designed for help desk and tech support employees to help customers remotely, it also works very well for administering the server. Once the server and a client are configured, a user on the client computer can simply click a shortcut or run the client app and select a configuration and connect to the server and perform nearly any task that they could do if they were working on the server directly. It is possible to obscure the port number so that others are less likely to even find the connection, but simply editing a registry key to change the default TCP port used for RDP.

For a machine that does not have RDP, one can use a free remote connection utility called TightVNC(?) to access this system. The application has to be installed on both the client and the server but it not too hard to setup and is reliable once configured. TightVNC(?) works on most versions of Windows and many flavors of Unix/Linux. Recently, a better flavor of VNC has popped up called UltraVNC(?) . Seems to work very well and is also free.

If you don't want to open ports on the router at all, yet want to remote control the machine, consider LogMeIn(?) or GoToMyPC(?) , or similar applications. LogMeIn(?) has a free version available. (Be warned that it will try to get you to take a LogMeIn(?) Pro trial (eventually a pay service), which you can convert to LogMeIn(?) Free immediately after installation.

---

Further Reading:

LogMeIn Remote Access Service

UltraVNC Remote Access Software

TightVNC Remote Access Software

Windows Remote Desktop Protocol

Running a Headless Server

Logging Connections

Providing Layouts and MCP's for users

Please export and ZIP your MCPs (.mdb), layout (.lay), and preferrably a profile (.ini) including the server connection and proper layout selection. Upload the ZIP file to the appropriate subdivision.

The group generally supports the concept of a territory manager for an "official" custodian of each territory, usually by subdivision. If there is no ZIP file already in place, it's a safe bet that you can be the custodian. If there's already one uploaded, please contact the person who uploaded it to coordinate. Nothing says you can't upload yours as an alternate, but please list it as such in the description.

Listing Your Server

Please list your server in the Yahoo Groups Database area, so we know where to find you! You'll see the Servers database there and you'll know what to do.

Providing Data outside of ATCS Monitor

Real Time Display

FTP Image Capture

While it is possible to capture an image of the display as a JPG and publish it to a website, the ATCS Monitor user community in majority discourages this practice. The premise is that as the displays are more widely published, the incentive for the railroads to encrypt ATCS communications increases. If you do publish for your own use, please make attempts to restrict or reduce exposure to the general public, and absolutely don't openly flaunt it.

In the Configure>Options>Display tab, there's an entry for a path to save the JPG file, and a setting for the capture interval in seconds. The name of the JPG will always be in the format layoutname.jpg. You can either commit the file locally or to an FTP server.

• Local - Type in the drive and path, such as C:\webfolder\atcs\.
• FTP site - Type in the servername, username, password, and targetdirectory without spaces, such as ftp.ftpspot.com,railguy,amtrak801,/webfolder

The capture interval must be set in order for this to work. Setting the capture interval too frequent may make the file transfer fail, especially for slow FTP upload sites. Generally an update every few minutes will be good enough to aid local railfanning while out on the road.

The entire display area must be visible on the screen in order for capture to work properly, and that area must not be obscured by other windows. It's best to check the "Always on top" option by right-clicking the title bar of the display.

Some users format special layouts specifically for this function by grouping only one or two control points horizontally. This is done so that web-browser equipped cell phones only have to scroll the screen up and down in order to see the route, and the display will appear large enough to be readable.

Comments/Questions

-- BrianSwan - 29 Oct 2006 -- JAlexLang - 07 Dec 2008