Difference between revisions of "Configuring your hardware firewall"

From Second Life Wiki
Jump to navigation Jump to search
m (linking ntop wikipedia entry and nprobe company page (doesn't have a wikipedia entry))
(Replaced content with "{{#Widget:Redirect|url=/t5/English-Knowledge-Base/Configuring-your-firewalls/ta-p/1304539}}")
 
(28 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Help|Viewer=*|BugFixes=*}}
{{#Widget:Redirect|url=/t5/English-Knowledge-Base/Configuring-your-firewalls/ta-p/1304539}}
==Introduction==
{{RightToc}}
This article describes how to configure your firewall to allow use of the Second Life Viewer (client) within your intranet.  It is intended for network administrators and others responsible for network security.
 
Firewalls are a fundamental component of a network security program. Following the "principle of least privilege," firewalls limit traffic between the corporate intranet and the public network to supported network applications.  Thus, firewalls are generally configured for common applications such as Domain Name Service (DNS), email, and web browsing.  However, Second Life uses a number of non-standard ports that most firewalls block by default. 
 
To enable people to use Second Life from inside the firewall, follow the procedures outlined in this document.
 
== Procedure ==
 
Although the details depend on your specific firewall, follow this  general procedure:
 
# '''Open outbound access for TCP ports'''. Second Life servers do not establish inbound TCP connections to client systems running the Second Life Viewer software. Instead, they use the "request / response" message pattern.
#* Enable outbound TCP access for ports 80, 443, 5060, 5062, 12043 and 21002.
# '''Open outbound "session" access for UDP ports'''.  Although UDP is a session-less transport, many firewalls block unsolicited incoming UDP traffic to a particular port unless it has seen recent outgoing UDP traffic from that same port.
#* Activate outbound UDP for ports 5060, 5062, and 12000-13050.
# '''Monitor'''. The intricacies of modern firewalls make it difficult for one document to cover every network configuration.  Use tools such as '''[http://en.wikipedia.org/wiki/Ntop ntop]''' and '''[http://www.ntop.org/nProbe.html nprobe]''' to monitor network flow between the Second Life Viewer and servers to identify network flows that blocked by the firewall.
 
== Ports ==
 
In addition to the standard ports for DNS lookup and web access, the Second Life Viewer requires the ports listed in the following table.
 
{|border=1 cellpadding=6 style="border-collapse: collapse"
|--- style="background: #dcdcdc"
! Port
! Protocol
! Used For
 
|---
| 53
| UDP/TCP
| DNS lookup
 
|---
| 80
| TCP
| Accessing Second Life related web resources
 
|---
| 443
| TCP
| Accessing Second Life related web resources and for client authentication
 
|---
| 5060
| UDP and TCP
| Voice / SIP traffic
 
|---
| 5062
| UDP and TCP
| Voice / (Session Initiation Protocol) SIP traffic
 
|---
| 12000 - 15000
| UDP
| Voice / RTP  traffic
 
|---
| 12035
| UDP
| Core protocol communication
 
|---
| 12043
| UDP
| Simulator communication and map related functions
 
|---
| 12043
| TCP
| Capability-based simulator communication
 
|---
| 13000-13050
| UDP
| Core protocol communication
 
|---
| 21002
| TCP
| Voice signaling
 
|}
 
Notes:
* RTP: Real-time Transport Protocol
* SIP: Session Initiation Protocol
 
== Server IP Addresses ==
 
For up-to-date information on IP addresses, see:
* {{Slkb|4356|What are Second Life's subnets?}} for Second Life server IP addresses. 
* {{Slkb|5206|Can I use voice from behind a firewall?}} for voice server IP addresses.
 
You can subscribe to these articles to be notified when the article is updated.
 
You may also use the Second Life Viewer to access virtual worlds hosted by organizations other than [[Linden Lab]].  Contact the hosting organization for the IP addresses used.
 
== See also ==
 
* {{Slkb|4354|How do I configure my software firewall?}}
* {{Slkb|4355|How do I configure my hardware firewall (such as a router)?}}
* {{Slkb|3942|Unusually restrictive firewalls block teleporting}}

Latest revision as of 09:28, 31 January 2012

Redirecting to http://community.secondlife.com/t5/English-Knowledge-Base/Configuring-your-firewalls/ta-p/1304539

Retrieved from "https://wiki.secondlife.com/w/index.php?title=Configuring_your_hardware_firewall&oldid=1162296"