Difference between revisions of "How do I configure my hardware firewall (such as a router)?"

From Second Life Wiki
Jump to navigation Jump to search
m (1 revision)
 
(8 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{KBmaster}}
#REDIRECT [[Linden Lab Official:Configuring your firewall to allow access to Second Life]]
 
Hardware firewalls need to allow access on certain network ports. Second Life needs to connect to ports 443/TCP, 12035/UDP, 12036/UDP, [[Unusually restrictive firewalls block teleporting|12043/TCP]], and 13000-13050/UDP. You should configure your firewall to allow outbound traffic on those ports, and related inbound traffic. You'll need to consult your firewall's documentation, or the manufacturer's website, for instructions on how to make these changes to your firewall. As of Version 1.13.2, released Jan. 10th, 2007, you need to enable UDP/TCP in order to access Second Life.
 
=Cisco=
 
If your hardware firewall is a Cisco router/switch that uses reflexive access lists (IOS 11.0 or later), add these lines to your outbound access list:
 
<blockquote dir="ltr" style="margin-right: 0px">
 
permit tcp any any eq 443 permit udp any any eq 12035 reflect outbound-SL permit udp any any eq 12036 reflect outbound-SL permit udp any any range 13000 13050 reflect outbound-SL
 
</blockquote>
 
Then, on your inbound access list, add:
 
<blockquote dir="ltr" style="margin-right: 0px">
 
permit tcp any any established evaluate outbound-SL
 
</blockquote>
 
Then, apply these access lists. SL should now be able to communicate through this router.
 
=Linux Killerwall=
 
If your hardware firewall is a Linux box that uses Killerwall, add these lines to your /etc/killerwall.acl:
 
<blockquote dir="ltr" style="margin-right: 0px">
 
IN IFACE &lt;your lan interface&gt; FROM 0.0.0.0/0 TO 0.0.0.0/0 tcp TOPORT 443 ACCEPT IN IFACE &lt;your lan interface&gt; FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12035 ACCEPT IN IFACE &lt;your lan interface&gt; FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12036 ACCEPT IN IFACE &lt;your lan interface&gt; FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 13000-13050 ACCEPT
 
</blockquote>
 
Then, restart Killerwall. Killerwall automatically tracks related reply packets, so SL should now work correctly.
 
=Linux Firewall=
 
If your hardware firewall is a Linux box that uses IPF (Linux Firewall)
 
pass out quick on rl0 proto tcp from any to any port = 443 flags S keep state pass out quick on rl0 proto udp from any to any port = 12035 pass out quick on rl0 proto udp from any to any port = 12036 pass out quick on rl0 proto tcp from any to any port = 12043 flags S keep state pass out quick on rl0 proto udp from any to any port 12999 &lt;&gt; 13051 pass in quick on rl0 proto tcp from any to any port = 443 flags S keep state pass in quick on rl0 proto udp from any to any port = 12035 pass in quick on rl0 proto udp from any to any port = 12036 pass in quick on rl0 proto udp from any to any port 12999 &lt;&gt; 13051
 
==Can I use voice from behind a firewall?==
 
Read [[Can I use voice from behind a firewall|this article]] for information on using voice from behind a firewall.
 
==What are Second Life's subnets?==
 
Read [[Linden Lab Official:What are Second Life's subnets|this article]] for information on Second Life's subnets.
[[Category:Troubleshooting]]
[[Category:Hardware Questions]]
[[Category:Technical Issue]]
[[Category:Knowledge Base]]

Latest revision as of 12:41, 10 February 2011

Redirect to:

Retrieved from "https://wiki.secondlife.com/w/index.php?title=How_do_I_configure_my_hardware_firewall_(such_as_a_router)%3F&oldid=1134012"