http://opensimulator.org/api.php?action=feedcontributions&user=Eekee&feedformat=atomOpenSimulator - User contributions [en]2024-03-28T15:47:11ZUser contributionsMediaWiki 1.19.9http://opensimulator.org/wiki/User:EekeeUser:Eekee2018-08-21T11:35:06Z<p>Eekee: What i want! lol</p>
<hr />
<div>Known as eekee eebus in several grids, or eekee x in OSgrid. Other aliases may of course be used.<br />
<br />
I'd like to add LSL to this wiki, but it'll be a long time before it's a useful reference. It would be nice to see OpenSim-specific caveats, and cross-references to OSSL functions. The trouble is, I'm really rather bad at determining caveats with any degree of accuracy.</div>Eekeehttp://opensimulator.org/wiki/Hypergrid_SecurityHypergrid Security2018-08-06T12:50:38Z<p>Eekee: Added mention of modified viewers to section: CopyBots</p>
<hr />
<div>{{Quicklinks}}<br />
<br /><br />
<br />
= Tasks =<br />
<br />
This task text is in development and currently should not be relied upon without direct testing.<br />
<br />
== Prevent local users from resolving Hypergrid URLs to foreign destinations ==<br />
<br />
Set <br />
<br />
<source lang="ini"><br />
[GridService]<br />
AllowHypergridMapSearch = false<br />
</source><br />
<br />
Default is also false. <br />
<br />
Both main map search and address bar search use this to resolve region addresses. So setting to false will prevent any attempt to resolve Hypergrid addresses.<br />
<br />
This may not prevent users from teleporting via existing hyperlink bookmarks if hypergrid was previously enabled.<br />
<br />
This setting should theoretically still allow external users to visit the installation.<br />
<br />
== Prevent users at a given UserLevel from travelling to foreign destinations ==<br />
<br />
This is done per user level. For instance, to prevent ordinary (UserLevel 0) local users from going to foreign destinations, set<br />
<br />
<source lang="ini"><br />
[UserAgentService]<br />
ForeignTripsAllowed_Level_0 = false<br />
</source><br />
<br />
You can also whitelist certain destinations for users that otherwise cannot travel, or blacklist others for users who can otherwise travel anywhere. See [[Hypergrid_Parameters]] for more details.<br />
<br />
== Prevent foreign users from accessing the simulator ==<br />
<br />
Set <br />
<br />
<source lang="ini"><br />
[GatekeeperService]<br />
ForeignAgentsAllowed = false<br />
</source><br />
<br />
This should still allow local users to teleport to foreign climes.<br />
<br />
One can also whitelist or blacklist all agents from specific source simulators with the AllowExcept and DisallowExcept parameters. See [[Hypergrid_Parameters]] for more details.<br />
<br />
== Ban specific foreign users ==<br />
<br />
See [[Banning Foreign Users in Hypergrid]].<br />
<br />
= Discussion =<br />
<br />
'''Please note that this is a historical discussion about content in the Hypergrid rather than about security issues per se.'''<br />
<br />
There is a wide-spread assumption that open grids such as OSGrid and new forms of grids such as the hypergrid are inherently insecure, and that it will be impossible to develop a "goods-based" economy on top of them; only walled-gardens can be secured. This is both true and false. While it is true with the current state of things, open grids, whatever their form, can be made as secure as the web. The first step towards that is to define exactly what the security threats are, and how they affect (or not) open and closed grids. So, let's spell them out, and face them head-on. This will help put our feet on the ground so that we start developing appropriate solutions.<br />
<br />
== Malicious Clients ==<br />
<br />
=== CopyBots ===<br />
<br />
Everyone knows about the infamous [http://en.wikipedia.org/wiki/CopyBot CopyBot]. Using libraries such as [http://www.libsecondlife.org/wiki/Main_Page LibSL] (now known as OpenMetaverse), or by modifying existing viewers, it is possible to develop clients for opensim servers that do unorthodox things such as bypassing the permissions system to copy people's assets. Bots written by griefers can do lots of other nasty things.<br />
<br />
Malicious bots are a problem for all opensim administrators, including walled-garden grids. They can be prevented, to a certain extent, by exo-technical solutions such as Terms of Service and real-world lawsuits. Technically speaking, the only way to keep intruders out is to run opensim inside a firewall, pretty much like all other pieces of client/server software out there. If that's an acceptable solution for your case, you should do it.<br />
<br />
Unfortunately firewalls also keep the public out, and most opensim operators, even the ones running walled-garden grids, want to reach out to the public. In this case, opensim operators may develop additional technical obstacles for bots, similar to those we see on the Web. For example, make sure agents are being run by real people by giving them a human-challenge during the login/TP process, etc. (This will only deter bots, not modified viewers which are operated by human beings.)<br />
<br />
Every obstacle to malicious clients lowers the risk of an intruder attack. However keep this in mind: no matter how many obstacles one builds, a sufficiently skilled and motivated attacker will be able to overcome them to penetrate opensims connected to the public internet. This affects hypergrid nodes as much as walled-garden grids. In fact, it's more pervasive than that: it affects '''all''' servers (opensim, web, etc.) connected to the public internet. Fighting malicious intruders is a fact of a connected world. Fortunately, those attacks don't happen very often, or the Web would have been dead by now.<br />
<br />
== Malicious Hosts ==<br />
<br />
=== Actively Malicious Hosts ===<br />
<br />
The new security threat introduced by openness, one that does not exist in closed grids, is the possibility of a user to visit a region that is running malicious code. In the current state of opensim, a malicious host can do serious damage to the user's assets. Let's see how.<br />
<br />
Assume you have your assets in your hypergrided-standalone opensim, and you go visit another opensim that happens to be running malicious code. Here is a non-exhaustive list of vulnerabilities that you are exposed to:<br />
<br />
* The host has your session id, so it can request your inventory items on your behalf and store copies in its local asset server. To add insult to injury, a malicious host could simply wipe out your inventory after having copied it.<br />
* Even if the malicious host doesn't access your items by itself, every time you access items in your inventory while you are in that region, those items are cached in the region's local cache, and can be stored persistently by the malicious host.<br />
<br />
Malicious hosts can do a lot more damage, but those two are enough to illustrate this new kind of vulnerability affecting open grids. Note that this affects all open grids, i.e. those where arbitrary people can plug-in their opensims, and not just the hypergrid.<br />
<br />
Fortunately, there is a family of simple solutions to this problem that can be summarized as "protecting you from yourself." That proposal is described [[Hypergrid Inventory Access|here]].<br />
<br />
=== Piracy ===<br />
<br />
A second new security threat affecting open grids is one pertaining to commerce of virtual goods. Suppose you put something out for sale on your hypergrided opensim. A foreign user comes and buys it. What that really means is that that user will physically get a copy of the assets moved to his/her asset server, which is different from your asset server. The permissions will be whatever you define them to be, and using the regular VW client, that user can only do what you defined he/she should could do with the object, as usual. However, if the user has direct backend access to the asset and inventory servers, that person can simply modify the permissions on his/her copy. This is commonly known as '''piracy'''. (This is also a problem with programmers who have direct access to the cache that their client keeps; in this case, the only thing that needs to be done to enable piracy is for the user to actually see a texture/animation/in-world object. This does NOT allow scripts to be copied, though, since the script is only interpreted on the server and is never sent for interpretation by the client.)<br />
<br />
This situation is the kernel of the belief that open grids are hopeless for a virtual-goods economy. DRM discussion aside, maybe they are hopeless. But then, everyone thought the web was hopeless for selling music, and look at the success of iTunes in spite of all the piracy that still exists out there. Who will be the equivalent of iTunes for virtual hair, skin and clothes?<br />
<br />
[[Category:Hypergrid]]</div>Eekeehttp://opensimulator.org/wiki/NAT_Loopback_RoutersNAT Loopback Routers2011-11-13T04:58:57Z<p>Eekee: Tidy up</p>
<hr />
<div>{{Quicklinks}} {{content}}<br />
<br />
=INTRODUCTION=<br />
<br />
What is NAT Loopback and why is it needed to host a public Opensimulator Region?<br />
<br />
Currently (as at August 2010), a hosted region on a home connection with a broadband router needs, what is known as ''NAT Loopback'' functionality.<br />
<br />
Many DSL routers/modems prevent loopback connections as a security feature. This means that a machine on your local network (e.g. behind your DSL router/modem) cannot connect to a forward facing IP address (such as 199.149.252.44) of a machine that it also on your local network. Connecting to the local IP address (such as 192.168.2.40) of that same machine works fine.<br />
<br />
This is an issue since each region has to be specify an IP address for the client to connect. This is the ExternalHostName parameter in a regions config file (e.g. bin/Regions/Regions.ini). In the absence of NAT loopback, if a forward facing IP address is specified (such as 199.149.252.44) then external clients will be able to connect to the region but clients on your local network will not. If the internal address were put in ExternalHostName instead (e.g. 192.168.2.40) then viewers on the local network will be able to connect but viewers from an external network would not.<br />
<br />
This page shows a list of routers supporting NAT Loopback. Please add both known working and non-working routers to the list.<br />
<br />
=Working Routers=<br />
<br />
==3Com==<br />
<br />
*3CRWDR100A-72<br />
*3CRWDR101A-75<br />
<br />
==D-Link==<br />
<br />
D-Link DGL-4500 series of routers have the largest available nat table of any router on the market.&nbsp; These routers range from 70$-180$ USD depending on where you live and purchase from. <br />
<br />
When considering a purchase, consider performance against cost. Upper end ADSL 2+ routers can add several Mbs to your modems sync speed. <br />
<br />
'''Wireless Routers - Access Point Only'''<br />
<br />
These routers are Access Point devices, and contain no ADSL modem and hence need a separate adsl modem operating in Bridge mode.<br />
<br />
*[http://www.dlink.com/products/?pid=64 D-Link DGL-4500] <br />
*[http://www.dlink.com/products/?pid=530 D-Link DIR-655] <br />
*[http://www.dlink.com/products/?pid=DIR-635 D-Link DIR-635]<br />
*[http://www.dlink.com/products/?pid=DIR-601 D-Link DIR-601]<br />
*[http://www.dlink.com/products/?pid=DIR-600 D-Link DIR-600]<br />
*D-Link DI-524<br />
<br />
'''Routers With ADSL modem'''<br />
No items to list currently<br />
<br />
Note: The DGL-4100 & DGL-4300 have been discontinued, and the replacement model is the DIL-825 and DIL-855 - Loopback status unknown on these later models. The DGL-4300 may be available second hand.<br />
<br />
==Draytek==<br />
<br />
* Draytek Vigor 2710n [http://www.draytek.com/user/PdInfoDetail.php?Id=82] does NAT loopback out of the box and seems to be generally an all-round great router.<br />
* Draytek Vigor 120 [http://www.draytek.com/user/PdInfoDetail.php?Id=71] does NAT loopback out of the box and has some nice features. NOTE that if it's using PPPoA (common in UK and New Zealand) there is a bug that stops Opensim (and Secondlife) ping packets from working so you disconnect after 3 minutes. You need to upgrade to firmware 3.2.4.3 (or higher).<br />
<br />
==Linksys/Cisco==<br />
<br />
*[http://www.linksysbycisco.com/EU/en/support/WAG200G Linksys WAG200G] with Firmware Version: 1.01.09<br />
*[http://en.wikipedia.org/wiki/Linksys_WRT54G_series Linksys WRT54G]<br />
*[http://homesupport.cisco.com/en-us/wireless/lbc/WAG54G Linksys WAG54G v3] <br />
*[http://homesupport.cisco.com/en-us/wireless/lbc/WAG54G Linksys WAG54G v2 - NZ/Australia version] <br />
*Linksys RT31P2<br />
Note: The WAG54G v2 NZ/Australia version has a faster processor, more memory and larger NAT table, and works with OS out of the box. Other market versions may not.<br />
<br />
==Netgear==<br />
<br />
*NETGEAR WNR834M&nbsp;: ftp://downloads.netgear.com/files/wnr834m_ref_manual.pdf <br />
*NETGEAR WNR2000&nbsp;: With firmware 1.2.3.7 ( http://kb.netgear.com/app/answers/detail/a_id/11895 ) loopback now enabled 'out of the box' <br />
*NETGEAR WGR614&nbsp;: has been confirmed to work out of the box <br />
*Netgear RP614 v3<br />
*Netgear DG834G v3 with latest firmware & v4 upto firmware version v5.01.09 (according to [http://forum1.netgear.com/showthread.php?t=42641 this link], a later firmware update of v4 removed NAT loopback). The latest model versions, marked v5 on the unit's label, has significantly different internals and is not currently Loopback capable(the v5 has the wireless aerial on the right, not the left, as looking from the front. The DG834G v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers.<br />
*Netgear DGN1000 worked out of the box. Note this working item reports its firmware version as V2.1.00.19_VG which seems much newer than the version offered for download on netgear.com.<br />
<br />
==Thomson==<br />
<br />
*Thomson SpeedTouch router-modem&nbsp;TG585, ST-585i (requires Telnet acces to it to Enable Loopback) <br />
*Thomson Speedtouch ST-780, ST-516 <br />
<br />
==Other routers &amp; Hardware==<br />
<br />
*Arris TM502b&nbsp;: http://portforward.com/english/routers/port_forwarding/Arris/TM502b/ <br />
*2wire 2701hg-s NOT Loopback capable. but the 2wire 2701hg-B &amp; 2701hg-D Series ARE loopback capable.&nbsp; (These can be purchased for approximately $50 USD) <br />
*AVM FritzBox (most Models are working perfect, '''except 3790 VDSL Router''', Date Sep 2010)&nbsp;: http://www.avm.de <br />
*Ubee Wireless Cable Router DDW2600&nbsp; [http://www.ubeeinteractive.com/index.php/products/product-overview/wireless_cable_router1/ http://www.ubeeinteractive.com/index.php/products/product-overview/wireless_cable_router1/]<br />
*BT home hub V2<br />
* If you are using a ZyXEL DSL router/modem from Embarq, please read [[OpenSim:Network_settings#A_solution_for_local_connections_when_you_are_using_NAT_and_Port_Forwarding|this configuration guide]]. This will show you how to reconfigure your DSL router/modem to fix this problem.<br />
<br />
=KNOWN&nbsp;non-functional for OpenSim:=<br />
<br />
*Netgear Pro Safe VPN FVS318&nbsp;: [http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS318.aspx http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS318.aspx] <br />
*NetGear WGR614 does not work with ISP required gateway modems<br />
*Belkin F5D7230-4 (the router might work if 3rd party firmware is used, such as DD-WRT&nbsp;: http://www.dd-wrt.com/ )<br />
<br />
<br><br />
<br />
=REFERENCE&nbsp;LINKS:=<br />
<br />
More Information Related to Routers and Solutions @: [http://osgrid.org/forums/viewtopic.php?f=8&t=2283 osgrid.org/forums/viewtopic.php]<br />
<br />
=Linux specific solutions=<br />
==SETTING UP A LINUX COMPUTER TO ACT AS A ROUTER==<br />
<br />
----<br />
<br />
For Linux based Netfilter (iptables) routers, you want to set up the NAT table with some extra entries The following script is something to get you started, you'll need to fix up the variables at the top to match your system and network. <source lang="bash"><br />
#!/bin/bash<br />
#<br />
# vvvvv - Fix these! - vvvvv<br />
IPTABLES=/usr/sbin/iptables<br />
LAN_NETWORK=192.168.0.0/24<br />
SERVER_IP=192.168.0.2<br />
INTERNET_IP=100.100.100.100<br />
REMOTING_PORT=8895<br />
REGION_PORT=9000<br />
# ^^^^^ - Fix these! - ^^^^^<br />
<br />
# First, the Destination NAT, anything going to the external address on our ports, we redirect to the server<br />
# Note, if you have a double NAT running and this router doesn't actually have the internet IP address, you'll<br />
# need another set of PREROUTING-DNAT lines with the --destination (-d) set to the internet facing private address<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REMOTING_PORT --jump DNAT --to-destination $SERVER_IP<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p udp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP<br />
<br />
# Second, the Source NAT, we need this so that returning packets to our LAN clients go back through the router first,<br />
# otherwise, the server will try to talk directly to the client and the client will reject them<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REMOTING_PORT --jump SNAT --to-source $INTERNET_IP<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p udp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP<br />
</source> <br />
<br />
--[[User:Hell Fire|Hell Fire]]<br />
<br />
==DNS solution==<br />
It's possible to host your own DNS-server, so you can prevent some of the dns-naming problems mentioned before. If http://example.org resolves to the external ip, and that loopback connection is prevented by your router, you could point your resolv.conf to a local nameserver like:<br />
nameserver 192.168.2.2<br />
Now you need bind/named installed in order to handle the dns-requests. You can find a bind example configfile here.<br />
<br />
=openWRT Routers:=<br />
<br />
If you use openWRT firmware on your router, check here: [[Users:Thomax:nat-loopback|OpenWRT NATLoopback]]<br />
<br />
=Windows XP Work Around:=<br />
<br />
Please see this -> http://vio.blpcomputers.info/loopbacknat.php<br />
<br />
<br />
[[Category:Hardware]]</div>Eekeehttp://opensimulator.org/wiki/NAT_Loopback_RoutersNAT Loopback Routers2011-11-13T04:56:02Z<p>Eekee: Added Netgeat DGN1000</p>
<hr />
<div>{{Quicklinks}} {{content}}<br />
<br />
=INTRODUCTION=<br />
<br />
What is NAT Loopback and why is it needed to host a public Opensimulator Region?<br />
<br />
Currently (as at August 2010), a hosted region on a home connection with a broadband router needs, what is known as ''NAT Loopback'' functionality.<br />
<br />
Many DSL routers/modems prevent loopback connections as a security feature. This means that a machine on your local network (e.g. behind your DSL router/modem) cannot connect to a forward facing IP address (such as 199.149.252.44) of a machine that it also on your local network. Connecting to the local IP address (such as 192.168.2.40) of that same machine works fine.<br />
<br />
This is an issue since each region has to be specify an IP address for the client to connect. This is the ExternalHostName parameter in a regions config file (e.g. bin/Regions/Regions.ini). In the absence of NAT loopback, if a forward facing IP address is specified (such as 199.149.252.44) then external clients will be able to connect to the region but clients on your local network will not. If the internal address were put in ExternalHostName instead (e.g. 192.168.2.40) then viewers on the local network will be able to connect but viewers from an external network would not.<br />
<br />
This page shows a list of routers supporting NAT Loopback. Please add both known working and non-working routers to the list.<br />
<br />
=Working Routers=<br />
==D-Link==<br />
<br />
D-Link DGL-4500 series of routers have the largest available nat table of any router on the market.&nbsp; These routers range from 70$-180$ USD depending on where you live and purchase from. <br />
<br />
When considering a purchase, consider performance against cost. Upper end ADSL 2+ routers can add several Mbs to your modems sync speed. <br />
<br />
'''Wireless Routers - Access Point Only'''<br />
<br />
These routers are Access Point devices, and contain no ADSL modem and hence need a separate adsl modem operating in Bridge mode.<br />
<br />
*[http://www.dlink.com/products/?pid=64 D-Link DGL-4500] <br />
*[http://www.dlink.com/products/?pid=530 D-Link DIR-655] <br />
*[http://www.dlink.com/products/?pid=DIR-635 D-Link DIR-635]<br />
*[http://www.dlink.com/products/?pid=DIR-601 D-Link DIR-601]<br />
*[http://www.dlink.com/products/?pid=DIR-600 D-Link DIR-600]<br />
*D-Link DI-524<br />
<br />
'''Routers With ADSL modem'''<br />
No items to list currently<br />
<br />
Note: The DGL-4100 & DGL-4300 have been discontinued, and the replacement model is the DIL-825 and DIL-855 - Loopback status unknown on these later models. The DGL-4300 may be available second hand.<br />
<br />
==Draytek==<br />
<br />
* Draytek Vigor 2710n [http://www.draytek.com/user/PdInfoDetail.php?Id=82] does NAT loopback out of the box and seems to be generally an all-round great router.<br />
* Draytek Vigor 120 [http://www.draytek.com/user/PdInfoDetail.php?Id=71] does NAT loopback out of the box and has some nice features. NOTE that if it's using PPPoA (common in UK and New Zealand) there is a bug that stops Opensim (and Secondlife) ping packets from working so you disconnect after 3 minutes. You need to upgrade to firmware 3.2.4.3 (or higher).<br />
<br />
==Netgear==<br />
<br />
*NETGEAR WNR834M&nbsp;: ftp://downloads.netgear.com/files/wnr834m_ref_manual.pdf <br />
*NETGEAR WNR2000&nbsp;: With firmware 1.2.3.7 ( http://kb.netgear.com/app/answers/detail/a_id/11895 ) loopback now enabled 'out of the box' <br />
*NETGEAR WGR614&nbsp;: has been confirmed to work out of the box <br />
*Netgear RP614 v3<br />
*Netgear DG834G v3 with latest firmware & v4 upto firmware version v5.01.09 (according to [http://forum1.netgear.com/showthread.php?t=42641 this link], a later firmware update of v4 removed NAT loopback). The latest model versions, marked v5 on the unit's label, has significantly different internals and is not currently Loopback capable(the v5 has the wireless aerial on the right, not the left, as looking from the front. The DG834G v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers.<br />
*Netgear DGN1000 worked out of the box. Note this working item reports its firmware version as V2.1.00.19_VG which seems much newer than the version offered for download on netgear.com.<br />
<br />
==Linksys/Cisco==<br />
<br />
*[http://www.linksysbycisco.com/EU/en/support/WAG200G Linksys WAG200G] with Firmware Version: 1.01.09<br />
*[http://en.wikipedia.org/wiki/Linksys_WRT54G_series Linksys WRT54G]<br />
*[http://homesupport.cisco.com/en-us/wireless/lbc/WAG54G Linksys WAG54G v3] <br />
*[http://homesupport.cisco.com/en-us/wireless/lbc/WAG54G Linksys WAG54G v2 - NZ/Australia version] <br />
*Linksys RT31P2<br />
Note: The WAG54G v2 NZ/Australia version has a faster processor, more memory and larger NAT table, and works with OS out of the box. Other market versions may not.<br />
<br />
==3Com==<br />
<br />
*3CRWDR100A-72<br />
*3CRWDR101A-75<br />
<br />
==Zyxel==<br />
<br />
* If you are using a ZyXEL DSL router/modem from Embarq, please read [[OpenSim:Network_settings#A_solution_for_local_connections_when_you_are_using_NAT_and_Port_Forwarding|this configuration guide]]. This will show you how to reconfigure your DSL router/modem to fix this problem.<br />
<br />
==Other routers &amp; Hardware==<br />
<br />
*Arris TM502b&nbsp;: http://portforward.com/english/routers/port_forwarding/Arris/TM502b/ <br />
*2wire 2701hg-s NOT Loopback capable. but the 2wire 2701hg-B &amp; 2701hg-D Series ARE loopback capable.&nbsp; (These can be purchased for approximately $50 USD) <br />
*Thomson SpeedTouch router-modem&nbsp;TG585, ST-585i (requires Telnet acces to it to Enable Loopback) <br />
*Thomson Speedtouch ST-780, ST-516 <br />
*AVM FritzBox (most Models are working perfect, '''except 3790 VDSL Router''', Date Sep 2010)&nbsp;: http://www.avm.de <br />
*Ubee Wireless Cable Router DDW2600&nbsp; [http://www.ubeeinteractive.com/index.php/products/product-overview/wireless_cable_router1/ http://www.ubeeinteractive.com/index.php/products/product-overview/wireless_cable_router1/]<br />
*BT home hub V2<br />
<br />
=KNOWN&nbsp;non-functional for OpenSim:=<br />
<br />
*Netgear Pro Safe VPN FVS318&nbsp;: [http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS318.aspx http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS318.aspx] <br />
*NetGear WGR614 does not work with ISP required gateway modems<br />
*Belkin F5D7230-4 (the router might work if 3rd party firmware is used, such as DD-WRT&nbsp;: http://www.dd-wrt.com/ )<br />
<br />
<br><br />
<br />
=REFERENCE&nbsp;LINKS:=<br />
<br />
More Information Related to Routers and Solutions @: [http://osgrid.org/forums/viewtopic.php?f=8&t=2283 osgrid.org/forums/viewtopic.php]<br />
<br />
=Linux specific solutions=<br />
==SETTING UP A LINUX COMPUTER TO ACT AS A ROUTER==<br />
<br />
----<br />
<br />
For Linux based Netfilter (iptables) routers, you want to set up the NAT table with some extra entries The following script is something to get you started, you'll need to fix up the variables at the top to match your system and network. <source lang="bash"><br />
#!/bin/bash<br />
#<br />
# vvvvv - Fix these! - vvvvv<br />
IPTABLES=/usr/sbin/iptables<br />
LAN_NETWORK=192.168.0.0/24<br />
SERVER_IP=192.168.0.2<br />
INTERNET_IP=100.100.100.100<br />
REMOTING_PORT=8895<br />
REGION_PORT=9000<br />
# ^^^^^ - Fix these! - ^^^^^<br />
<br />
# First, the Destination NAT, anything going to the external address on our ports, we redirect to the server<br />
# Note, if you have a double NAT running and this router doesn't actually have the internet IP address, you'll<br />
# need another set of PREROUTING-DNAT lines with the --destination (-d) set to the internet facing private address<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REMOTING_PORT --jump DNAT --to-destination $SERVER_IP<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p udp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP<br />
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP<br />
<br />
# Second, the Source NAT, we need this so that returning packets to our LAN clients go back through the router first,<br />
# otherwise, the server will try to talk directly to the client and the client will reject them<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REMOTING_PORT --jump SNAT --to-source $INTERNET_IP<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p udp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP<br />
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP<br />
</source> <br />
<br />
--[[User:Hell Fire|Hell Fire]]<br />
<br />
==DNS solution==<br />
It's possible to host your own DNS-server, so you can prevent some of the dns-naming problems mentioned before. If http://example.org resolves to the external ip, and that loopback connection is prevented by your router, you could point your resolv.conf to a local nameserver like:<br />
nameserver 192.168.2.2<br />
Now you need bind/named installed in order to handle the dns-requests. You can find a bind example configfile here.<br />
<br />
=openWRT Routers:=<br />
<br />
If you use openWRT firmware on your router, check here: [[Users:Thomax:nat-loopback|OpenWRT NATLoopback]]<br />
<br />
=Windows XP Work Around:=<br />
<br />
Please see this -> http://vio.blpcomputers.info/loopbacknat.php<br />
<br />
<br />
[[Category:Hardware]]</div>Eekeehttp://opensimulator.org/wiki/Artist_HomeArtist Home2011-11-13T04:52:51Z<p>Eekee: </p>
<hr />
<div>{{Quicklinks}}<br />
<br />
== Content Collections ==<br />
<br />
Collections containing many different kinds of resources.<br />
<br />
*[http://lindakellie.com/ LindaKellie.com]: Everything from skins and animations to complete sims as OAR files.<br />
<br />
== Artist Documentation ==<br />
<br />
This page contains information about content creation for OpenSimulator including best practices, guides, tools, examples, collaborative projects and of course Creative Commons licensed content.<br />
<br />
Discussion group for people interested in creating content for Metaverse: [http://groups.google.com/group/open-content-for-metaverse Open Content for Metaverse]<br />
<br />
Some useful resources of free material:<br />
<br />
*A great summary sheet: [http://docs.google.com/View?docid=dgsbx7zg_9mzk6nxtc 3DCG for the hobbyist -- useful products and links]<br />
*A hobbyist animators blog with all kinds of goodies: [http://www.cgspeed.com/ cgspeed]<br />
*A source for free animations, 3d models, textures, etc.: [http://www.sharecg.com/ ShareCG]<br />
*A huge 3d graphics source: [http://www.renderosity.com/ Renderosity]<br />
*Runtime DNA: [http://www.runtimedna.com/forum/downloads.php www.runtimedna.com Free Downloads]<br />
*Lots of free, full perm content here: [http://www.lindakellie.com/ LindaKellie.com]<br />
This is not an exhaustive list, please add to it if you can!<br />
<br />
I have tried to include sites which have free Poser/Opensim compatible content which could be used for "personal use" in your own "world". You must check the licensing for any commercial uses.<br />
<br />
== Textures ==<br />
<br />
Textures are images used to cover surfaces of 3d models and terrain. Textures can be anything form 1x1 to 1024x1024 images. Most of the textures for buildings, items and clothes are usually 512x512.<br />
<br />
=== Best Practices ===<br />
<br />
=== Guides ===<br />
<br />
* Creating tileable textures: http://www.gfxartist.com/features/tutorials/740<br />
* [http://robynhuffaker.com/sculptblender/2010/03/20/creating-and-using-shadow-maps/ Creating and Using Shadow Maps] by Robyn Huffaker<br />
<br />
=== Tools ===<br />
<br />
* [http://www.gimp.org/ GIMP] - GIMP is the GNU Image Manipulation Program.<br />
<br />
=== Examples ===<br />
<br />
=== Projects ===<br />
<br />
=== Content Libraries ===<br />
* [http://torley.s3.amazonaws.com/Torley-Textures.zip Torley Textures] is a collection of over 600 textures by Torley Linden. <br />
<br />
== Models ==<br />
<br />
Models are 3 dimensional objects which are formed from faces and textures. Models come in many flavors but currently OpenSimulator supports parametrized primitives and sculpted primitives. Parametrized primitives can be created in world with build functionality. Sculpted primitives are defined by a special bitmap image which can be created with 3d modeling programs which support sculptures.<br />
<br />
Yet unsupported in core OpenSimulator are 3d models which can be created with 3d modeling softwares like Blender and be saved in various formats, also known as Mesh. RealXtend module to OpenSimulator already supports 3d models.<br />
<br />
=== Best Practices ===<br />
<br />
=== Guides ===<br />
* [http://robynhuffaker.com/sculptblender/tutorial/ Learn to Make Second Life Sculpties in Blender] by Robyn Huffaker<br />
<br />
=== Tools ===<br />
<br />
* [http://www.blender.org/ Blender] - Blender is the free open source 3D content creation suite, available for all major operating systems under the GNU General Public License.<br />
* [http://www.wings3d.com/ Wings 3d] - Sculpty editor<br />
* [http://www.qavimator.org/ Qavimator] - Animation for OpenSim avatars<br />
<br />
=== Examples ===<br />
[[Image:Biped.jpg]]<br />
<br />
=== Projects ===<br />
<br />
* [[OpenSimulator Avatar]]<br />
<br />
=== Content Libraries ===<br />
<br />
== Terrain ==<br />
<br />
Currently OpenSimulator terrains consists of heightmap and textures for different directions and heights. OpenSimulator terrain can be imported in raw terrain format from several terrain editor tools.<br />
<br />
=== Best Practices ===<br />
<br />
=== Guides ===<br />
* [[Tips#Terrain Tidbits|Terrain Tips]]<br />
* [[Using L3DT]]<br />
* [[Terrain making]]<br />
* [[Detailed cross-region terrain making]]<br />
<br />
=== Tools ===<br />
<br />
* L3DT<br />
<br />
=== Examples ===<br />
<br />
=== Projects ===<br />
<br />
=== Content Libraries ===<br />
<br />
*[[Free Terrains]]<br />
<br />
<br><br />
<br />
=== Additional Terrain Resources ===<br />
<br />
'''TERRAIN EDITING''' <br />
<br />
There is now a Plugin made and available for the free program GIMP by Domino Designs which is easy to install and allows you to bring in RAW files and edit them. See http://dominodesigns.info/project/gimpterrain<br />
<br />
GIMP is available free and downloadable at http://www.gimp.org/downloads/<br />
GIMP is available for most Operating Systems and Platforms and is User Supported with many features and functions far beyond Terrain Editing. <br />
<br />
'''REFERENCES / SUPPLEMENTAL SOURCES amd APPLICATIONS:'''<br />
[[Tweaking]] Tutorial: Creating OpenSim terrain with Blender http://stringofbits.net/2009/09/tutorial-creating-opensim-terrain-with-blender<br />
<br />
Some free and some non-free terrains at http://www.rexxed.com/category/terrain<br />
<br />
Tutorial on [http://tgib.co.uk/2010/05/07/how-to-create-raw-terrain-files-for-second-life-and-opensim-with-terragen/ creating terrain files with Terragen] as well as [http://tgib.co.uk/2010/06/05/how-to-create-megaregion-terrain-raw-files-for-second-life-and-opensim/ using Photoshop to edit terrain files and create megaregion terrain] with a library of [http://tgib.co.uk/category/creations/terrain-creations/ free terrain files] <br />
<br />
Spinmass Virtual Creations, has two products for terrain making and generation which are free downloads. Look at Terrain Sculptor and Bailiwick. They are available from http://www.spinmass.com <br />
<br />
'''Three easy to use Online Image Splitters''' <br />
<br />
* http://www.chami.com/html-kit/services/is<br />
* http://www.sliceimage.com<br />
* http://www.makeuseof.com/dir/online-image-splitter<br />
<br />
<br />
== Sounds ==<br />
<br />
Sounds clips can be used within (scripted) objects and as part of gestures. Current OpenSimulator sound formats are PCM WAVE (.wav) 16-bit/44.1KHz/mono or stereo with a maximum length of 10.00 seconds.<br />
<br />
=== Best Practices ===<br />
<br />
=== Guides ===<br />
<br />
=== Tools ===<br />
<br />
* [http://audacity.sourceforge.net/ Audacity] - Audacity® is free, open source software for recording and editing sounds. It is available for Mac OS X, Microsoft Windows, GNU/Linux, and other operating systems.<br />
<br />
=== Examples ===<br />
<br />
=== Projects ===<br />
<br />
=== Content Libraries ===<br />
<br />
* [http://www.freesound.org/ The Freesound Project] - The Freesound Project is a collaborative database of Creative Commons licensed sounds.<br />
<br />
== Music ==<br />
<br />
Music can be played via parcel media as either streamed or from a single music file.<br />
<br />
=== Best Practices ===<br />
<br />
=== Guides ===<br />
<br />
=== Tools ===<br />
<br />
=== Examples ===<br />
<br />
=== Projects ===<br />
<br />
=== Content Libraries ===<br />
<br />
* [http://www.jamendo.com/ Jamendo] - Jamendo is a community of free, legal and unlimited music published under Creative Commons licenses.</div>Eekeehttp://opensimulator.org/wiki/Talk:OSSL_ProposalsTalk:OSSL Proposals2008-11-12T04:06:31Z<p>Eekee: /* OSSL Proposal Table */</p>
<hr />
<div>==OSSL Proposal Table==<br />
{| class="sortable" cellpadding="5" cellspacing="0" style="width:100%;border:1px solid #000000;border-collapse: collapse; white-space:normal;"<br />
|- style="background-color:#99CCFF;font-size:6pt;font-weight:bold;border-bottom:1px solid;" align="center" valign="bottom"<br />
| osFunction <br />
| Description <br />
| Example Usage<br />
| Signed<br />
| Comment<br />
| Commenter<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| int osShutdownRegion()<br />
| Shuts down the region the script is currently in. The script this is run in has to be owned by the master avatar for that region. Returns 1 if the region is going down, 0 on failure.<br />
| osShutdownRegion();<br />
| gryc<br />
|OK, say this worked, how would one restart their region with out asking a grid admin? Not all master avatars will be running the region on their computer, say if the region was hosted by a service similar to opengrid.<br />
|Nitrus Nori<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| void osAttachmentSay(integer channel, string msg)<br />
| Provide a secure, low lag method of communicating between attachments over the chat channels by only sending messages to objects attached to the same avatar. Would fail (or not be heard) if in a non-attached object.<br />
| osAttachmentSay(-20, "detatch");<br />
| Del M<br />
| This would be neat, though to make this truly low lag, one should have the script on the receiving end have predetermined messages or events and this function could send a call ID to call that event.<br />
| Nitrus Nori<br />
|<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| integer osTeleport(string RegionName, int x, int y, int z);<br />
| Teleports an avatar to a custom region<br />
| <br />
| Phrearch<br />
| A vector would be more convential here, rather than 3 seperate numbers, like so: osTeleport(string RegionName, vector position); The reason that's conventional is because carrying around a value as several separate variables is rather hard to maintain. It's not a function that's likely to get called in a tight loop, so the speed loss of casting the 3 floats of a vector to int shouldn't be an issue. I should also note llMapDestination uses a vector also, and adds a second vector for look_at.<br />
| eekee<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| integer osTeleport(string RegionName, int x, int y, int z);<br />
| Teleports an avatar to a custom region<br />
| <br />
| Phrearch<br />
| This function would really need to get the avatar's permission. Sending a blue dialog to the user may seem to be much the same as opening the map in the manner of llMapDestination, but it's not. The map is a very big window & conveys a lot of information, it can be very confusing to have the map pop up. The blue dialogs are rather less invasive. Are there any circumstances where permission would not be needed?<br />
| eekee<br />
|}</div>Eekeehttp://opensimulator.org/wiki/Talk:OSSL_ProposalsTalk:OSSL Proposals2008-11-12T03:58:45Z<p>Eekee: /* OSSL Proposal Table */</p>
<hr />
<div>==OSSL Proposal Table==<br />
{| class="sortable" cellpadding="5" cellspacing="0" style="width:100%;border:1px solid #000000;border-collapse: collapse; white-space:normal;"<br />
|- style="background-color:#99CCFF;font-size:6pt;font-weight:bold;border-bottom:1px solid;" align="center" valign="bottom"<br />
| osFunction <br />
| Description <br />
| Example Usage<br />
| Signed<br />
| Comment<br />
| Commenter<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| int osShutdownRegion()<br />
| Shuts down the region the script is currently in. The script this is run in has to be owned by the master avatar for that region. Returns 1 if the region is going down, 0 on failure.<br />
| osShutdownRegion();<br />
| gryc<br />
|OK, say this worked, how would one restart their region with out asking a grid admin? Not all master avatars will be running the region on their computer, say if the region was hosted by a service similar to opengrid.<br />
|Nitrus Nori<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| void osAttachmentSay(integer channel, string msg)<br />
| Provide a secure, low lag method of communicating between attachments over the chat channels by only sending messages to objects attached to the same avatar. Would fail (or not be heard) if in a non-attached object.<br />
| osAttachmentSay(-20, "detatch");<br />
| Del M<br />
| This would be neat, though to make this truly low lag, one should have the script on the receiving end have predetermined messages or events and this function could send a call ID to call that event.<br />
| Nitrus Nori<br />
|<br />
<br />
|- style="font-size:8pt;border-bottom:1px solid;" valign="top"<br />
| integer osTeleport(string RegionName, int x, int y, int z);<br />
| Teleports an avatar to a custom region<br />
| <br />
| Phrearch<br />
| A vector would be more convential here, rather than 3 seperate numbers, like so: osTeleport(string RegionName, vector position); The reason that's conventional is because carrying around a value as several separate variables is rather hard to maintain. It's not a function that's likely to get called in a tight loop, so the speed loss of casting the 3 floats of a vector to int shouldn't be an issue.<br />
| eekee<br />
|}</div>Eekee