[Opensim-dev] Background port checker

Mark Malewski mark.malewski at gmail.com
Sat May 19 06:42:48 UTC 2012 

*> You mean you want to know which ports have to be open *
*> to connect with OpenSimulator through a firewall? *

<START SHORT RESPONSE HERE>

I am guessing, that what Stanley is asking/suggesting is that the viewer
has the ability to automatically check to see what ports are
open/accessible (this way if someone was using a mobile laptop and using
various networks, and happened to use a work/school network that was
firewalled/restricted and certain ports were blocked, the viewer would show
some form of pop-up message, or possibly have a "Port Viewer" configuration
panel screen that showed which ports were being used and which ports are
open/blocked, thus preventing the viewer from working properly).

<END SHORT RESPONSE HERE>


<BEGIN LONG-WINDED RESPONSE HERE>

Thereby making the user "aware" that certain ports (and possibly what those
ports are used for in "clear english" such as "chat messaging port", etc.)
as well as a green/red indicator to show whether the port is open/blocked,
might be extremely beneficial to a "laymen" user (end user) to help trouble
shoot network connectivity problems with trying to connect to an OpenSim
Server.

This way they could check see (from within the OpenSim Viewer) using the
Port Viewer control/configuration panel and simply see which ports are
blocked (red) and then ask their network/system administrator to please
open up those ports on their firewall (for specific individual users/MAC/IP
address ranges) so that certain individuals could have access to those
ports (opened by their system/network/campus administrators) so that those
users could in fact use and access an OpenSim server from that connection.

OpenSim could be extremely troublesome for mobile users, especially if they
move between various networks (internal school network, internal
work/enterprise network, home/cable/dsl private network, public WiFi or
Wireless ISP (Verizon LTE / AT&T LTE / T-Mobile / Clear) and this can cause
tremendous confusion to end users as well as ISP's as well as
Network/System Administrators (as to "who's fault" it is for the software
not working).

It could be any number of things.  There could be a hardware firewall
(controlled by a school/enterprise network admin) or possibly a software
firewall (controlled by a school/enterprise network admin) or possibly a
third-party software firewall (ZoneAlarm, COMODO, TrendMicro, Norton,
Windows 7 Firewall Control, etc.)

A very small list of the many (free) personal software firewalls can be
found here:
http://download.cnet.com/windows/firewall-software/

It can be a nightmare for a large university (or large business enterprise)
to try and help/support anyone that is using a fairly "unknown" application
such as OpenSim viewer.

This is not a common application (like Google Talk, AIM, ICQ, FTP, etc.)

Most admins would not know what ports would need to even be opened or
whether the trouble was being caused by a hardware firewall, or possibly a
software firewall (or software problem) on the local machine itself.

It could be fairly easy for Network/System Administrators to grant "OpenSim
Users" access (open hardware firewall ports to specific MAC addresses or
specific IP address ranges) but they would need to know exactly what ports
would need to be opened for that particular end user (or it could be a
simple matter of opening a software firewall port by remotely accessing an
Enterprise/University/student/teacher's Symatec Endpoint Protection
installation, and simply just opening up the ports needed for that
particular computer/device.

Without having some form of "Port Viewer" panel (in the Client Viewer, such
as Imprudence or Hippo) it would be extremely difficult (and time
consuming) for Enterprise/University helpdesk staff or even ISP's customer
service, or a hardware vendor (such as Linksys, D-Link, SMC, Buffalo,
SonicWall, etc.) to try and help/support/explain WHY a particular software
application is not working properly (because it might be a hardware
firewall issue, or possibly a software firewall issue, or some form of
network connectivity problem).  Thus I can see how this type of
module/viewer code could in fact be extremely useful (for the average end
user as well as the average helpdesk support technician).

It would allow the "lay person" to check to see exactly WHICH ports are
open and which ports are blocked.  (Possibly use a green light to show that
a port is open/accessible, and a red light to show that a particular port
is closed/blocked next to the specific port number, and also give a brief
description of what that port number is used for, voice chat, text
messaging, etc.).

This way with just a quick glance at a port panel (in the viewer) the user
could see EXACTLY which ports are blocked and which ports are open. (to
determine if there are any firewall or proxy issues).

This way end users could simply ask/request that their network/system
administrators open up whatever specific ports that they need to have
opened (based on the red/green light indicators on the viewer control
panel).

It would make it extremely easy for the end users, especially mobile users
(that use laptops) that often travel between various networks (home, work,
public, etc) and may run into trouble/problems based on the network they
are currently connected to.

This type of "port viewer" control panel, would simply make it extremely
easy for the end user to see what the current port status is (which ports
are open/blocked) so they can figure out whether it's a personal software
(personal firewall) or possibly a network firewall (network admin/system
admin) problem.

It's much easier for the end user to see (and a System/Network Admin
doesn't have to talk a user through various command line commands to try
and figure out whether the problem or use specific software (or command
line commands) to try and test individual ports on a remote user's
computer, and it helps isolate the trouble/problem with a specific person's
personal laptop configuration or individual software firewall/antivirus
program configuration like Trendmicro Firewall, Symantec Endpoint
Protection, etc.)

Some businesses/companies/schools may use a personal remotely-configurable
software firewall in addition to a hardware firewall (especially for
laptops and mobile devices).

http://www.symantec.com/business/support/index?page=content&id=TECH169904

If a user installs COMODO (or throw in Windows 7 Firewall) it makes things
even more complicated.

It can be a REAL headache for system/network admins to try and troubleshoot
(or walk a user that is calling the "help desk" for support) on an unknown
software application such as OpenSim (or an OpenSim Viewer such as
Imprudence).

99.9% of the system/network administrators in the world would have NO CLUE
as to what ports OpenSim (or any OpenSim Viewer such as Imprudence or
Naali) uses, and most end users wouldn't know either.

So it would make it extremely difficult for most internet service providers
as well as school/work/enterprise admins to support, or even help with a
trouble ticket (especially if the viewer was "rebranded" and called "XYZ
Viewer" or "ABC Viewer" where no matter how much time a System/Network
Admin wasted trying to help such a user, it would be nearly
futile/impossible with trying to trouble shoot the issue if the end user
himself didn't even know what ports needed to be opened, and whether or not
their own personal firewall could be blocking any of those ports).

Many universities (and enterprises/businesses) use Symantec products
(especially "Endpoint Protection") so Network/System Admins can remotely
access the clients personal firewall (SEP client), and remotely configure
the firewall (and open ports as needed) on a laptop owned by the
school/university or business.  Some companies actually REQUIRE any system
that accesses an internal network (whether it be access the local LAN, or
even VPN access) to have a client install of Symantec Endpoint installed,
this way System/Network Admins know that the system is clean (no viruses)
and is up to date with it's virus definitions and scans, as well as ensure
that no rogue individuals/hackers/software/malware is installed on a
computer that could be used to maliciously attack users (or servers) on the
internal network (that are behind the firewall).

Sometimes even just remote mobile users (even using their own personal
computers) must install SEP (Symantec Endpoint Protection 11.x) because
their Enterprise/University Admins require it (prior to accessing the
internal network).

It's often difficult for a non-technical end user to try and
troubleshoot/determine whether it is a hardware firewall issue, or software
firewall issue (or ISP/WiFi public network issue), or even a hardware issue
(such as a Linksys, Netgear, or D-Link router/firewall issue).

Hardware Firewalls are generally placed between servers/users and the
external network (internet).

But there is often NO PROTECTION placed between users (on the same subnet,
or those behind the corporate hardware firewall).  This is why software
firewalls (such as Symantec Endpoint Protection) exist and are fairly
common in the enterprise/workplace/school environment.

Here: http://en.wikipedia.org/wiki/Symantec_Endpoint_Protection

and Here:
  http://www.symantec.com/business/support/index?page=content&id=TECH169904

I can see where adding such a thing as a "Port Viewer" to the Imprudence
Client viewer could be an EXTREMELY good idea, especially for
school/mobile/enterprise/home users.

It would only take seconds for a user to see which ports are being blocked,
and then it would be EXTREMELY easy for ANY admin (even one that is not
familiar with Imprudence or OpenSim) to simply walk them through the
correct steps (or use a remote desktop application to help configure any
software or ports that might need to be opened on their individual
computer).

Symantec Endpoint Protection is just ONE of many software firewalls out
there, and SEP is remotely configurable (by the Enterprise Network Admin)
but if that computer was used on a different network (and those ports were
not opened) on the software firewall, the user might not even
realize/understand that it's their personal firewall blocking those ports
(and not their network hardware firewall or their ISP or public WiFi
network).

<-  END LONG WINDED RESPONSE HERE ->

I think it would actually be a great idea to implement such a feature in
the viewer.

Especially if it was made to "look cool" and be very simple and easy to
use/view.  (Like simply just list all the port numbers, list their uses,
and then have a green/red light to indicate whether the ports is
open/blocked or not).

            ->  Mark


On Fri, May 18, 2012 at 10:43 PM, Justin Clark-Casey <
jjustincc at googlemail.com> wrote:

> What do you mean Stanley?  You mean you want to know which ports have to
> be open to connect with OpenSimulator through a firewall?
>
> On 17/05/12 06:46, Stanley Yip wrote:
>
>> Hi everyone,
>>
>>
>> Our end users are educators accessing our grid via their respective
>> firewalled LANs.
>>
>>
>> What, if possible would be the best way for OpenSim and/or the client
>> viewer (we're using Imprudence 1.3.2) to do a
>> background port check?
>>
>>
>> Would a customised server side module that hooks into Imprudence be the
>> solution?
>>
>>
>> Hope there might be some existing solutions out there already.
>>
>>
>> Thanks.
>>
>> s
>>
>> *Stanley Yip*
>>
>> Learning Media Developer Gameplay, PLANE
>> Digital Education Revolution
>>
>> p: 02 9806 1165
>>
>> m: 0412 663 662
>>
>> e: stanley.yip at det.nsw.edu.au<**mailto:stanley.yip at det.nsw.**edu.au<stanley.yip at det.nsw.edu.au>
>> >
>>
>> w: www.plane.edu.au<http://www.**plane.edu.au/ <http://www.plane.edu.au/>
>> >
>> t: @planejourney
>>
>>
>>
>> ______________________________**_________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev>
>>
>
>
> --
> Justin Clark-Casey (justincc)
> http://justincc.org/blog
> http://twitter.com/justincc
> ______________________________**_________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20120519/f6311865/attachment-0001.html>

More information about the Opensim-dev mailing list