[Opensim-dev] Background port checker

Sun May 20 14:21:36 UTC 2012

Thanks Justin and Mark,

Yep, you are both right in what I am asking in my question.

You hit the nail (squarely) on the head Mark.

Thanks for the info, your reply has captured the issues I have been
thinking about and challenges I'm am trying to solve.

You guys are very knowledgeable and always helpful.

Stan

On 19 May 2012 16:42, Mark Malewski <mark.malewski at gmail.com> wrote:

>
> *> You mean you want to know which ports have to be open *
> *> to connect with OpenSimulator through a firewall? *
>
> <START SHORT RESPONSE HERE>
>
> I am guessing, that what Stanley is asking/suggesting is that the viewer
> has the ability to automatically check to see what ports are
> open/accessible (this way if someone was using a mobile laptop and using
> various networks, and happened to use a work/school network that was
> firewalled/restricted and certain ports were blocked, the viewer would show
> some form of pop-up message, or possibly have a "Port Viewer" configuration
> panel screen that showed which ports were being used and which ports are
> open/blocked, thus preventing the viewer from working properly).
>
> <END SHORT RESPONSE HERE>
>
>
> <BEGIN LONG-WINDED RESPONSE HERE>
>
> Thereby making the user "aware" that certain ports (and possibly what
> those ports are used for in "clear english" such as "chat messaging port",
> etc.) as well as a green/red indicator to show whether the port is
> open/blocked, might be extremely beneficial to a "laymen" user (end user)
> to help trouble shoot network connectivity problems with trying to connect
> to an OpenSim Server.
>
> This way they could check see (from within the OpenSim Viewer) using the
> Port Viewer control/configuration panel and simply see which ports are
> blocked (red) and then ask their network/system administrator to please
> open up those ports on their firewall (for specific individual users/MAC/IP
> address ranges) so that certain individuals could have access to those
> ports (opened by their system/network/campus administrators) so that those
> users could in fact use and access an OpenSim server from that connection.
>
> OpenSim could be extremely troublesome for mobile users, especially if
> they move between various networks (internal school network, internal
> work/enterprise network, home/cable/dsl private network, public WiFi or
> Wireless ISP (Verizon LTE / AT&T LTE / T-Mobile / Clear) and this can cause
> tremendous confusion to end users as well as ISP's as well as
> Network/System Administrators (as to "who's fault" it is for the software
> not working).
>
> It could be any number of things.  There could be a hardware firewall
> (controlled by a school/enterprise network admin) or possibly a software
> firewall (controlled by a school/enterprise network admin) or possibly a
> third-party software firewall (ZoneAlarm, COMODO, TrendMicro, Norton,
> Windows 7 Firewall Control, etc.)
>
> A very small list of the many (free) personal software firewalls can be
> found here:
> http://download.cnet.com/windows/firewall-software/
>
> It can be a nightmare for a large university (or large business
> enterprise) to try and help/support anyone that is using a fairly "unknown"
> application such as OpenSim viewer.
>
> This is not a common application (like Google Talk, AIM, ICQ, FTP, etc.)
>
> Most admins would not know what ports would need to even be opened or
> whether the trouble was being caused by a hardware firewall, or possibly a
> software firewall (or software problem) on the local machine itself.
>
> It could be fairly easy for Network/System Administrators to grant
> "OpenSim Users" access (open hardware firewall ports to specific MAC
> addresses or specific IP address ranges) but they would need to know
> exactly what ports would need to be opened for that particular end user (or
> it could be a simple matter of opening a software firewall port by remotely
> accessing an Enterprise/University/student/teacher's Symatec Endpoint
> Protection installation, and simply just opening up the ports needed for
> that particular computer/device.
>
> Without having some form of "Port Viewer" panel (in the Client Viewer,
> such as Imprudence or Hippo) it would be extremely difficult (and time
> consuming) for Enterprise/University helpdesk staff or even ISP's customer
> service, or a hardware vendor (such as Linksys, D-Link, SMC, Buffalo,
> SonicWall, etc.) to try and help/support/explain WHY a particular software
> application is not working properly (because it might be a hardware
> firewall issue, or possibly a software firewall issue, or some form of
> network connectivity problem).  Thus I can see how this type of
> module/viewer code could in fact be extremely useful (for the average end
> user as well as the average helpdesk support technician).
>
> It would allow the "lay person" to check to see exactly WHICH ports are
> open and which ports are blocked.  (Possibly use a green light to show that
> a port is open/accessible, and a red light to show that a particular port
> is closed/blocked next to the specific port number, and also give a brief
> description of what that port number is used for, voice chat, text
> messaging, etc.).
>
> This way with just a quick glance at a port panel (in the viewer) the user
> could see EXACTLY which ports are blocked and which ports are open. (to
> determine if there are any firewall or proxy issues).
>
> This way end users could simply ask/request that their network/system
> administrators open up whatever specific ports that they need to have
> opened (based on the red/green light indicators on the viewer control
> panel).
>
> It would make it extremely easy for the end users, especially mobile users
> (that use laptops) that often travel between various networks (home, work,
> public, etc) and may run into trouble/problems based on the network they
> are currently connected to.
>
> This type of "port viewer" control panel, would simply make it extremely
> easy for the end user to see what the current port status is (which ports
> are open/blocked) so they can figure out whether it's a personal software
> (personal firewall) or possibly a network firewall (network admin/system
> admin) problem.
>
> It's much easier for the end user to see (and a System/Network Admin
> doesn't have to talk a user through various command line commands to try
> and figure out whether the problem or use specific software (or command
> line commands) to try and test individual ports on a remote user's
> computer, and it helps isolate the trouble/problem with a specific person's
> personal laptop configuration or individual software firewall/antivirus
> program configuration like Trendmicro Firewall, Symantec Endpoint
> Protection, etc.)
>
> Some businesses/companies/schools may use a personal remotely-configurable
> software firewall in addition to a hardware firewall (especially for
> laptops and mobile devices).
>
> http://www.symantec.com/business/support/index?page=content&id=TECH169904
>
> If a user installs COMODO (or throw in Windows 7 Firewall) it makes things
> even more complicated.
>
> It can be a REAL headache for system/network admins to try and
> troubleshoot (or walk a user that is calling the "help desk" for support)
> on an unknown software application such as OpenSim (or an OpenSim Viewer
> such as Imprudence).
>
> 99.9% of the system/network administrators in the world would have NO CLUE
> as to what ports OpenSim (or any OpenSim Viewer such as Imprudence or
> Naali) uses, and most end users wouldn't know either.
>
> So it would make it extremely difficult for most internet service
> providers as well as school/work/enterprise admins to support, or even help
> with a trouble ticket (especially if the viewer was "rebranded" and called
> "XYZ Viewer" or "ABC Viewer" where no matter how much time a System/Network
> Admin wasted trying to help such a user, it would be nearly
> futile/impossible with trying to trouble shoot the issue if the end user
> himself didn't even know what ports needed to be opened, and whether or not
> their own personal firewall could be blocking any of those ports).
>
> Many universities (and enterprises/businesses) use Symantec products
> (especially "Endpoint Protection") so Network/System Admins can remotely
> access the clients personal firewall (SEP client), and remotely configure
> the firewall (and open ports as needed) on a laptop owned by the
> school/university or business.  Some companies actually REQUIRE any system
> that accesses an internal network (whether it be access the local LAN, or
> even VPN access) to have a client install of Symantec Endpoint installed,
> this way System/Network Admins know that the system is clean (no viruses)
> and is up to date with it's virus definitions and scans, as well as ensure
> that no rogue individuals/hackers/software/malware is installed on a
> computer that could be used to maliciously attack users (or servers) on the
> internal network (that are behind the firewall).
>
> Sometimes even just remote mobile users (even using their own personal
> computers) must install SEP (Symantec Endpoint Protection 11.x) because
> their Enterprise/University Admins require it (prior to accessing the
> internal network).
>
> It's often difficult for a non-technical end user to try and
> troubleshoot/determine whether it is a hardware firewall issue, or software
> firewall issue (or ISP/WiFi public network issue), or even a hardware issue
> (such as a Linksys, Netgear, or D-Link router/firewall issue).
>
> Hardware Firewalls are generally placed between servers/users and the
> external network (internet).
>
> But there is often NO PROTECTION placed between users (on the same subnet,
> or those behind the corporate hardware firewall).  This is why software
> firewalls (such as Symantec Endpoint Protection) exist and are fairly
> common in the enterprise/workplace/school environment.
>
> Here: http://en.wikipedia.org/wiki/Symantec_Endpoint_Protection
>
> and Here:
>
> http://www.symantec.com/business/support/index?page=content&id=TECH169904
>
> I can see where adding such a thing as a "Port Viewer" to the Imprudence
> Client viewer could be an EXTREMELY good idea, especially for
> school/mobile/enterprise/home users.
>
> It would only take seconds for a user to see which ports are being
> blocked, and then it would be EXTREMELY easy for ANY admin (even one that
> is not familiar with Imprudence or OpenSim) to simply walk them through the
> correct steps (or use a remote desktop application to help configure any
> software or ports that might need to be opened on their individual
> computer).
>
> Symantec Endpoint Protection is just ONE of many software firewalls out
> there, and SEP is remotely configurable (by the Enterprise Network Admin)
> but if that computer was used on a different network (and those ports were
> not opened) on the software firewall, the user might not even
> realize/understand that it's their personal firewall blocking those ports
> (and not their network hardware firewall or their ISP or public WiFi
> network).
>
> <-  END LONG WINDED RESPONSE HERE ->
>
> I think it would actually be a great idea to implement such a feature in
> the viewer.
>
> Especially if it was made to "look cool" and be very simple and easy to
> use/view.  (Like simply just list all the port numbers, list their uses,
> and then have a green/red light to indicate whether the ports is
> open/blocked or not).
>
>             ->  Mark
>
>
> On Fri, May 18, 2012 at 10:43 PM, Justin Clark-Casey <
> jjustincc at googlemail.com> wrote:
>
>> What do you mean Stanley?  You mean you want to know which ports have to
>> be open to connect with OpenSimulator through a firewall?
>>
>> On 17/05/12 06:46, Stanley Yip wrote:
>>
>>> Hi everyone,
>>>
>>>
>>> Our end users are educators accessing our grid via their respective
>>> firewalled LANs.
>>>
>>>
>>> What, if possible would be the best way for OpenSim and/or the client
>>> viewer (we're using Imprudence 1.3.2) to do a
>>> background port check?
>>>
>>>
>>> Would a customised server side module that hooks into Imprudence be the
>>> solution?
>>>
>>>
>>> Hope there might be some existing solutions out there already.
>>>
>>>
>>> Thanks.
>>>
>>> s
>>>
>>> *Stanley Yip*
>>>
>>> Learning Media Developer Gameplay, PLANE
>>> Digital Education Revolution
>>>
>>> p: 02 9806 1165
>>>
>>> m: 0412 663 662
>>>
>>> e: stanley.yip at det.nsw.edu.au<**mailto:stanley.yip at det.nsw.**edu.au<stanley.yip at det.nsw.edu.au>
>>> >
>>>
>>> w: www.plane.edu.au<http://www.**plane.edu.au/<http://www.plane.edu.au/>
>>> >
>>> t: @planejourney
>>>
>>>
>>>
>>> ______________________________**_________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev>
>>>
>>
>>
>> --
>> Justin Clark-Casey (justincc)
>> http://justincc.org/blog
>> http://twitter.com/justincc
>> ______________________________**_________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev>
>>
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20120521/680763ac/attachment-0001.html>