Thanks Justin and Mark,<br><br>Yep, you are both right in what I am asking in my question.<br><br>You hit the nail (squarely) on the head Mark.<br><br>Thanks for the info, your reply has captured the issues I have been thinking about and challenges I'm am trying to solve.<br>
<br>You guys are very knowledgeable and always helpful.<br><br>Stan<br><br><div class="gmail_quote">On 19 May 2012 16:42, Mark Malewski <span dir="ltr"><<a href="mailto:mark.malewski@gmail.com" target="_blank">mark.malewski@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><div><br></div><div><b><i>> You mean you want to know which ports have to be open </i></b></div><div>
<b><i>> to connect with OpenSimulator through a firewall?
</i></b></div><div><br></div></div><div><START SHORT RESPONSE HERE></div><div><br></div><div>I am guessing, that what Stanley is asking/suggesting is that the viewer has the ability to automatically check to see what ports are open/accessible (this way if someone was using a mobile laptop and using various networks, and happened to use a work/school network that was firewalled/restricted and certain ports were blocked, the viewer would show some form of pop-up message, or possibly have a "Port Viewer" configuration panel screen that showed which ports were being used and which ports are open/blocked, thus preventing the viewer from working properly).</div>
<div><br></div><div><END SHORT RESPONSE HERE></div><div><br></div><div><br></div><div><BEGIN LONG-WINDED RESPONSE HERE></div><div><br></div><div>Thereby making the user "aware" that certain ports (and possibly what those ports are used for in "clear english" such as "chat messaging port", etc.) as well as a green/red indicator to show whether the port is open/blocked, might be extremely beneficial to a "laymen" user (end user) to help trouble shoot network connectivity problems with trying to connect to an OpenSim Server.</div>
<div><br></div><div>This way they could check see (from within the OpenSim Viewer) using the Port Viewer control/configuration panel and simply see which ports are blocked (red) and then ask their network/system administrator to please open up those ports on their firewall (for specific individual users/MAC/IP address ranges) so that certain individuals could have access to those ports (opened by their system/network/campus administrators) so that those users could in fact use and access an OpenSim server from that connection.</div>
<div><br></div><div>OpenSim could be extremely troublesome for mobile users, especially if they move between various networks (internal school network, internal work/enterprise network, home/cable/dsl private network, public WiFi or Wireless ISP (Verizon LTE / AT&T LTE / T-Mobile / Clear) and this can cause tremendous confusion to end users as well as ISP's as well as Network/System Administrators (as to "who's fault" it is for the software not working).</div>
<div><br></div><div>It could be any number of things. There could be a hardware firewall (controlled by a school/enterprise network admin) or possibly a software firewall (controlled by a school/enterprise network admin) or possibly a third-party software firewall (ZoneAlarm, COMODO, TrendMicro, Norton, Windows 7 Firewall Control, etc.)</div>
<div><br></div><div>A very small list of the many (free) personal software firewalls can be found here: </div><div><a href="http://download.cnet.com/windows/firewall-software/" target="_blank">http://download.cnet.com/windows/firewall-software/</a>
</div><div><br></div><div>It can be a nightmare for a large university (or large business enterprise) to try and help/support anyone that is using a fairly "unknown" application such as OpenSim viewer.</div><div>
<br></div><div>This is not a common application (like Google Talk, AIM, ICQ, FTP, etc.)</div><div><br></div><div>Most admins would not know what ports would need to even be opened or whether the trouble was being caused by a hardware firewall, or possibly a software firewall (or software problem) on the local machine itself.</div>
<div><br></div><div>It could be fairly easy for Network/System Administrators to grant "OpenSim Users" access (open hardware firewall ports to specific MAC addresses or specific IP address ranges) but they would need to know exactly what ports would need to be opened for that particular end user (or it could be a simple matter of opening a software firewall port by remotely accessing an Enterprise/University/student/teacher's Symatec Endpoint Protection installation, and simply just opening up the ports needed for that particular computer/device. </div>
<div><br></div><div>Without having some form of "Port Viewer" panel (in the Client Viewer, such as Imprudence or Hippo) it would be extremely difficult (and time consuming) for Enterprise/University helpdesk staff or even ISP's customer service, or a hardware vendor (such as Linksys, D-Link, SMC, Buffalo, SonicWall, etc.) to try and help/support/explain WHY a particular software application is not working properly (because it might be a hardware firewall issue, or possibly a software firewall issue, or some form of network connectivity problem). Thus I can see how this type of module/viewer code could in fact be extremely useful (for the average end user as well as the average helpdesk support technician).</div>
<div><br></div><div>It would allow the "lay person" to check to see exactly WHICH ports are open and which ports are blocked. (Possibly use a green light to show that a port is open/accessible, and a red light to show that a particular port is closed/blocked next to the specific port number, and also give a brief description of what that port number is used for, voice chat, text messaging, etc.).</div>
<div><br></div><div>This way with just a quick glance at a port panel (in the viewer) the user could see EXACTLY which ports are blocked and which ports are open. (to determine if there are any firewall or proxy issues). </div>
<div><br></div><div>This way end users could simply ask/request that their network/system administrators open up whatever specific ports that they need to have opened (based on the red/green light indicators on the viewer control panel). </div>
<div><br></div><div>It would make it extremely easy for the end users, especially mobile users (that use laptops) that often travel between various networks (home, work, public, etc) and may run into trouble/problems based on the network they are currently connected to. </div>
<div><br></div>This type of "port viewer" control panel, would simply make it extremely easy for the end user to see what the current port status is (which ports are open/blocked) so they can figure out whether it's a personal software (personal firewall) or possibly a network firewall (network admin/system admin) problem.<br>
<br>It's much easier for the end user to see (and a System/Network Admin doesn't have to talk a user through various command line commands to try and figure out whether the problem or use specific software (or command line commands) to try and test individual ports on a remote user's computer, and it helps isolate the trouble/problem with a specific person's personal laptop configuration or individual software firewall/antivirus program configuration like Trendmicro Firewall, Symantec Endpoint Protection, etc.) <div>
<br></div><div>Some businesses/companies/schools may use a personal remotely-configurable software firewall in addition to a hardware firewall (especially for laptops and mobile devices).<br><br><a href="http://www.symantec.com/business/support/index?page=content&id=TECH169904" target="_blank">http://www.symantec.com/business/support/index?page=content&id=TECH169904</a> </div>
<div><br></div><div>If a user installs COMODO (or throw in Windows 7 Firewall) it makes things even more complicated.</div><div><br></div><div>It can be a REAL headache for system/network admins to try and troubleshoot (or walk a user that is calling the "help desk" for support) on an unknown software application such as OpenSim (or an OpenSim Viewer such as Imprudence).</div>
<div><br></div><div>99.9% of the system/network administrators in the world would have NO CLUE as to what ports OpenSim (or any OpenSim Viewer such as Imprudence or Naali) uses, and most end users wouldn't know either.<br>
<br>So it would make it extremely difficult for most internet service providers as well as school/work/enterprise admins to support, or even help with a trouble ticket (especially if the viewer was "rebranded" and called "XYZ Viewer" or "ABC Viewer" where no matter how much time a System/Network Admin wasted trying to help such a user, it would be nearly futile/impossible with trying to trouble shoot the issue if the end user himself didn't even know what ports needed to be opened, and whether or not their own personal firewall could be blocking any of those ports).</div>
<div><br></div><div>Many universities (and enterprises/businesses) use Symantec products (especially "Endpoint Protection") so Network/System Admins can remotely access the clients personal firewall (SEP client), and remotely configure the firewall (and open ports as needed) on a laptop owned by the school/university or business. Some companies actually REQUIRE any system that accesses an internal network (whether it be access the local LAN, or even VPN access) to have a client install of Symantec Endpoint installed, this way System/Network Admins know that the system is clean (no viruses) and is up to date with it's virus definitions and scans, as well as ensure that no rogue individuals/hackers/software/malware is installed on a computer that could be used to maliciously attack users (or servers) on the internal network (that are behind the firewall).</div>
<div><br></div><div>Sometimes even just remote mobile users (even using their own personal computers) must install SEP (Symantec Endpoint Protection 11.x) because their Enterprise/University Admins require it (prior to accessing the internal network).</div>
<div><br></div><div>It's often difficult for a non-technical end user to try and troubleshoot/determine whether it is a hardware firewall issue, or software firewall issue (or ISP/WiFi public network issue), or even a hardware issue (such as a Linksys, Netgear, or D-Link router/firewall issue).</div>
<div><br></div><div>Hardware Firewalls are generally placed between servers/users and the external network (internet). </div><div><br></div><div>But there is often NO PROTECTION placed between users (on the same subnet, or those behind the corporate hardware firewall). This is why software firewalls (such as Symantec Endpoint Protection) exist and are fairly common in the enterprise/workplace/school environment.</div>
<div><br></div><div>Here: <a href="http://en.wikipedia.org/wiki/Symantec_Endpoint_Protection" target="_blank">http://en.wikipedia.org/wiki/Symantec_Endpoint_Protection</a></div><div><br></div><div>and Here:</div><div><div>
<a href="http://www.symantec.com/business/support/index?page=content&id=TECH169904" target="_blank">http://www.symantec.com/business/support/index?page=content&id=TECH169904</a> </div>
<br></div><div>I can see where adding such a thing as a "Port Viewer" to the Imprudence Client viewer could be an EXTREMELY good idea, especially for school/mobile/enterprise/home users.</div>
<div><br></div><div>It would only take seconds for a user to see which ports are being blocked, and then it would be EXTREMELY easy for ANY admin (even one that is not familiar with Imprudence or OpenSim) to simply walk them through the correct steps (or use a remote desktop application to help configure any software or ports that might need to be opened on their individual computer).</div>
<div><br></div><div>Symantec Endpoint Protection is just ONE of many software firewalls out there, and SEP is remotely configurable (by the Enterprise Network Admin) but if that computer was used on a different network (and those ports were not opened) on the software firewall, the user might not even realize/understand that it's their personal firewall blocking those ports (and not their network hardware firewall or their ISP or public WiFi network).</div>
<div><br></div><div><- END LONG WINDED RESPONSE HERE -></div><div><br></div><div>I think it would actually be a great idea to implement such a feature in the viewer.</div><div><br></div><div>Especially if it was made to "look cool" and be very simple and easy to use/view. (Like simply just list all the port numbers, list their uses, and then have a green/red light to indicate whether the ports is open/blocked or not).</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div> -> Mark</div></font></span><div class="HOEnZb"><div class="h5"><div><br><br><div class="gmail_quote">On Fri, May 18, 2012 at 10:43 PM, Justin Clark-Casey <span dir="ltr"><<a href="mailto:jjustincc@googlemail.com" target="_blank">jjustincc@googlemail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">What do you mean Stanley? You mean you want to know which ports have to be open to connect with OpenSimulator through a firewall?<br>
<br>
On 17/05/12 06:46, Stanley Yip wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi everyone,<br>
<br>
<br>
Our end users are educators accessing our grid via their respective firewalled LANs.<br>
<br>
<br>
What, if possible would be the best way for OpenSim and/or the client viewer (we're using Imprudence 1.3.2) to do a<br>
background port check?<br>
<br>
<br>
Would a customised server side module that hooks into Imprudence be the solution?<br>
<br>
<br>
Hope there might be some existing solutions out there already.<br>
<br>
<br>
Thanks.<br>
<br>
s<br>
<br>
*Stanley Yip*<br>
<br>
Learning Media Developer Gameplay, PLANE<br>
Digital Education Revolution<br>
<br>
p: 02 9806 1165<br>
<br>
m: 0412 663 662<br>
<br>
e: <a href="mailto:stanley.yip@det.nsw.edu.au" target="_blank">stanley.yip@det.nsw.edu.au</a><<u></u>mailto:<a href="mailto:stanley.yip@det.nsw.edu.au" target="_blank">stanley.yip@det.nsw.<u></u>edu.au</a>><br>
<br>
w: <a href="http://www.plane.edu.au" target="_blank">www.plane.edu.au</a><<a href="http://www.plane.edu.au/" target="_blank">http://www.<u></u>plane.edu.au/</a>><br>
t: @planejourney<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Opensim-dev mailing list<br>
<a href="mailto:Opensim-dev@lists.berlios.de" target="_blank">Opensim-dev@lists.berlios.de</a><br>
<a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/<u></u>mailman/listinfo/opensim-dev</a><span><font color="#888888"><br>
</font></span></blockquote><span><font color="#888888">
<br>
<br>
-- <br>
Justin Clark-Casey (justincc)<br>
<a href="http://justincc.org/blog" target="_blank">http://justincc.org/blog</a><br>
<a href="http://twitter.com/justincc" target="_blank">http://twitter.com/justincc</a><br>
______________________________<u></u>_________________<br>
Opensim-dev mailing list<br>
<a href="mailto:Opensim-dev@lists.berlios.de" target="_blank">Opensim-dev@lists.berlios.de</a><br>
<a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/<u></u>mailman/listinfo/opensim-dev</a><br>
</font></span></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Opensim-dev mailing list<br>
<a href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br>
<a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br></blockquote></div><br>