[Opensim-users] Hypergrid & USB stick

Sean McNamara smcnam at gmail.com
Fri Mar 9 13:24:34 UTC 2012 

Hi,

On Fri, Mar 9, 2012 at 7:32 AM, Owen Kelly <owen.kelly at arcada.fi> wrote:
> Hi,
>
> I am having trouble thinking through a problem I seem to be having with an educational project for children we are making using OpenSim. The children all have individual single-user pocket worlds which they keep on usb sticks. (The installation uses Ener Hax's sim-on-a-stick.) We want them each to be able to teleport to a shared social world on our university server, much like Topology B on this page: http://opensimulator.org/wiki/Hypergrid
>
> The social world has a static IP address. The usb sticks have no IP address that is knowable in advance.
>
> This project is intended to work with 2 school classes, and the staff and pupils of those classes should be the only people in the social world. The usb sticks should definitely not be on the public map. Neither should the social world be available except from the usb sticks, which should only be able to transport their users from the pocket world to the social world and back again.

If you already understand how to set this up to listen on the public
Internet, then you don't have very much left to do.... you just need
to set up a firewall *somewhere* (whether on the individual lab PCs or
on the hardware router/firewall that connects them together).
Actually, if you just put all the PCs on a common NAT, you don't have
to explicitly block any ports -- the ports will be blocked per default
because the router won't forward inbound packets anywhere unless you
explicitly set up port forwarding rules.

If you literally have every student's machine hooked up to the public
internet with a unique public IP address, you can still set them up on
a software NAT using a reasonably beefy (and/or not very busy) regular
PC. You didn't state what operating system you have or any of the
technical details, so I can't provide any more specific help than
that.

Basically don't worry about restricting opensim from accessing the
public internet. Instead, restrict the network layer with a firewall.

It will be significantly harder to prevent your students from
hypergridding to *other* grids from their client software. Hypergrids
can listen on an arbitrary port, even 80 (which is normally unblocked
for HTTP). Unless you have a very clever transparent proxy or forced
http proxy, you won't be able to (easily) distinguish between
students' legitimate outbound network traffic -- such as accessing the
university's library site in a browser -- and hypergridding to another
opensim community, such as osgrid or 3rd rock.

You *could* entirely disable public internet access during your
lesson, if you have full control over all of the student machines and
they don't need the internet for the exercise. This would be the only
way to definitively prevent them from going "outbound" to connect to
an arbitrary server. Just block all outbound ports on all outbound IPs
except for the CIDR of the LAN/NAT (probably 10.x.x.x or 192.x.x.x).

>
> I have read all the documentation and tutorials that I can find about hypergridding, but I am still not sure of the best way to approach this. I have an uneasy suspicion that this may be very simple and I am foolishly over-thinking it.
>
> Could anyone offer any guidance please? I would be happy for anything from a suggested starting point to a step-by-step guide.

If you think it's going to be a problem to know the IP addresses of
the individual grids in advance, you'll need to use hostnames. Make
sure all the computers can ping each other by hostname, and make sure
the students can't change the hostnames. Problem (should be) solved.
You can now configure your grid based on the hostnames of the other HG
"pocket worlds".

Lastly -- if this configuration is expected to be established over the
public internet with each of the students residing in their own house
or dormitory, using their own computer, I think the only way to make
it remotely possible would be to use a VPN such as Hamachi to get
everyone on the same LAN. But since you have no control over students'
computers or networks, all bets are off as far as getting them to
concentrate on the lesson vs. surfing the web. It's only really
possible to control a setup like this if you have all the computers
(owned by the school) set up in a room, all connected to the same
router. THAT should work as I described above.

-Sean

>
> Many thanks
> Owen
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users

More information about the Opensim-users mailing list