Thanks Justin and Mark, Yep, you are both right in what I am asking in my question.
You hit the nail (squarely) on the head Mark. Thanks for the info, your reply has captured the issues I have been thinking about and challenges I'm am trying to solve. You guys are very knowledgeable and always helpful. Stan On 19 May 2012 16:42, Mark Malewski <[email protected]> wrote: > > *> You mean you want to know which ports have to be open * > *> to connect with OpenSimulator through a firewall? * > > <START SHORT RESPONSE HERE> > > I am guessing, that what Stanley is asking/suggesting is that the viewer > has the ability to automatically check to see what ports are > open/accessible (this way if someone was using a mobile laptop and using > various networks, and happened to use a work/school network that was > firewalled/restricted and certain ports were blocked, the viewer would show > some form of pop-up message, or possibly have a "Port Viewer" configuration > panel screen that showed which ports were being used and which ports are > open/blocked, thus preventing the viewer from working properly). > > <END SHORT RESPONSE HERE> > > > <BEGIN LONG-WINDED RESPONSE HERE> > > Thereby making the user "aware" that certain ports (and possibly what > those ports are used for in "clear english" such as "chat messaging port", > etc.) as well as a green/red indicator to show whether the port is > open/blocked, might be extremely beneficial to a "laymen" user (end user) > to help trouble shoot network connectivity problems with trying to connect > to an OpenSim Server. > > This way they could check see (from within the OpenSim Viewer) using the > Port Viewer control/configuration panel and simply see which ports are > blocked (red) and then ask their network/system administrator to please > open up those ports on their firewall (for specific individual users/MAC/IP > address ranges) so that certain individuals could have access to those > ports (opened by their system/network/campus administrators) so that those > users could in fact use and access an OpenSim server from that connection. > > OpenSim could be extremely troublesome for mobile users, especially if > they move between various networks (internal school network, internal > work/enterprise network, home/cable/dsl private network, public WiFi or > Wireless ISP (Verizon LTE / AT&T LTE / T-Mobile / Clear) and this can cause > tremendous confusion to end users as well as ISP's as well as > Network/System Administrators (as to "who's fault" it is for the software > not working). > > It could be any number of things. There could be a hardware firewall > (controlled by a school/enterprise network admin) or possibly a software > firewall (controlled by a school/enterprise network admin) or possibly a > third-party software firewall (ZoneAlarm, COMODO, TrendMicro, Norton, > Windows 7 Firewall Control, etc.) > > A very small list of the many (free) personal software firewalls can be > found here: > http://download.cnet.com/windows/firewall-software/ > > It can be a nightmare for a large university (or large business > enterprise) to try and help/support anyone that is using a fairly "unknown" > application such as OpenSim viewer. > > This is not a common application (like Google Talk, AIM, ICQ, FTP, etc.) > > Most admins would not know what ports would need to even be opened or > whether the trouble was being caused by a hardware firewall, or possibly a > software firewall (or software problem) on the local machine itself. > > It could be fairly easy for Network/System Administrators to grant > "OpenSim Users" access (open hardware firewall ports to specific MAC > addresses or specific IP address ranges) but they would need to know > exactly what ports would need to be opened for that particular end user (or > it could be a simple matter of opening a software firewall port by remotely > accessing an Enterprise/University/student/teacher's Symatec Endpoint > Protection installation, and simply just opening up the ports needed for > that particular computer/device. > > Without having some form of "Port Viewer" panel (in the Client Viewer, > such as Imprudence or Hippo) it would be extremely difficult (and time > consuming) for Enterprise/University helpdesk staff or even ISP's customer > service, or a hardware vendor (such as Linksys, D-Link, SMC, Buffalo, > SonicWall, etc.) to try and help/support/explain WHY a particular software > application is not working properly (because it might be a hardware > firewall issue, or possibly a software firewall issue, or some form of > network connectivity problem). Thus I can see how this type of > module/viewer code could in fact be extremely useful (for the average end > user as well as the average helpdesk support technician). > > It would allow the "lay person" to check to see exactly WHICH ports are > open and which ports are blocked. (Possibly use a green light to show that > a port is open/accessible, and a red light to show that a particular port > is closed/blocked next to the specific port number, and also give a brief > description of what that port number is used for, voice chat, text > messaging, etc.). > > This way with just a quick glance at a port panel (in the viewer) the user > could see EXACTLY which ports are blocked and which ports are open. (to > determine if there are any firewall or proxy issues). > > This way end users could simply ask/request that their network/system > administrators open up whatever specific ports that they need to have > opened (based on the red/green light indicators on the viewer control > panel). > > It would make it extremely easy for the end users, especially mobile users > (that use laptops) that often travel between various networks (home, work, > public, etc) and may run into trouble/problems based on the network they > are currently connected to. > > This type of "port viewer" control panel, would simply make it extremely > easy for the end user to see what the current port status is (which ports > are open/blocked) so they can figure out whether it's a personal software > (personal firewall) or possibly a network firewall (network admin/system > admin) problem. > > It's much easier for the end user to see (and a System/Network Admin > doesn't have to talk a user through various command line commands to try > and figure out whether the problem or use specific software (or command > line commands) to try and test individual ports on a remote user's > computer, and it helps isolate the trouble/problem with a specific person's > personal laptop configuration or individual software firewall/antivirus > program configuration like Trendmicro Firewall, Symantec Endpoint > Protection, etc.) > > Some businesses/companies/schools may use a personal remotely-configurable > software firewall in addition to a hardware firewall (especially for > laptops and mobile devices). > > http://www.symantec.com/business/support/index?page=content&id=TECH169904 > > If a user installs COMODO (or throw in Windows 7 Firewall) it makes things > even more complicated. > > It can be a REAL headache for system/network admins to try and > troubleshoot (or walk a user that is calling the "help desk" for support) > on an unknown software application such as OpenSim (or an OpenSim Viewer > such as Imprudence). > > 99.9% of the system/network administrators in the world would have NO CLUE > as to what ports OpenSim (or any OpenSim Viewer such as Imprudence or > Naali) uses, and most end users wouldn't know either. > > So it would make it extremely difficult for most internet service > providers as well as school/work/enterprise admins to support, or even help > with a trouble ticket (especially if the viewer was "rebranded" and called > "XYZ Viewer" or "ABC Viewer" where no matter how much time a System/Network > Admin wasted trying to help such a user, it would be nearly > futile/impossible with trying to trouble shoot the issue if the end user > himself didn't even know what ports needed to be opened, and whether or not > their own personal firewall could be blocking any of those ports). > > Many universities (and enterprises/businesses) use Symantec products > (especially "Endpoint Protection") so Network/System Admins can remotely > access the clients personal firewall (SEP client), and remotely configure > the firewall (and open ports as needed) on a laptop owned by the > school/university or business. Some companies actually REQUIRE any system > that accesses an internal network (whether it be access the local LAN, or > even VPN access) to have a client install of Symantec Endpoint installed, > this way System/Network Admins know that the system is clean (no viruses) > and is up to date with it's virus definitions and scans, as well as ensure > that no rogue individuals/hackers/software/malware is installed on a > computer that could be used to maliciously attack users (or servers) on the > internal network (that are behind the firewall). > > Sometimes even just remote mobile users (even using their own personal > computers) must install SEP (Symantec Endpoint Protection 11.x) because > their Enterprise/University Admins require it (prior to accessing the > internal network). > > It's often difficult for a non-technical end user to try and > troubleshoot/determine whether it is a hardware firewall issue, or software > firewall issue (or ISP/WiFi public network issue), or even a hardware issue > (such as a Linksys, Netgear, or D-Link router/firewall issue). > > Hardware Firewalls are generally placed between servers/users and the > external network (internet). > > But there is often NO PROTECTION placed between users (on the same subnet, > or those behind the corporate hardware firewall). This is why software > firewalls (such as Symantec Endpoint Protection) exist and are fairly > common in the enterprise/workplace/school environment. > > Here: http://en.wikipedia.org/wiki/Symantec_Endpoint_Protection > > and Here: > > http://www.symantec.com/business/support/index?page=content&id=TECH169904 > > I can see where adding such a thing as a "Port Viewer" to the Imprudence > Client viewer could be an EXTREMELY good idea, especially for > school/mobile/enterprise/home users. > > It would only take seconds for a user to see which ports are being > blocked, and then it would be EXTREMELY easy for ANY admin (even one that > is not familiar with Imprudence or OpenSim) to simply walk them through the > correct steps (or use a remote desktop application to help configure any > software or ports that might need to be opened on their individual > computer). > > Symantec Endpoint Protection is just ONE of many software firewalls out > there, and SEP is remotely configurable (by the Enterprise Network Admin) > but if that computer was used on a different network (and those ports were > not opened) on the software firewall, the user might not even > realize/understand that it's their personal firewall blocking those ports > (and not their network hardware firewall or their ISP or public WiFi > network). > > <- END LONG WINDED RESPONSE HERE -> > > I think it would actually be a great idea to implement such a feature in > the viewer. > > Especially if it was made to "look cool" and be very simple and easy to > use/view. (Like simply just list all the port numbers, list their uses, > and then have a green/red light to indicate whether the ports is > open/blocked or not). > > -> Mark > > > On Fri, May 18, 2012 at 10:43 PM, Justin Clark-Casey < > [email protected]> wrote: > >> What do you mean Stanley? You mean you want to know which ports have to >> be open to connect with OpenSimulator through a firewall? >> >> On 17/05/12 06:46, Stanley Yip wrote: >> >>> Hi everyone, >>> >>> >>> Our end users are educators accessing our grid via their respective >>> firewalled LANs. >>> >>> >>> What, if possible would be the best way for OpenSim and/or the client >>> viewer (we're using Imprudence 1.3.2) to do a >>> background port check? >>> >>> >>> Would a customised server side module that hooks into Imprudence be the >>> solution? >>> >>> >>> Hope there might be some existing solutions out there already. >>> >>> >>> Thanks. >>> >>> s >>> >>> *Stanley Yip* >>> >>> Learning Media Developer Gameplay, PLANE >>> Digital Education Revolution >>> >>> p: 02 9806 1165 >>> >>> m: 0412 663 662 >>> >>> e: >>> [email protected]<**mailto:[email protected].**edu.au<[email protected]> >>> > >>> >>> w: www.plane.edu.au<http://www.**plane.edu.au/<http://www.plane.edu.au/> >>> > >>> t: @planejourney >>> >>> >>> >>> ______________________________**_________________ >>> Opensim-dev mailing list >>> [email protected] >>> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev> >>> >> >> >> -- >> Justin Clark-Casey (justincc) >> http://justincc.org/blog >> http://twitter.com/justincc >> ______________________________**_________________ >> Opensim-dev mailing list >> [email protected] >> https://lists.berlios.de/**mailman/listinfo/opensim-dev<https://lists.berlios.de/mailman/listinfo/opensim-dev> >> > > > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev >
_______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
