Jump to content
  • 0
Sign in to follow this  
Ayana Auer

How can I configure my hardware firewall (such as a router)

Question

  • 0

Hardware firewalls need to allow access on certain network ports. Second Life needs to connect to ports 443/TCP, 12035/UDP, 12036/UDP, 12043/TCP, and 13000-13050/UDP. You should configure your firewall to allow outbound traffic on those ports, and related inbound traffic. You'll need to consult your firewall's documentation, or the manufacturer's website, for instructions on how to make these changes to your firewall. As of Version 1.13.2, released Jan. 10th, 2007, you need to enable UDP/TCP in order to access Second Life.

 

Cisco

If your hardware firewall is a Cisco router/switch that uses reflexive access lists (IOS 11.0 or later), add these lines to your outbound access list:

 

permit tcp any any eq 443

permit udp any any eq 12035 reflect outbound-SL

permit udp any any eq 12036 reflect outbound-SL

permit udp any any range 13000 13050 reflect outbound-SL

 

Then, on your inbound access list, add:

 

permit tcp any any established

evaluate outbound-SL

 

Then, apply these access lists. SL should now be able to communicate through this router.

 

Linux Killerwall

If your hardware firewall is a Linux box that uses Killerwall, add these lines to your /etc/killerwall.acl:

 

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 tcp TOPORT 443 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12035 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12036 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 13000-13050 ACCEPT

 

Then, restart Killerwall. Killerwall automatically tracks related reply packets, so SL should now work correctly.

 

Linux Firewall

If your hardware firewall is a Linux box that uses IPF (Linux Firewall)

 

pass out quick on rl0 proto tcp from any to any port = 443 flags S keep state

pass out quick on rl0 proto udp from any to any port = 12035

pass out quick on rl0 proto udp from any to any port = 12036

pass out quick on rl0 proto tcp from any to any port = 12043 flags S keep state

pass out quick on rl0 proto udp from any to any port 12999 <> 13051

pass in quick on rl0 proto tcp from any to any port = 443 flags S keep state

pass in quick on rl0 proto udp from any to any port = 12035

pass in quick on rl0 proto udp from any to any port = 12036

pass in quick on rl0 proto udp from any to any port 12999 <> 13051

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Hardware firewalls need to allow access on certain network ports. Second Life needs to connect to ports 443/TCP, 12035/UDP, 12036/UDP, 12043/TCP, and 13000-13050/UDP. You should configure your firewall to allow outbound traffic on those ports, and related inbound traffic. You'll need to consult your firewall's documentation, or the manufacturer's website, for instructions on how to make these changes to your firewall. As of Version 1.13.2, released Jan. 10th, 2007, you need to enable UDP/TCP in order to access Second Life.

 

Cisco

If your hardware firewall is a Cisco router/switch that uses reflexive access lists (IOS 11.0 or later), add these lines to your outbound access list:

 

permit tcp any any eq 443

permit udp any any eq 12035 reflect outbound-SL

permit udp any any eq 12036 reflect outbound-SL

permit udp any any range 13000 13050 reflect outbound-SL

 

Then, on your inbound access list, add:

 

permit tcp any any established

evaluate outbound-SL

 

Then, apply these access lists. SL should now be able to communicate through this router.

 

Linux Killerwall

If your hardware firewall is a Linux box that uses Killerwall, add these lines to your /etc/killerwall.acl:

 

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 tcp TOPORT 443 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12035 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12036 ACCEPT

IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 13000-13050 ACCEPT

 

Then, restart Killerwall. Killerwall automatically tracks related reply packets, so SL should now work correctly.

 

Linux Firewall

If your hardware firewall is a Linux box that uses IPF (Linux Firewall)

 

pass out quick on rl0 proto tcp from any to any port = 443 flags S keep state

pass out quick on rl0 proto udp from any to any port = 12035

pass out quick on rl0 proto udp from any to any port = 12036

pass out quick on rl0 proto tcp from any to any port = 12043 flags S keep state

pass out quick on rl0 proto udp from any to any port 12999 <> 13051

pass in quick on rl0 proto tcp from any to any port = 443 flags S keep state

pass in quick on rl0 proto udp from any to any port = 12035

pass in quick on rl0 proto udp from any to any port = 12036

pass in quick on rl0 proto udp from any to any port 12999 <> 13051

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...