trying to open ports in windows firewall

[Alexios Donardson]

im trying to add these ports to my windows firewall, but it doesnt allow me.

Ports 12000-17000 - UDP - for voice media
Port 80/443 - TCP - for Web server
Ports 5060 or 5062 - UDP - for voice control signals
Ports 3478/3479 - UDP - to aid in setting up voice with NAT

when i try to open the first group of ports, i get an error when trying to add the "-". it says "unacceptable character".

the same error appears when i try to add the ports with the "/".

any workaround?

[Peggy Paperdoll]

Get a decent firewall is the best workaround.

 

http://www.comodo.com/home/internet-security/free-internet-security.php

 

It's free.  It's a complete security suite.  It has documentation.  It's good.

[Baloo Uriza]

This information is only needed for people who are using an actual, real firewall, better known as a router.  Personal "firewalls", such as Windows Firewall, generally cause more problems than they solve, waste resources, and pester users with questions that they're typically not qualified to answer or care about in the first place.

Besides, if you've allowed Second Life to run in the first place, the appropriate exceptions have already been added to Windows Firewall.

[Baloo Uriza]

...and about as useless as Windows Firewall.  Packet filtering and network security in general isn't software you can download so much as a network design methodology, you're still better off picking up a Linksys (or any other router capable of NAT and packet filtering, ie, any of them) at the store (even if you have only one computer) and using that.  It will be easier to maintain, won't waste system resources, and gives you the added bonus of having a connection handy when a friend visits with their machine or if you buy a TiVo, Roku, Wii, Android phone, or pretty much any other device made in the last three years...

[Peggy Paperdoll]

Strange how nearly every Internet/network security expert disagrees with that.  Yes, a router also serves as a hardware firewall and offers a lot of protection from intrusions.  And the addition of a software firewall puts one more layer between your computer and any outside intrusions.  I would never tell someone to forget about installing a software firewall just because a router acts as a firewall.........that's irresponsible.

[Alexios Donardson]

instead of pointing me whats the right software/hardware firewall and if windows are better than linux, could you please help me with the question above?

[Vick Forcella]

Alexios Donardson wrote:

Ports 12000-17000 - UDP - for voice media

Port 80/443 - TCP - for Web server

Ports 5060 or 5062 - UDP - for voice control signals

Ports 3478/3479 - UDP - to aid in setting up voice with NAT

when i try to open the first group of ports, i get an error when trying to add the "-". it says "unacceptable character".

If you set Secondlife.exe as Trusted (as Windows has asked you) all ports and protocols will communicate with Secondlife.exe. It won't show you that as a seperate firewall settings since it's a program setting. (SL voice does)

Or you can Trust a port or a range of ports independent of the program. This is actually a bad idea and should be avoided since the ports can be used by other programs too.

In advanced mode add a new rule. Do not select Program, do not select Custom, but select Port. Follow the wizzard from there. Now you are allowed to enter a range of ports like UDP 12000-17000. (at least in W7)

the same error appears when i try to add the ports with the "/".

any workaround?

The "/" means that one of both ports can be opened, you either open 80 or 443. The character "/" won't work. You choose the port to be opened..

[SimonT Quinnell]

Why on earth are you wanting to open port 80 or port 443?   SL is NOT a web server and you sure dont need https (thats what 443 is for) open. You shouldn't open ports randomly.

If you install SL normally then rules are added to the windows firewall anyway.

[Baloo Uriza]

You already got the answer:  The SL installer did everything you need to Windows Firewall to make SL work properly.  The instructions about opening outbound ports only applies to people using a real firewall.

[Baloo Uriza]

Peggy.Paperdoll wrote:

 

Strange how nearly every Internet/network security expert disagrees with that.  Yes, a router also serves as a hardware firewall and offers a lot of protection from intrusions.  And the addition of a software firewall puts one more layer between your computer and any outside intrusions.

If your router is properly configured, or for that matter, is an off-the-shelf Linksys or other router that does NAT out of the box, your machine is unreachable from the outside world to start with.  The vast majority of security experts that aren't Steve Gibson (ie, aren't trying to take your money and run) recognize that if it's running on the machine that's to be protected, it's not actually another layer of security.  Having an indepentant machine dedicated to the task of handling and filtering packets is a firewall.  Installing some software on the machine to be protected isn't a firewall, just snake oil providing false sense of security.

What's your credentials, anyway?  Anybody who hasn't had to think about this on the job for a living or who has no formal education in computer information systems isn't qualified to provide advice on the subject.

[Alexios Donardson]

thank you!

[Toga Diavolo]

Alexios,

Since I don't know exactly what you're trying to accomplish, it's a little difficult to help you design a rule set.  SL clients are fairly straight forward and they all tend to use the same basic voice module, all of which tend to use a finite number of tcp/udp ports. (note to the person who said SL doesn't use http or https, tcp ports 80 & 443, respectively, download a copy of wireshark and scope it yourself, it does).

Based on the variety of ports your talking about, it almost looks like you're trying to set up a sim server... Whole different ball of wax and if that's the case your nat router will need a DMZ port for you to pull this off.  Personally, the vast majority of SoHo routers that you can pick up at best buy, or the electronics store, suck for DMZ use, in my opinion.  If you have cash, I'd recommend a Juniper SSG-5.  If you don't have cash and you have an old PC that has a couple of NIC's, then I'd recommend something using linux and IPtables... If you need something menu driven, takea look at ipcop.

Now or a side note: Windows firewall, WHEN PROPERLY configured is actually brutally effective.  Granted, it doesn't allow quite the granularity of control as a dedicated hardware firewall, and it does suck resources from the machine, but it does work.  Microsoft simply provides the foundation... It's up to developers or curious people to improve upon.  And since it's impossible for anybody to know what you're going to do with your PC at any given time, MS left it fairly wide open to make it easier on the end uer.

For the record:

A router is a protocol converter, T-1, T-3 to 802.3
A Hub is nothing more than a port replicator, where it's back plane shares a collision domain.
A switch is similar to the hub in that it replicates ports however each port is its own collision domain.
Routers can provide basic firewalling, however, in complex environments, they don't have the memory or the CPU power to handle large rule sets.
Firewalls can provide some routing capability, in that they can do potocol and media conversion, but then you start getting into devices costing well into the upper 4 digit range.  Generally not for the home environment.