Using Second Life with a firewall


Boston Linden

 

If you are experiencing network issues with Second Life, a firewall is often the cause. Follow the steps below to configure your software and hardware firewalls properly for Second Life. Please note that Linden Lab cannot provide support for configurations in which a firewall or internet security software is interfering with Second Life's network access.

Note: Firewalls and anti-virus software frequently block Second Life's auto-update utility from installing the newest version. You can always download the latest version of Second Life at http://secondlife.com/download.

Configuring your software firewall

Software firewalls should list Second Life as a trusted program. We highly recommend turning on notifications for any blocked network activity. You should frequently monitor your software firewall settings, as some versions automatically update settings to provide tighter security.

Consult the documentation for your software or visit the manufacturer's website for details on how to configure your internet security software. Linden Lab cannot provide support for third-party software.

Don't forget the built-in Windows Firewall; certain system updates may cause the Windows Firewall to re-enable itself. You can find the Windows Firewall in the Control Panel, under Security Center.

Norton Internet Security / Norton Firewall

  1. Start Norton Internet Security or Norton Personal Firewall.
  2. In the main program window, click Personal Firewall.
  3. Click Configure. The Personal Firewall configuration dialog box appears.
  4. On the Programs tab, the Manual Program Control list contains a list of programs.
  5. Click on the rule(s) for Second Life.
  6. Click Remove.
  7. Click OK to confirm the removal.
  8. Click Add and manually navigate to C:\Program Files\SecondLife\Secondlife.exe
Tip: Turning off Internet Worm Protection can also help.

Link to Symantec for Norton product configuration.

 

McAfee Personal Firewall

  1. Open the Personal Firewall and navigate to Internet Applications.
  2. Click on any listing(s) for Second Life and choose Delete Application Rule on the lower right.
  3. Click on New Allowed Application underneath the program list, and navigate to C:\Program Files\SecondLife\Secondlife.exe

Additional helpful settings:

  • Turn off Smart Recommendations.
  • Turn on Show Red and Green Alerts, or Show All Alerts.
  • Set the Security Level to Standard or lower.

ZoneAlarm

  1. In the Programs panel, remove any entry for Second Life.
  2. Scroll down to the white area at the bottom of the programs list. Right-click and highlight Add Program.
  3. Browse to C:\Program Files\SecondLife\Secondlife.exe and click Open.

Additional helpful settings:

  • Set Security for the Internet zone to Medium or lower.
  • Open the specific ports Second Life uses (see above) under Firewall > Main > Internet Zone Custom Settings.
  • Many ZoneAlarm products include an AntiSpyware tool that detects some programs as a Remote Access Tool. These programs are quarantined by default. To set Second Life as a trusted program:
    1. Go to AntiSpyware advanced settings and set it to not automatically treat infections.
    2. Run the AntiSpyware scan.
    3. Locate Second Life.
    4. Choose Always Ignore.
    5. You may then set AntiSpyware back to automatically treat.

Configuring your hardware firewall

Although the details depend on your specific firewall, follow this general procedure:

  1. Open outbound access for TCP ports - Second Life servers do not establish inbound TCP connections to client systems running the Second Life Viewer software. Instead, they use the "request / response" message pattern. Enable outbound TCP access for ports 53, 80, 443, 12043, 12046 and 21002.
  2. Open outbound "session" access for UDP ports- Although UDP is a session-less transport, many firewalls block unsolicited incoming UDP traffic to a particular port unless it has seen recent outgoing UDP traffic from that same port. Activate outbound UDP for ports 53, 3478, 3479, 5060, 5062, and 12000-29999.
  3. Monitor - The intricacies of modern firewalls make it difficult for one document to cover every network configuration. Use tools such as ntop and nprobe to monitor network flow between the Second Life Viewer and servers to identify network flows blocked by the firewall.

Using Second Life from a closed network

To access Second Life from inside a closed network, such as at an academic institution or corporate office, you may need to configure Second Life to route its traffic through designated proxy servers. Proxy servers allow Second Life to communicate with critical resources outside a closed network.

Note: Many schools and companies maintain proxy servers specifically for this purpose. If you need to connect to Second Life through a proxy server, contact your network administrator for the addresses, port numbers, and necessary credentials to complete the instructions below.

The Proxy Settings window 300px-Proxy_Settings.png

Second Life allows you to configure two types of proxy servers in order to route three distinct types of traffic necessary for connecting to and properly experiencing Second Life.

To access the Proxy Settings window:

  1. Choose Me > Preferences from the top menu bar.
  2. Click the Setup tab of the PREFERENCES window.
  3. Click the Adjust proxy settings button to open the Proxy Settings window. 

HTTP proxy

The HTTP proxy is specifically for routing HTTP traffic meant to be viewed inworld via the Media Browser or Shared Media (and potentially "other" HTTP traffic). It is not necessary to set up this proxy in order to connect to Second Life from inside a closed network, but you will not have access to web content. If you need to set up an HTTP proxy for your normal web browser, you probably need to set up an HTTP proxy for Second Life as well.

To configure an HTTP proxy for web pages in the Proxy Settings window:

  1. Check Use HTTP Proxy for Web pages
  2. Enter the HTTP proxy's network address and port number in the HTTP Proxy: and Port number: fields, respectively.

SOCKS 5 proxy

The SOCKS proxy is responsible for routing UDP traffic (and potentially "other" HTTP traffic) between Second Life and resources outside your closed network. If you are on a closed network, such as at a school or corporate office, you must configure a SOCKS proxy in order to connect to Second Life.

To configure a SOCKS 5 proxy for UDP traffic in the Proxy Settings window:

  1. Check Use SOCKS 5 Proxy for UDP traffic
  2. Enter the SOCKS 5 proxy's network address and port number in the SOCKS 5 Proxy: and Port number: fields, respectively.
  3. If your SOCKS proxy does not require authentication, you're done!
    • If your SOCKS proxy does require authentication, choose the Username/Password radio button under SOCKS Authentication and enter your user name and password in the marked fields.

Other HTTP traffic

In addition to web and UDP traffic, Second Life uses HTTP for a few other purposes, such as loading your inventory and loading textures on objects. You may choose to route this "other" HTTP traffic through either an HTTP proxy or SOCKS 5 proxy. If you have configured both types of proxies, try experimenting with each to figure out which one provides the best inventory and texture loading speeds.

To select a proxy for other HTTP traffic, choose from one of the available radio buttons under Other HTTP traffic proxy in the Proxy Settings window. You cannot select a proxy you have not yet configured.

Caveats

Proxy servers do not currently aid the following features in getting through your network's firewall:

  • Voice chat. You may still be able to use voice chat by forwarding the necessary ports as described above in Configuring your hardware firewall.
  • The automatic updater.
  • The crash logger.
1 person likes this




User Feedback


There are no comments to display.