Firewall ports ???

Hi there!!!

Does anyone know what the ports UDP & TCP are for SecondLife??

I'm using Norton Internet Security 2k2 (NIS2k2)...
and I cannot connect, I get the message:

"Unable to connect to server.
The system may be down.
Please try again later."

It would be easy if my firewall was on the same puter as the game, I could just add the game to NIS2k2's allow list... but my webserver/firewall is a seperate system. In which case I need the port numbers so I can make some more holes in firewall.

Thanks in advance,

2nd Life: Krazatchu Sandgrain
1st Life email: [email]krazatchu@yahoo.ca[/email]

The ports that need to be opened are:
12020->13050
If that range seems to be large, you can limit it to:
12020-> 12050 and 13000->13050.

Hope this helps,

-P

My network has all ports open for outgoing connections, and SL works fine, but in the log for my router I see denied incoming connections from 63.211.139.114(sim14.agni.lindenlab.com) on ports 61773, 61838, 62036, 62101, 62201, 62655. I know how to allow the SL sever to connect to these ports, but before I do, I want to know why they are connecting to me? And is it a problem for these connections to be denied?

-Pat Murphy

Hmm... I'll bet that these attempts to connect are a result of crashes, and us continuing to send data to you. When you're running through a firewall with NAT (Network Address Translation), we talk to you over whatever port the firewall tells us to connect over. If your viewer crashed (or quit incorrectly?), sometimes we will continue to try to send packets at those ports for a while, even though we don't have a connection.

So you shouldn't have to open those ports...

- Doug

Hi there...

After hearing about the new client and recently reinstalling Windows XP on my destop, I decided to try again...

I am still unable to login with my firewall enabled and the port range 12020 thru 13050 open (both remote & local, UDP & TCP).

Upon attempting to login the client stops at "Verifying Protocol Version".

With the firewall Completely disabled I have managed to go beyond this point where the server will indicate that the game is closed due to the time of day (which is correct).

I would really like to get "in world" but I do not wish to compromise my network security in doing so...

My firewall is Norton Internet Security 2002 and resides on my Win2000server Box. The client is running on a fresh install of XP professional at my desktop.

Any help would be appreciated...

Krazatchu

(see first message of thread below)

Hmmm....

We'll recheck the port ranges and make sure they are correct, and add to our docs, but I think this is right.

We use soley UDP for communication between SL client and the server grid. There are typically 10-15 IP numbers sending inbound data, corresponding to the local simulators to which you need to be connected (simXX.agni.lindenlab.com), and several to manage your account info, etc.

These should all fall into that port range. Additionally (which should make many routers just work with SL out-of-the-box) the inbound communication from any external IP is always preceded by a first message from the client.

As Doug discussed, sometimes after a crash or shutdown there will still be some traffic from some of the simulators. This should stop within a minute or so.

Philip: Could you post the range of IP addresses, by any chance? My firewall has a spot for setting "trusted" zones.

Krazatchu: <Rainman voice> NIS sucks </Rainman voice>

In all seriousness, I've worked with some internet applications which simply could not / would not work with NIS. I'm not saying SL does fall into that category. I'm saying there are some apps that just cannot make the connections they need to make if NIS is running. NIS's "fault" IMO.

I wonder if you could use ZoneAlarm instead? I've not tried it in the way you're using your firewall -- my husband and I each run ZA on our system, and we're networked together to share the DSL connection. I haven't (yet..knock on wood) run across any apps that couldn't do their job with ZA running. And it's so incredibly easy to use. You don't *have* to set trusted zones. You do not open specific ports. You simply tell it which applications are allowed to access the net, and whether they're allowed to act as a server as well as a client. It pops up a little box whenever a (new to it) program attempts to connect out, asking you if you want to allow it, AND if you want ZA to remember this decision. Bonus: It's helped me catch and disable quite a lot of spyware. There's a free as well as a paid version (we use the free one). I'm not affiliated -- just use it, and am happy with it.

Oh, http://www.zonelabs.com/ if you decide to check it out.

#!

Hey there...

I finally managed to get "in world" ...

The solution was to allow the SL server (63.211.139.100 & 10 a complete connection instead of allowing any connection with the limmited range of port numbers.

The solution hadn't occured to me until I was aware that, unlike other multiplayer games, the client connects to only a few IPs...

In retrospect this should be a more secure solution as it blindly allows the SL life server to connect on a wide range of ports as opposed to anyone connecting to a smaller range... A full trust to a known server as opposed to a limmited trust to anyone.

Well, if u see me in world, I'm the one with the blond spikey hair...

Thanks,
Krazatchu Sandgrain

P.S. Currently I'm allowing IPs 63.211.139.100 & 63.211.139.108,
If I included more IPs will it improve bandwidth and overall game play? Also is there any chance that the IPs will alternate because of server load or other factors?

If you want things to work correctly, you should allow full connections to our entire server farm. Each server has its own IP address. You need to open:

63.211.139.100 - 120

The entire 63.211.139.* IP range is owned by Linden Lab, and we will be adding more servers in that range. So I would recommend opening:

63.211.139.1 - 254

for future compatibility.

James