 |
| |
| META TOPICPARENT | name="ProjectWonderland" |
|---|
Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. --> | | |
This will limit application sharing to run on ports 44400 - 44500. In your firewall or NAT, you will also need to map these ports to the Wonderland server. | |
>
> | You can also specify the public hostname that application sharing clients should connect to. To do this, set the following property in your Wonderland config file:
wonderland.appshare.hostName=public.hostname.com
When application sharing clients connect, they will connect to the given public hostname. | | | \ No newline at end of file |
| |
| META TOPICPARENT | name="ProjectWonderland" |
|---|
Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. --> | |
>
> | This page will help you with issues related to running project Wonderland behind firewalls, NATs or proxies.
Click here if you are running a Wonderland client and need to set up web proxies
Click here if you are running a Wonderland server behind NAT or a firewall
Setting up a Project Wonderland client to work with HTTP proxies
For proper operation, the Wonderland client must be able to directly access the Wonderland server as well as the Wonderland voice bridge. If your computer or network has a firewall that blocks access to the server, Wonderland may not work properly. If you cannot connect to the Wonderland server, please contact your network administrator to make sure access is available to the necessary servers and ports.
In addition, in the default setup Wonderland requires Web access to download the world artwork. If you use a proxy server to access the Web, Wonderland may not be able to download artwork. If you need to access the artwork through a proxy server, please follow these instructions:
TODO: write instructions
| | | Setting up a Project Wonderland server behind a NAT or firewall | |
>
> | The Wonderland server requires a fixed public address, as well as a number of TCP and UDP ports to operate properly. If you are trying to run the Wonderland server behind NAT or a firewall, you will need to configure your NAT or firewall so these ports are mapped to your Wonderland server. You will also need to configure the Wonderland server to use a fixed range of ports for its various operations. For more information on what ports to open and how to configure your Wonderland server, please see below. | | | Overview
This tutorial describes how to set up the Project Wonderland server to run behind a firewall or NAT system. It assumes you have already installed a copy of Wonderland as described here, and have a basic working knowledge of networking and Wonderland. |
| |
| META TOPICPARENT | name="ProjectWonderland" |
|---|
Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. --> | | | Each protocol requires different firewall and NAT strategies, so we will discuss each in turn below. | |
>
> | Getting started
To set up a Wonderland server behind a NAT or firewall, you will need to do two basic things. First, you will need to configure your NAT router or firewall so that when a request is made to one of the ports that Wonderland uses, it is redirected to the Wonderland server. Second, you will need to configure the Wonderland server so that it knows about your NAT or firewall settings, and uses a appropriate public addresses and port ranges.
Below, we will describe what port ranges need to be mapped on your router or firewall. Please consult your router or firewall documentation for the specifics of how to map ports on your device.
To configure Wonderland, you will need to make some changes to the Wonderland configuration file. The location of the Wonderland configuration file will depend on how you installed Wonderland and what platform your are on. If you are downloaded and built Wonderland from source, the configuration file will be in the lg3d-wonderland directory, named "my.build.properties". If the my.build.properties file doesn't exist, you can create it. If you are using a binary build of the Wonderland server, the configuration file will already exist in the Wonderland install directory, in a file named my.run.properties. In the following instructions, use either the my.build.properties or my.run.properties file whenever we refer to the Wonderland config file. | | | Darkstar communication
The main communication protocol for Wonderland is the Darkstar protocol. This is a propriatary, tcp-based protocol. By default, Wonderland uses: | | |
Forwarding this port should be pretty simple: for a firewall, simply open up TCP port 1139 for incoming connections; for a NAT, map the public IP address port 1139 to the internal machine's port 1139. | |
<
< | You can also change the port that the Wonderland server uses by default. If you have a Wonderland workspace, edit the file lg3d-wonderland/my.build.properties (create it if it doesn't exist) and add the following line: | >
> | You can also change the port that the Wonderland server uses by default. In the Wonderland config file add the following line: | | |
sgs.port=12345
| | | jVoiceBridge | |
<
< | jVoiceBridge uses the standard SIP and RTP protocols to transmit voice data from the Wonderland server to the various clients. jVoiceBridge uses UDP for communications, which can make it more complicated to pass through firewalls. Typically, jVoiceBridge uses a number of ports. The main port is the UDP control port is used by SIP, and by default is: | >
> | jVoiceBridge uses the standard SIP and RTP protocols to transmit voice data from the Wonderland server to the various clients. jVoiceBridge uses UDP for communications, which can make it more complicated to pass through firewalls. jVoiceBridge uses a single UDP port for all control data, and an additional two UDP ports per call connected.
The UDP control port is used by SIP, and by default is: | | |
UDP port 5060
| |
<
< | In addition, jVoiceBridge uses two consecutive UDP port per call. So to support 100 calls, you will need to open 200 ports on your firewall or NAT. You can control the UDP port range used by jVoiceBridge by editing the file lg3d-wonderland/my.build.properties (create it if it doesn't exist) and adding the following lines: | >
> | In addition, jVoiceBridge uses two consecutive UDP ports per call. So to support 100 calls, you will need to open 200 ports on your firewall or NAT. You can control the UDP port range used by jVoiceBridge by editing the Wonderland config file and adding the following lines: | | |
voicebridge.first.rtp.port=10000
voicebridge.last.rtp.port=10200 | | | Configuring jVoiceBridge for a NAT requires one more piece of information: the public address of the NAT router. To work through a NAT you will need to map the public address and SIP port to port 5060 on the jVoiceBridge server. You will also need to map a range of UDP ports to the UDP port range you selected above. Note that the public port numbers do not need to match the internal ports, but there must be a 1-to-1 mapping between the number of public ports and the number of internal ports. | |
<
< | Once you have configured the external address, edit the lg3d-wonderland/my.build.properties file to add the following values: | >
> | Once you have configured the external address, edit the Wonderland config file to add the following values: | | |
wonderland.local.hostAddress=my.host.private
voicebridge.server.public.address=my.host.public | | | Application sharing in Wonderland is generally done peer-to-peer. So the application clients connect directly to the host that has put the content in the world. While this approach improves performance, it can make firewall and NAT traversal quite difficult. | |
<
< | If the Wonderland server is running on a Solaris or Linux system, there is a special client called the "server master client" that can host applications on the server. This server runs on the Wonderland server machine, behind the firewall or NAT for the Wonderland server system. To allow clients to use these server-hosted applications, open up the following ports: | >
> | If the Wonderland server is running on a Solaris or Linux system, there is a special client called the "server master client" that can host applications on the server. This server runs on the Wonderland server machine, behind the firewall or NAT for the Wonderland server system. The server master client requires one TCP port per application that is shared. You can specify the range of TCP ports the server master client uses by adding the following properties to the Wonderland config file: | | | | |
<
< | TODO: determine ports to open | >
> | wonderland.appshare.minPort=44400
wonderland.appshare.maxPort=44500 | | |
\ No newline at end of file | |
>
> | This will limit application sharing to run on ports 44400 - 44500. In your firewall or NAT, you will also need to map these ports to the Wonderland server. | | | \ No newline at end of file |
| |
| META TOPICPARENT | name="ProjectWonderland" |
|---|
Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. --> | | | Once you have a fixed IP, you will likely setup a firewall or NAT. If you are behind a firewall, the process will involve opening up the key ports to the Wonderland server. If you have a NAT system, you will also need to map your public IP address to the machine behind the NAT which is running the Wonderland server. | |
>
> |
Figure 1. Communications in Wonderland
|
| | | Project Wonderland uses a number of different communication mechanisms and protocols: | |
<
< |
- Darkstar communication is used for the majority of updates such as login, positioning your avatar, etc.
- jVoiceBridge uses the standard SIP and RTP protocols for sending the voice data from the server to the client
- Wonderland uses a peer-to-peer protocol for application sharing
| >
> |
- Darkstar communication is used for the majority of updates such as login, positioning your avatar, etc.
- jVoiceBridge uses the standard SIP and RTP protocols for sending the voice data from the server to the client
- Wonderland uses a peer-to-peer protocol for application sharing
| | | Each protocol requires different firewall and NAT strategies, so we will discuss each in turn below.
Darkstar communication | |
>
> | The main communication protocol for Wonderland is the Darkstar protocol. This is a propriatary, tcp-based protocol. By default, Wonderland uses:
TCP port 1139
Forwarding this port should be pretty simple: for a firewall, simply open up TCP port 1139 for incoming connections; for a NAT, map the public IP address port 1139 to the internal machine's port 1139.
You can also change the port that the Wonderland server uses by default. If you have a Wonderland workspace, edit the file lg3d-wonderland/my.build.properties (create it if it doesn't exist) and add the following line:
sgs.port=12345
To configure the server to listen on port 12345.
jVoiceBridge
jVoiceBridge uses the standard SIP and RTP protocols to transmit voice data from the Wonderland server to the various clients. jVoiceBridge uses UDP for communications, which can make it more complicated to pass through firewalls. Typically, jVoiceBridge uses a number of ports. The main port is the UDP control port is used by SIP, and by default is:
UDP port 5060
In addition, jVoiceBridge uses two consecutive UDP port per call. So to support 100 calls, you will need to open 200 ports on your firewall or NAT. You can control the UDP port range used by jVoiceBridge by editing the file lg3d-wonderland/my.build.properties (create it if it doesn't exist) and adding the following lines:
voicebridge.first.rtp.port=12345
voicebridge.last.rtp.port=12545
This will restrict the voice bridge to use the UDP ports from 12345 - 12545 for voice traffic.
Figure 2. Running jVoiceBridge through NAT
|
Configuring jVoiceBridge for a NAT requires one more piece of information: the public address of the NAT router. To work through a NAT you will need to map the public address and SIP port to port 5060 on the jVoiceBridge server. You will also need to map a range of UDP ports to the UDP port range you selected above. Note that the public port numbers do not need to match the internal ports, but there must be a 1-to-1 mapping between the number of public ports and the number of internal ports.
Once you have configured the external address, edit the lg3d-wonderland/my.build.properties file to add the following values:
wonderland.local.hostAddress=my.host.private
voicebridge.server.public.address=my.host.public
voicebridge.server.public.sip.port=5060
Where my.host.private is the private (internal) IP address of the Wonderland server and my.host.public is the public (external) IP address. | | | | |
>
> | Application Sharing
Application sharing in Wonderland is generally done peer-to-peer. So the application clients connect directly to the host that has put the content in the world. While this approach improves performance, it can make firewall and NAT traversal quite difficult.
If the Wonderland server is running on a Solaris or Linux system, there is a special client called the "server master client" that can host applications on the server. This server runs on the Wonderland server machine, behind the firewall or NAT for the Wonderland server system. To allow clients to use these server-hosted applications, open up the following ports:
TODO: determine ports to open
|
|
>
> |
| META TOPICPARENT | name="ProjectWonderland" |
|---|
Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. -->
Setting up a Project Wonderland server behind a NAT or firewall
Overview
This tutorial describes how to set up the Project Wonderland server to run behind a firewall or NAT system. It assumes you have already installed a copy of Wonderland as described here, and have a basic working knowledge of networking and Wonderland.
To run a Wonderland server, you must have a fixed, public IP address that clients can connect to. This means that the Wonderland server will not work properly on a machine with a dynamic IP address. If you do not have a fixed IP address, you may look into a number of Dynamic DNS services to provide name resolution for your machine.
Once you have a fixed IP, you will likely setup a firewall or NAT. If you are behind a firewall, the process will involve opening up the key ports to the Wonderland server. If you have a NAT system, you will also need to map your public IP address to the machine behind the NAT which is running the Wonderland server.
Project Wonderland uses a number of different communication mechanisms and protocols:
- Darkstar communication is used for the majority of updates such as login, positioning your avatar, etc.
- jVoiceBridge uses the standard SIP and RTP protocols for sending the voice data from the server to the client
- Wonderland uses a peer-to-peer protocol for application sharing
Each protocol requires different firewall and NAT strategies, so we will discuss each in turn below.
Darkstar communication |
|