[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OpenVerse] Fwd: OpenVerse Patch
Heya folks,
What you see below is the newest entry in the contributors section of the web
site. This document describes how to run your OV server from behind a NAT style
firewall. Some assumtions are made about your knowledge of the unix command
line and of the firewall allow comands but this info should get you on your way
to running an OV server from behind a firewall.
Kudos to Karl for providing the HOWTO below.
---------- Forwarded Message ----------
Subject: Fwd: OpenVerse Patch
Date: Wed, 23 Feb 2000 18:47:27 GMT
From: "Karl M. Joch" <k.joch@kmjeuro.com>
Hello Cruise,
enclosed Description and Patch. If there are errors in my english
appologize in advance.
Best regards,
Karl
Instruction how to Setup OpenVerse on a FreeBSD 3.4 Server. I only had
the chance to test it on FreeBSD, but basicly the instructions work in
the same way on Linux and every other firewalled machine.
1. Apply the patch to server.tcl.
2. Create a User with no rights on the system. eg.: openverse with
password :-). You should not run the server as root or as user with
privileges.
3. You should chown newuser:newgroup the OpenVerse Files/Directories
witch the Server needs write acces to. As far as i have seen this are
the rooms/rimage... directories.
4. if you have a system witch already uses the ports 11000-11999 then
you need to change server.tcl:
edit server_port,port_min,port_max to the best values you can use.
(netstat -na should be your friend).
5. Create a openverse.sh file in your /usr/local/etc/rc.d directory
(in FreeBSD all files with extension .sh in rc.d and a rightmask 7xx)
are executed on startup. The file should look like this:
#!/bin/sh
su -l openverse << EOF # we want to use our dummy user
## change to the OpenVerse Home Directory
cd /<OpenVerse-Home-Directory>
## for each room you want to run on the server fire up the following
commands:
ipfw 0100 allow tcp from any to any 7000 setup
# change the port number if your cfg file is different. assuming you
already have defined
# ipfw nnnn allow tcp from any to any established
# also take care that 0100 is in order to fit your rule set. if 0100
is ok then you can use
# it for every rule following here
ipfw 0100 allow tcp from any to any 11000-11999 setup
# this opens the range defined in server.tcl and allows clients to
transfer the pics and avs.
# if you still want to have a good protected machine you should make
sure that nothing else
# runs on these ports.
# now lets fire up the first room.
./server.tcl room1.cfg > /dev/null &
# you should have a running server now.
EOF
There can be some differences on various systems, but basicly this
should work everywhere. Maybe you have to setup the rules in a
firewall script or on a nat system. then you have to allow the
following traffic there:
for every room:
setup connections tcp on the server port (defaults to 7000)
setup connections tcp on the transfer ports (defaults to 11000-11999)
tcp traffic of established connections.
on nat systems or proxy servers you have to redirect the traffic of
the above ports to the local machine running the server.
if you run more then one server i suggest to chance server.tcl and
change the port range for every room. for sure you also have another
base port. then repeate the above steps and you should be done.
Have Fun with OpenVerse.
>>>>>>>>>>>>>>>>>> Patch for restricting the used ports
<<<<<<<<<<<<<<<<<<
> *** server.tcl.org Tue Feb 22 20:19:59 2000
> --- server.tcl Wed Feb 23 17:22:43 2000
> ***************
> *** 206,211 ****
> --- 206,227 ----
> set MVS(captains) {}
> set MVS(maxpushdistance) 100
> set MVS(maxpushvelocity) 100
> + set MVS(serv_port) 11000
> + set MVS(port_min) 11000
> + set MVS(port_max) 11999
> +
> + # Restrict our ports between min/max defined in ReloadConfig
> +
> + proc RestrictPort {} {
> + global MVS
> + incr MVS(serv_port)
> + if {$MVS(serv_port) > $MVS(port_max)} {
> + set MVS(serv_port) $MVS(port_min)
> + }
> + LogIt "Restricted Port: $MVS(serv_port)"
> +
> + return $MVS(serv_port)
> + }
> # Create required directories.
> ***************
> *** 1019,1028 ****
> set size [file size $file]
> set idx [incr MVS(dcc_num)]
> ! set sock [socket -server "Serv_acceptSend $idx" 0]
> ! if {[catch {fconfigure $sock -sockname} port]} {
> ! LogIt "($who) (Serv_DCCSend) Cannot get port for
server - $port"
> }
> lappend MVS(dcc_list) $idx
> --- 1035,1045 ----
> set size [file size $file]
> set idx [incr MVS(dcc_num)]
> ! set sock [socket -server "Serv_acceptSend $idx"
[RestrictPort]]
> ! while {[catch {fconfigure $sock -sockname} port]} {
> ! LogIt "Port was in use - $port (New Try)"
> ! set sock [socket -server "Serv_acceptSend $idx"
[RestrictPort]]
> }
> lappend MVS(dcc_list) $idx
> ***************
> *** 1239,1248 ****
> set file "$MVS(avatars)/$what"
>
> set idx [incr MVS(dcc_num)]
> ! set sock [socket -server "acceptGet $idx" 0]
> ! if {[catch {fconfigure $sock -sockname} port]} {
> ! LogIt "($who) (Serv_DCCSend) Cannot get port for server
- $port"
> }
> lappend MVS(dcc_list) $idx
> set MVS(DCC.$idx.sender) $who
> set MVS(DCC.$idx.file) "$file"
> --- 1256,1268 ----
> set file "$MVS(avatars)/$what"
>
> set idx [incr MVS(dcc_num)]
> !
> ! set sock [socket -server "acceptGet $idx" [RestrictPort]]
> ! while {[catch {fconfigure $sock -sockname} port]} {
> ! LogIt "Port was in use - $port (New Try)"
> ! set sock [socket -server "Serv_acceptSend $idx"
[RestrictPort]]
> }
> +
> lappend MVS(dcc_list) $idx
> set MVS(DCC.$idx.sender) $who
> set MVS(DCC.$idx.file) "$file"
-------------------------------------------------------
--
Cruise -
OpenVerse Visual Chat - http://openverse.org/
-----------------------------------------------------------------
To unsubscribe to the OpenVerse mailing list send a message
to openverse-request@openverse.org with the following word
in the BODY of the message.
UNSUBSCRIBE
If you need assistance from a human, email cruise@openverse.org
-----------------------------------------------------------------