From: "Karl M. Joch" k.joch@kmjeuro.com
Date: Wed, 23 Feb 2000 18:47:27 GMT
Subject: Fwd: OpenVerse Patch
To: cruise@openverse.com

Hello Cruise,

enclosed Description and Patch. If there 
are errors in my english 
appologize in advance.

Best regards,

Karl


Instruction how to Setup OpenVerse on a 
FreeBSD 3.4 Server. I only had 
the chance to test it on FreeBSD, but 
basicly the instructions work in 
the same way on Linux and every other 
firewalled machine.

1. Apply the patch to server.tcl.

2. Create a User with no rights on the system. 
eg.: openverse with 
password :-). You should not run the 
server as root or as user with 
privileges. 

3. You should chown newuser:newgroup the 
OpenVerse Files/Directories 
witch the Server needs write acces to. As 
far as i have seen this are 
the rooms/rimage... directories.

4. if you have a system witch already uses
 the ports 11000-11999 then 
you need to change server.tcl:
    edit server_port,port_min,port_max to 
the best values you can use. 
(netstat -na should be your friend).

5. Create a openverse.sh file in your 
/usr/local/etc/rc.d directory 
(in FreeBSD all files with extension .sh 
in rc.d and a rightmask 7xx) 
are executed on startup. The file should look like this:
	
	#!/bin/sh
	su -l openverse << EOF # we want 
to use our dummy user
	## change to the OpenVerse Home 
Directory
	cd /OpenVerse-Home-Directory
## for each room you want to run on the server
 fire up the following 
commands:
      ipfw 0100 allow tcp from any to any 
7000 setup     
	# change the port number if your 
cfg file is different. assuming you 
already have defined
	# ipfw nnnn allow tcp from any to 
any established
	# also take care that 0100 is in 
order to fit your rule set. if 0100 
is ok then you can use 
	# it for every rule following here
	ipfw 0100 allow tcp from any to 
any 11000-11999 setup
	# this opens the range defined in 
server.tcl and allows clients to 
transfer the pics and avs.
	# if you still want to have a good
 protected machine you should make 
sure that nothing else
	# runs on these ports.
	# now lets fire up the first room.
	./server.tcl room1.cfg > /dev/null 
 &
# you should have a running server now.
	EOF

There can be some differences on various 
systems, but basicly this 
should work everywhere. Maybe you have to 
setup the rules in a 
firewall script or on a nat system. then 
you have to allow the 
following traffic there:

for every room:

setup connections tcp on the server port 
(defaults to 7000)
setup connections tcp on the transfer 
ports (defaults to 11000-11999)
tcp traffic of established connections.

on nat systems or proxy servers you have 
to redirect the traffic of 
the above ports to the local machine 
running the server.

if you run more then one server i suggest 
to chance server.tcl and 
change the port range for every room. for 
sure you also have another 
base port. then repeate the above steps 
and you should be done.

	
Have Fun with OpenVerse.

[notes by cruise] This patch is for 
version 0.7-10 of the OpenVerse
server code. It may not patch older or 
newer code correctly.


>>>>>>>>>>>>>>>>>> Patch for restricting 
the used ports 
<<<<<<<<<<<<<<<<<<


> *** server.tcl.org    Tue Feb 22 
20:19:59 2000
> --- server.tcl        Wed Feb 23 
17:22:43 2000
> ***************
> *** 206,211 ****
> --- 206,227 ----
> set MVS(captains) {}
> set MVS(maxpushdistance) 100
> set MVS(maxpushvelocity) 100
> +     set MVS(serv_port) 11000
> +     set MVS(port_min) 11000
> +     set MVS(port_max) 11999
> +
> +     # Restrict our ports between 
min/max defined in ReloadConfig
> +
> +     proc RestrictPort {} {
> +             global MVS
> +             incr MVS(serv_port)
> +             if {$MVS(serv_port) > 
$MVS(port_max)} {
> +                     set MVS(serv_port)
 $MVS(port_min)
> +             }
> +             LogIt "Restricted Port: $MVS(serv_port)"
> +
> +             return $MVS(serv_port)
> +     }

> # Create required directories.

> ***************
> *** 1019,1028 ****

> set size [file size $file]
> set idx [incr MVS(dcc_num)]
> !             set sock [socket -server 
"Serv_acceptSend $idx" 0]

> !             if {[catch {fconfigure 
$sock -sockname} port]} {
> !                     LogIt "($who) 
(Serv_DCCSend) Cannot get port for 
server - $port"
> }

> lappend MVS(dcc_list) $idx
> --- 1035,1045 ----

> set size [file size $file]
> set idx [incr MVS(dcc_num)]
> !             set sock [socket -server 
"Serv_acceptSend $idx" 
[RestrictPort]]

> !             while {[catch {fconfigure 
$sock -sockname} port]} {
> !                     LogIt "Port was in
 use - $port (New Try)"
> !                     set sock [socket 
-server "Serv_acceptSend $idx" 
[RestrictPort]]
> }

> lappend MVS(dcc_list) $idx
> ***************
> *** 1239,1248 ****
> set file "$MVS(avatars)/$what"  
> > set idx [incr MVS(dcc_num)]
> !     set sock [socket -server 
"acceptGet $idx" 0]
> !     if {[catch {fconfigure $sock 
-sockname} port]} {
> !             LogIt "($who) 
(Serv_DCCSend) Cannot get port for server 
- $port"
> }
> lappend MVS(dcc_list) $idx
> set MVS(DCC.$idx.sender) $who
> set MVS(DCC.$idx.file) "$file"
> --- 1256,1268 ----
> set file "$MVS(avatars)/$what"  
> > set idx [incr MVS(dcc_num)]
> !
> !     set sock [socket -server 
"acceptGet $idx" [RestrictPort]]
> !     while {[catch {fconfigure $sock 
-sockname} port]} {
> !             LogIt "Port was in use - 
$port (New Try)"
> !             set sock [socket -server 
"Serv_acceptSend $idx" 
[RestrictPort]]
> }
> +
> lappend MVS(dcc_list) $idx
> set MVS(DCC.$idx.sender) $who
> set MVS(DCC.$idx.file) "$file"