Configuring Firewalls For Second Life Use

From Virtual Worlds

Jump to: navigation, search

In order to use Second Life from your network, Second Life client needs to be able to connect to the following ports:

  • 443/TCP
  • 12035/UDP
  • 12036/UDP
  • 12043/TCP and
  • 13000-13050/UDP

Your network administrator / IT should configure your firewall to allow outbound traffic on those ports, and related inbound traffic.

If your internal policies make opening ports for the entire enterprise hard and lengthy process, you might want to consider creating (or using already existing in most companies) guest network that does not allow access to confidential intranet sources, but does allow less restrictive access to the outside internet.

You'll need to consult your firewall's documentation, or the manufacturer's website, for instructions on how to make these changes to your firewall. Below are a few examples of configuration settings for popular network firewalls:


If your hardware firewall is a Cisco router/switch that uses reflexive access lists (IOS 11.0 or later), add these lines to your outbound access list:

  • permit tcp any any eq 443
  • permit udp any any eq 12035 reflect outbound-SL
  • permit udp any any eq 12036 reflect outbound-SL
  • permit udp any any range 13000 13050 reflect outbound-SL

Then, on your inbound access list, add:

  • permit tcp any any established
  • evaluate outbound-SL

Then, apply these access lists. SL should now be able to communicate through your Cisco router.

If your hardware firewall is a Linux box that uses Killerwall, add these lines to your /etc/killerwall.acl:

  • IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 tcp TOPORT 443 ACCEPT
  • IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12035 ACCEPT
  • IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 12036 ACCEPT
  • IN IFACE <your lan interface> FROM 0.0.0.0/0 TO 0.0.0.0/0 udp TOPORT 13000-13050 ACCEPT

Then, restart Killerwall. Killerwall automatically tracks related reply packets, so Second Life L should now work correctly.

If your hardware firewall is a Linux box that uses IPF (Linux Firewall)

  • pass out quick on rl0 proto tcp from any to any port = 443 flags S keep state
  • pass out quick on rl0 proto udp from any to any port = 12035
  • pass out quick on rl0 proto udp from any to any port = 12036
  • pass out quick on rl0 proto tcp from any to any port = 12043 flags S keep state
  • pass out quick on rl0 proto udp from any to any port 12999 <> 13051
  • pass in quick on rl0 proto tcp from any to any port = 443 flags S keep state
  • pass in quick on rl0 proto udp from any to any port = 12035
  • pass in quick on rl0 proto udp from any to any port = 12036
  • pass in quick on rl0 proto udp from any to any port 12999 <> 13051 </UL
Retrieved from "http://www.thevirtualworldsbook.com/wiki/index.php/Configuring_Firewalls_For_Second_Life_Use"