During the last couple of weeks we’ve had the opportunity to have a wide spectrum of end users join us in a Wonderland world. Perhaps one of the biggest issues our users faced was not having the proper ports opened in their firewalls for the various network traffic between their Wonderland client and the server. Not having the proper ports open in a firewall on the client side could limit a user’s ability to receive and send audio or even connect to the world entirely.
Firewalls can be a tricky and complex issue — sometimes an end user is behind a firewall they configure (perhaps at their home) and other times an end user is behind a firewall maintained by their IT department at work. At the very least, it is necessary to make information about what ports Wonderland uses and why as clear and readily available as possible. That’s the purpose of this blog entry.
Note that we are talking about the firewall on the client side–so we are really addressing end users here. (This information still holds if you are trying to set up a Wonderland server behind a firewall — although typically in that case you are more concerned about opening ports for inbound traffic).
Here’s a table of all the ports Wonderland uses, the type of the port (TCP or UDP), and what part of Wonderland uses the port. These are default values — while we expect most Wonderland servers to use these defaults, keep in mind, each can be configured separately.
|80||TCP||Web server to launch Wonderland client|
|1139||TCP||Main communication channel with Wonderland server|
|5060||UDP||Audio signaling communication channel|
|10000 – 10200||UDP||Audio channels|
|Random||TCP||Shared application channels|
First of all, you will need to be able to establish a connection to the web server on the machine running the Wonderland server to launch the Wonderland client using Java Web Start — typically this web server communication happens over TCP Port 80. If you can surf the web–as is typically the case–then you likely will be able to reach the web server on the Wonderland server machine.
Next, is TCP Port 1139. This is the primary communication channel between your Wonderland client and server. When you click the Log On button, if you are unable to connect, then it is possible that the firewall is preventing you from making an outbound TCP connection over port 1139. Most firewalls should allow outbound TCP connections by default.
The next set of ports are UDP port 5060 and ports 10000 – 10200. These are used by the audio subsystem in Wonderland: if you cannot hear anyone else (or any recorded audio inside the world) and no one else can hear you, these ports may not be properly opened in the firewall. The UDP port 5060 is used for audio ‘signaling’–that is, passing information to establish and tear down audio connections. Each audio source (for example, each avatar counts as an audio source) consumes two UDP ports between the range 10000 and 10200. The client always sends the first message on these ports, so if your firewall allows outbound UDP messages, then you should be fine. Otherwise you may need to open these ports up on your firewall. (The client always sends the first message outbound on the two ports. Typically, your firewall will then allow return inbound messages on the same port by default, subject to a time-out).
Finally, the TCP ports used by the application sharing mechanism in Wonderland. If someone shares a 2D desktop application with the world, and you cannot see it, then it is possible that these ports are not properly opened. By default, the Wonderland server software chooses a TCP port at random and then communicates this choice to the client. The client then uses that port to connect to the server’s application sharing mechanism. If your firewall allows all outbound TCP connections (which is typically the case), then you are fine. If not, then the administrator of the Wonderland server can restrict the application sharing mechanism to choose a port within a specific range (most often, we tend to use the range 44000 – 44500). You can then open up those ports in your firewall.
This blog summarized the network port usage of Wonderland. For more information about configuring Wonderland in the presence of firewalls, NATs, and proxies, take a look at: http://wiki.java.net/bin/view/Javadesktop/ProjectWonderlandFirewall.
If you cannot successfully connect to the Wonderland server or hear audio or see shared applications, there may be other issues besides having the proper ports opened in your firewall. There are some pages on our wiki to help you through some of these other issues: