Hi, On Fri, Mar 9, 2012 at 7:32 AM, Owen Kelly <[email protected]> wrote: > Hi, > > I am having trouble thinking through a problem I seem to be having with an > educational project for children we are making using OpenSim. The children > all have individual single-user pocket worlds which they keep on usb sticks. > (The installation uses Ener Hax's sim-on-a-stick.) We want them each to be > able to teleport to a shared social world on our university server, much like > Topology B on this page: http://opensimulator.org/wiki/Hypergrid > > The social world has a static IP address. The usb sticks have no IP address > that is knowable in advance. > > This project is intended to work with 2 school classes, and the staff and > pupils of those classes should be the only people in the social world. The > usb sticks should definitely not be on the public map. Neither should the > social world be available except from the usb sticks, which should only be > able to transport their users from the pocket world to the social world and > back again.
If you already understand how to set this up to listen on the public Internet, then you don't have very much left to do.... you just need to set up a firewall *somewhere* (whether on the individual lab PCs or on the hardware router/firewall that connects them together). Actually, if you just put all the PCs on a common NAT, you don't have to explicitly block any ports -- the ports will be blocked per default because the router won't forward inbound packets anywhere unless you explicitly set up port forwarding rules. If you literally have every student's machine hooked up to the public internet with a unique public IP address, you can still set them up on a software NAT using a reasonably beefy (and/or not very busy) regular PC. You didn't state what operating system you have or any of the technical details, so I can't provide any more specific help than that. Basically don't worry about restricting opensim from accessing the public internet. Instead, restrict the network layer with a firewall. It will be significantly harder to prevent your students from hypergridding to *other* grids from their client software. Hypergrids can listen on an arbitrary port, even 80 (which is normally unblocked for HTTP). Unless you have a very clever transparent proxy or forced http proxy, you won't be able to (easily) distinguish between students' legitimate outbound network traffic -- such as accessing the university's library site in a browser -- and hypergridding to another opensim community, such as osgrid or 3rd rock. You *could* entirely disable public internet access during your lesson, if you have full control over all of the student machines and they don't need the internet for the exercise. This would be the only way to definitively prevent them from going "outbound" to connect to an arbitrary server. Just block all outbound ports on all outbound IPs except for the CIDR of the LAN/NAT (probably 10.x.x.x or 192.x.x.x). > > I have read all the documentation and tutorials that I can find about > hypergridding, but I am still not sure of the best way to approach this. I > have an uneasy suspicion that this may be very simple and I am foolishly > over-thinking it. > > Could anyone offer any guidance please? I would be happy for anything from a > suggested starting point to a step-by-step guide. If you think it's going to be a problem to know the IP addresses of the individual grids in advance, you'll need to use hostnames. Make sure all the computers can ping each other by hostname, and make sure the students can't change the hostnames. Problem (should be) solved. You can now configure your grid based on the hostnames of the other HG "pocket worlds". Lastly -- if this configuration is expected to be established over the public internet with each of the students residing in their own house or dormitory, using their own computer, I think the only way to make it remotely possible would be to use a VPN such as Hamachi to get everyone on the same LAN. But since you have no control over students' computers or networks, all bets are off as far as getting them to concentrate on the lesson vs. surfing the web. It's only really possible to control a setup like this if you have all the computers (owned by the school) set up in a room, all connected to the same router. THAT should work as I described above. -Sean > > Many thanks > Owen > _______________________________________________ > Opensim-users mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-users _______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
