< This page is under construction.

I apologize about the mess > * How to configure your firewall/router to run Active Worlds client and servers behind it? * *Please click on the advertizing below.* It costs you nothing but it help to support this site!

AW world server uses port 7777 by default but be prepared that some servers uses different ones (they tend to use ports between 7000 and 7999) to communicate the browser and port 5670 to communicate the uniserver. The world server sends it's IP with the port it acts as a server to the uniserver which stores that information for the browsers. When you teleport to a world, your browser asks the uniserver through port 5670 what IP and which port the target world uses for it server role. The browser then caching this information and every time you enter to this world it tries to use the cached IP/port information to access that world. First of all - read the latest reviews from the gold mine of information on home networking <http://www.practicallynetworked.com/>. Tim Higgins has all the knowledge you need for setting up your home network. Paul found this excellent site where literally ALL routers are there and they tend to have Active Worlds support for both the server and the file transfers: http://www.portforward.com/english/routers/port_forwarding/routerindex.htm Based on a painful experience: Before you do any tweaking on your router - check what is the IP address your ISP assigns to you (it can be found in almost every router somewhere under Device Status or similar title). If your IP address lies in the following IP subnets [see rfc1918 <http://www.faqs.org/rfcs/rfc1918.html>] , you are out of luck, you will not be able to run the AW server or doing file transfer within AW: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) As a matter of fact you will not be able to run ANY server program! If you have: * * * * * * * * Linksys BEFSR11 or BEFSR41 <#Linksys> SMC Barricade (not done yet) ICS (Internet Connection Sharing) <#ICS> ZoneAlarm Pro <#ZAP> 2.86 and up <pictures different for the 3.0 version> (sorry I have no knowledge of the free version) If you had <router_aw.html#UNZAP> ZoneAlarm but you uninstalled it Surecom EP4108 <#surecom> router Belkin F5D5230 <#belkin> router D-Link DL 804 <#dlink> router

* * * * * *

D-Link DSL-504/504b <#dlink504> ADSL router D-Link DI-524 <#di524> wireless router Siemens SS2202 <#siemens> or 2204 router Builderz general advice <#builderz> Zyxel setup <#zyxel> (From Tantra) if you can't find your router here, check http://www.portforward.com/routers.htm and use the knowledge you gain from the examples below.

-----------------------------------------------------------------------*Running server (AND the browser) behind the same D-Link DI-524 <http://www.dlink.com/products/?pid=316&sec=0> Wireless router. * First let suppose you have the default server settings, i.e. the AW server runs on port 7777 and your browser's file transfer is on port 3000, then suppose you want to use the server machine on the IP address 192.168.0.148. The following pictures taken from the router's manual show what changes / additions you should do: First, set the DHCP server static assignment by cloning your server's settings there: Next, be sure you don't use the DMZ in the router (Advanced / DMZ button)! When DMZ is enabled, no port forwarding takes place. Now set the Virtual Server for your server machine. You have to forward the port 7777 to your server's IP and the Virtual Server settings will do that for you: The router adds the new Virtual server's setting to the Firewall rules but just in case, check it: You need to specify a special application for the router for AW's file transfer feature. Unfortunately you can run only one AW Browser with capable to do file transfer behind the router since it can not determine which computer should it forward the default file transfer port 3000. When the AW Browser logs in (and every time when it requests information from the Universe Server) it connects to the Universe Server through the port 5670 (default for AW but it can be different in another universe!) Adding this port to the router's Application Trigger port, you should be able to do file transfer within AW: With those settings you should be able to run your server. Thanks to Ry for his patience while I tested those settings! Back to the top <router_aw.html#top> -----------------------------------------------------------------------*Running server (AND the browser) behind the same D-Link DSL-504 <http://www.dlink.com/products/> ADSL NAT router. * This router reached its end of life but there are still users who use it. First let suppose you have the default server settings, i.e. the AW

server runs on port 7777 and your browser's file transfer is on port 3000. If you have more than one computer on the local network, the most important thing you should do is to have the server computer's IP address set to static one instead of dynamic settings otherwise every time you boot the server, it will get a different IP address from the router. Let suppose you want to use the server machine on the IP address 192.168.0.2 . The following pictures taken from the router's manual show what changes / additions you should do: 1, Change the router DHCP server settings, so the desired IP address (192.168.0.2) will not be assigned automatically: or the 504b router: Please note that we set the starting address to 192.168.0.3, so the router will NOT assign our dedicated IP to any other machine Now set up the port forwarding (port redirect) for the AW Server. The router will pass all packets arriving to the port 7777 (default AW Server port) to your dedicated machine: or the 504b router: You are Set but use maybe don't have existing redirects, so you don't have to add those on the picture above :) up a second port redirect for the machine you run the AW Browser on that time use port 3000 (instead of 777 show the pictures above) and the IP address of that machine for the local IP Address settings.

Finally *Don't forget the change your aworld.ini file if you can't enter to your own world:* *[connection]* *type=1* Back to the top <router_aw.html#top> -----------------------------------------------------------------------*Running server (AND the browser) behind the same D-Link DL804 <http://www.dlink.com/products/?pid=59> NAT router? (Warning - the link crashes Netscape 4.79!)* Thanks to HenrikG who provided the solutions and the screenshots! "First the main menu, then select Advanced Features, next select Port redirection. D-link have only 10 redirects, I only show 2 here, one for the aw server and one for aw file transfer to my workstation. 2 other redirects I've hidden from this screenshots. Then follows to screenshots, for setting up the 2 redirects mentioned above, when I click 1,2,3 etc then a popup appear, so you can set up the port redirect. For this to work, I have to use [connection] type=1 though Henrik " D-Link Main setup page (Click on Advanced): D-Link Advanced feature (Click on Port Redirection): Click on the sequence number to select which rule do you want to edit. E.g. clicking on item 4: Set up the file transfer for the browser:

*Don't forget the change your aworld.ini file if you can't enter to your own world:* *[connection]* *type=1* Back to the top <#top> -----------------------------------------------------------------------*Running server (AND the browser) behind the same Belkin F5D5230 <http://web.belkin.com/support/download/download.asp?category=9&lang=1&mode> NAT router?* You can have two choices: 1, You put the world server to the demilitarized zone (DMZ) - in this case you expose the server to the web, so I strongly recommend to run some kind of SW firewall on it (like ZoneAlarm Pro). Excerpt from the router's manual: "To access this feature, click on "DMZ" on the left side of the screen. Demilitarized Zone (DMZ) is a feature that allows a computer to beexposed to the Internet by "placing" it outside of the firewall. This feature comes in handy when playing Internet games that don??t work well with a firewall. Also, streaming video applications can benefitfrom bypassing the NAT firewall security. To place a computer in the DMZ, enter the IP address of the computer here. The Belkin Gateway Router supports one computer in the DMZ. Please note that when a computer is not protected by the firewall, it is open to hacker attacks. Use this feature only when needed." 2, You redirect the server port (7777 by default) to your server by setting the port forwarding feature of the router. In both cases you should be sure that your server's IP will not change # Do not reboot it if you enabled the DHCP on the router. # A slightly more difficult setup would be to disable the DHCP on the router - in which case you have to assign IPs manually to all your computer on the network. # Another way to set it up is to disable the DHCP client on the server and assign an IP address to it which is unlikely to be assigned by the router (e.g. 192.168.2.252).

In the special case your browser can't see your world, you have to add the world.ini file the following two lines: [connection] type=1 (Thanks to Tafv to bringing this info to my attention) Back to the top <#top> -----------------------------------------------------------------------*Running server (AND the browser) behind the same Surecom EP4108

<http://www.surecom-net.com/> NAT router?* All your settings should be similar than the Linksys router setup. If you can't see your world from your browser(the router can't route your local IP to your global IP) try to change in the aworld.ini file : [connection] type=1 at least one user was made by this change happy:) (Thanks to Arsenic to test it for us) Back to the top <#top> -----------------------------------------------------------------------*Linksys BEFSR11/41 <http://www.linksys.com/>* I updated the router to the latest microcode (1.37 at this time). You can obtain the updated microcode <http://www.linksys.com/download/firmware.asp> from Linksys. Don't forget to select the proper router :) The update procedure clears all settings so you have to reprogram your router with all the necessary information to make it work. The default settings usually works with most of the ISPs but you can have special settings to connect. The factory default IP address of the router is 192.168.1.1 what you can access with http protocol (i.e. with your internet browser) and the default password is "admin" without quotes. The authentication doesn't uses the "User Name" so you can leave it blank when your browser asks for it. Change the password as soon as possible because the default one is well known. In the following setup I had 2 machines connected to the Linksys router where I used one machine for world server and the other one as my regular workstation. The router is connected to the Internet by a Toshiba PCX1100 cable modem to mediaone.net as my ISP. They provide only dynamic IP address (DHCP) with a default 4 days lease time though my IP did not change since 3 month. I have the cable modem and the router on it's independent UPS to prevent them to renew the IP lease and it seems to work so far. Change the login section based on your ISP's instruction. Within a few second you should see the following status screen verifying that the router managed to get the dynamic IP address from your ISP. If the IP address is 0.0.0.0 you should recycle the power of your cable modem, wait a minute or so till the modem is operational and reset the Linksys router. You probably want to use DHCP (Dynamic Host Configuration Protocol) for your LAN because of it's simplicity. I started the DHCP IP range from 192.168.1.101 but you can use the default. I don't use the logging feature of the Linksys because I don't have any program to manage it: Now the tricky part - the advanced settings: I left the filters intact since I had no desire to filter any port yet. Of course you can put there several know trojan hore ports. You can filter IP ranges within your LAN so those machines will NOT be able to access the Internet. I have Remote Management and Remote Upgrade enabled because I need an access to the router from other locations. (With

Remote Management enabled, you can access your router config at your WAN IP:8080 with any http browser). Read the online help for detailed explanation of those features. Forwarding incoming requests (configuring listening ports): Excerpt from the online help: "Port forwarding can be used to set up public services on your network. When users from the Internet make certain requests on your network, the router can forward those requests to specific computers that are equipped to handle the requests. For example, If you set the port number 80 (HTTP) to be forwarded to the IP Address 192.168.1.2, then all HTTP requests from outside users will be forwarded to 192.168.1.2. You must disable the router's DHCP function to utilize this function." I found that the last sentence is not true - the router porperly forwards the ports even when DHCP is enabled. Of course you have to make sure that the target IP always provides the necessary service. I run my world server on the default (7777) port, so I set the forwarding of that port. The example below shows if you run one world server on one machine and another server on another machine. They have to use different ports, so don't forget to add the following lines to the second machine's world.ini file: [server] port=7776 I disabled (used the default settings) for Dynamic Routing to reduce the uplink traffic. The router operates in a Gateway Mode (i.e. it does the IP translation!). If someone is interested how to use it in Router Mode (no Network Address Translation - you have an IP range on a single connection) I probably can help because I use the Linksys router on a small IP range in another location. I'm not using the router's Static Routing feature and I advise only to an experienced network administrator to play with those advanced features: Last but not least - the DMZ (DeMilitarized Zone) settings. Again an excerpt from the online help: "The DMZ Host setting can allow one local user to be exposed to the Internet. As local user wish to use some special-purpose service such as internet game or Video-conferencing, fill in the IP address and click Apply button, 0 is inactive. As you want to enable this setting, be sure you need this service, any firewall protection of the local DMZ host will be disable". I put my workstation to the DMZ because I have several server functionality running on that machine. My AW browser is running on the DMZ machine so I did not have to set up the port 3000 for forwarding. If you don't run any server functions on your workstation there is no need to put it into the DMZ. You have to configure the forwarding of the port 3000 to the machine you run the AW client. There is only one caveat with the Linksys (and probably with any other NAT router!) : you can run the browser on only one machine with the file transfer feature! The router can forward the port 3000 only to one IP address. Back to top. <#top>

-----------------------------------------------------------------------Siemens SpeedStream 2202, 2204 routers From the user manual: "Enable Firewall Protection From the Advanced Setup Firewall screen, you can enable the SpeedStream 2602 firewall to block common hacker attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding. The firewall does not significantly affect system performance, so we advise leaving it enabled to protect your network users. Enable Virtual Server From the Advanced Setup screen, you can enable Virtual Server. If you configure the SpeedStream 2602 as a virtual server, remote users accessing services such as Web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addresses. Depending on the requested service (TCP/UDP port number), the SpeedStream 2602 redirects the external service request to the appropriate server located at another internal IP address. 1. Specify the Private IP = the IP of the machine running your world server, Private Port 7777 (default AW), Type = TCP, andPublic Port = 7777 , 2. Specify the Private IP = the IP of the machine running your AW browser, Private Port 3000 (default file transfer port), Type = TCP, andPublic Port = 3000 information. 3. Click Enter to save the settings and continue. If you can't see your world from your browser(the router can't route your local IP to your global IP) try to change in the aworld.ini file : [connection] type=1 -----------------------------------------------------------------------*What if you use Internet Connection Sharing (ICS) at your home network?* Excerpt from practicallynetworked.com <http://www.practicallynetworked.com/sharing/ics/ics.htm> : "ICS is not the fullest-featured sharing program out there. It doesn't support logging, access controls, or many other features that you may find in other programs. It does support "port mapping" or opening holes in its firewall, which is needed if you want to run a server on your LAN, or for many other applications, including on-line gaming. However, ICS versions other than the Win2000 flavor don't make it easy to do this. " Some more help from AW's newsgroup by Mongo: "The problem doesn't lie in accessing the internet from inside your internal LAN - the problem is that your gateway machine <the one that connects to both the DSL modem and the inhouse LAN> doesn't know where to send the packets coming in for the AW worlds server. The solution lies below in those 2 links. the ICS config program allows you to map specific ports to specific machines - in this case, you'll map 5670, 7777, 7000-7100, and 3000, all in TCP, to the 192.168.0.1 gateway box. It's really simple to do - the configuration maps can be loaded for AW, saving you entering all the info. Hope that helps -"

http://practicallynetworked.com/sharing/ics/icsconfiguration.htm http://practicallynetworked.com/sharing/ics/icsconfig_maps.htm Follow this link <http://www.practicallynetworked.com/sharing/ics/ics.htm> to get more information or jump here <http://www.practicallynetworked.com/sharing/ics/icsconfiguration.htm>if you are not running Windows 2000. I'll experiment with that kind of setup later. Back to the top <#top> -----------------------------------------------------------------------*How to configure ZoneAlarm Pro <http://www.zonelabs.com/>* (sorry - I did not test the free version of ZoneAlarm) You can purchase Zone Alarm Pro here. <http://click.linksynergy.com/fs-bin/stat?id=joUW2jXnbCk&offerid=26986&type=3&su bid=0>

*1, ActiveWorlds Client (The "browser" <#AWB>)* *2, Active Worlds Macro Server (The "world server" <#AWS>)* *3, Active Worlds Server Administration Utility (The "admin" <#AWA>)* When you run the browser first time ZAP will ask you if you want to enable aworld to access the Internet. Open ZAP and click on the "Option"

You go to the "Programs" settings, click on the options and you can modify the ports it can access (by default the browser can use all the ports!). If you restrict the port usage, enable it to access port 5670 and the 7000-7999 range. If you want to enable the file transfer in AW then you have to enable "Act as a server" on port 3000 (listening port). Don't forget the HTTP port since all the objects/textures/etc. come on that one. You should open UDP port 53 (DNS) with adding it to the Active Worlds Browser's ports to determine the auth server's IP address as well as world object path IP addresses. Due to the frequent update of AW you probably want to select "Identify program by full path name only". If you want to use AW's file transfer feature, you should enable the program to act as a server. Not all hosters use the 7000 - 7999 port range to host their world servers on. If you cannot access a certain world, look in the "Alerts" tab of ZoneAlarm Pro to see if a port was trying to, communicate with the Active Worlds Browser. You will see a message like: "Active Worlds Browser was not allowed to connect to XXX." Add that port in your Active Worlds Browser rule in ZoneAlarm Pro and

you should then be able to enter. Back to top <#top> *Active Worlds Macro Server (The "world server")* When you first time start your world server ZAP will ask you if you want to allow "winworld" to act as a server, then right after you enabled it ZAP will ask if you want to enable "winworld" to access the internet. Enable both! You can restrict the IP port usage the same way as I described above with the following port settings: 5670 and 7777 (or substitute this value with your own port settings). 5670 is outgoing access only while 7777 is the listening port. and for your server port (Use 7777 as the default port settings for the MacroServer): It is very important to set the "Pass through" option so the server is accessible even when ZAP locks all other internet activity!!

Back to top. <#top> *Active Worlds Server Administration Utility (The "admin")* When you first time start the admin utility ZAP will ask if you want to enable "admin.exe" to access the internet (I used 7776 as my server's port but you'll get 7777 in the following window): Open ZAP and select the "Programs" tab. Click on the corresponding "Options" button to modify the port usage: Select the "Ports" tab, select "Allow access for ONLY..." radiobutton and add a range of ports if you want to use it on multiple ports (otherwise your single port is enough): You probably don't have to enable the UDP ports since AW is using TCP transfers only. Single port access only: Two different servers setting: If you use URL for the servers you manage, you should add the port "53" (DNS) to the accessible ports too. Here is an example if you did not add the proper ports to the list: If you use non-default server port or you want to access other servers you maintain with the admin utility, edit it's server list. Don't forget to set the admin password in your server's .ini file if you want to access it with a "non-default" setting in the admin utility. If you want to monitor/maintain your world server even while you engaged ZAP's Internet Lock, enable the "pass through" option.

Back to top. <#top>

-----------------------------------------------------------------------The most Zyxel routers can be set up by the web interface for running the AW server. The standard port for the AW Server, that must be visible to the internet, is 7777. If you are running more than one server at one time, you need to enable the ports for these, too. To enable a port, select the SUA/NAT entry in the main menu of the router (menu entries may differ due your version of the zyxel router): In the SUA Server screen, define an entry for your Active Worlds Server port as shown below (entry 4 in this example): You can choose any Name, start and end port must be 7777 (or the port number you defined for the server), Server IP Adress is the internal IP adress of your machine, where the AW server is running on. After that, press the Apply button to make the changes take affect. Standardly, you will not be able to access the AW server in your internal network. That means, that you will get no connection to your running worlds in the AW browser, which is running on any PC in your internal network behind the router. To enable the access, the NAT loopback feature of the router must be turned on. This can only be done via telnet interface to the router. Open a command prompt (Start - Run..., then type cmd /k and Enter). In the Box type: telnet 192.168.0.1 (where 192.168.0.1 is the designated IP adess of you router) After entering your password, select "System Maintenance" (usually point 24) in the main menu. In the system maintenance menu select "Command Interpreter Mode" (usually point 8). At the routers command prompt > type: ip nat loopback on (Enter) This command turns the feature ON, and you will be able to access your world(s) in your private network. When you are finished, type: exit (enter) to end the command prompt and then 99 to exit the router telnet session. Close the command prompt with the exit command.

If you have installed the Sygate firewall program (as I have ;) ), you must only select "Yes" at the first time asked, if the world.exe should

be allowed to access to auth.activeworlds.com and also check the option "Remember my answer, and do not ask me again for this application". Then the AW server would be able to access and be accessed from the internet at any later time. (Thank you Alex!) Back to the top <router_aw.html#top> -----------------------------------------------------------------------If you had Zone Alarm but you uninstalled it Some versions of ZoneAlarm did not fully uninstall the firewall leaving the TrueVector service running behind it. The TrueVector service is the actual firewall and effectively will block any new application to access the internet. The proper way to uninstall it is to shut down ZA from the desktop bar, reboot the machine and run uninstall. Remove the Windows\Internet Log folder completely and check if the vsmon.exe service is started from the registry (remove that registry key too) Here is the proper method by Mauz (Thanks!) - Open ZoneAlarm and then close it by right-clicking its "ZA" taskbar icon and then choosing Shutdown ZoneAlarm Pro. - Make sure that ZoneAlarm is not in Windows Startup folder - Run regedit and go to [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] and see that TrueVector and MiniLog services are not there. - Go to Control Panel - Add/Remove Programs and uninstall ZoneAlarm - Delete ZoneAlarm's whole program folder - Reboot Back to the top <#top> -----------------------------------------------------------------------I put his post here because I feel it is a good advice (not to mention that he is a reputable world hoster for AW) I'm not familiar with your specific router's model number, but I'll try to help you at least understand how I have things setup (which may help you to better understand *your* setup). All I need to do is port forward (or "pinhole" in your case) TCP port 7777 (or whatever port you want to use for the world server) to the computer on my LAN running the world server. I use 7777 for both the start and end internal and external ports (so just set everything to 7777 :). Now, it can get tricky from here depending on your setup. If DHCP server on your LAN, you will need to reserve a specific for the computer that is running the world server. If all of computers on your LAN already have static IP addresses, then you use a IP address your just use that.

For example, let's say that my internal LAN IP is 172.16.100.3. You

would just need to enter that IP address next to the port 7777 information to tell the router to forward any traffic to that particular computer (which has the world server on it). You shouldn't need to open any more ports like 7778-7785 or anything (unless you want to run more world server instances). One open port will allow more than one person in your world. Now, if the world server computer also has a software firewall on it, you will need to make sure that port 7777 TCP is open there as well. And I would open port 5670 TCP also (but you shouldn't need to open it for your router). One last thing: If others can enter your world, but YOU cannot, your router may not fully support "loopback." Loopback is basically LAN to WAN to LAN traffic. It is when you are sending data out from another computer on your LAN, to your WAN, back to the world server on the LAN again. Not all routers support this and it has caused me headaches in the past. Hope that helped. :) Builderz http://www.3dhost.net