Anyone successfully using Secondlife from behind Routeros? I’m getting strange symptoms where a log-in is successfully made but after approximately 2 minutes the visibility of adjacent simulators starts to drop. Eventually there is a final log-out. I’m get this whether I have firewall rules in place or not.
You need to let us know more details about how you’re connecting:
- are you using a natted connection?
- are you using any port forwarding and/or upnp?
- What do the firewall rules that you’ve mentioned block or drop on the connection?
(1) Currently using a Many:1 nat’d connection for the machine accessing Secondlife. Problem is identical if I set Masquerade. I haven’t tried from a 1:1 nat connection.
(2) I’m using PPPOE and have had to specify a mangle rule to change-mss to 1452
(3) Firewall is currently as per ‘Dmitry Firewall’ on the wiki with a few mangle additions (enumerated below). The same problem results even if there are no filter or mangle entries enabled except for the change-mss
(4) Voice is currently disabled so I haven’t included the entries for that
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1024-65535 fragment=no new-connection-mark=second-life \
passthrough=no protocol=udp src-port=12035
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 fragment=no new-connection-mark=\
second-life passthrough=no protocol=udp src-port=12043
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=12043 fragment=no new-connection-mark=second-life \
passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=13000-13050 fragment=no new-connection-mark=\
second-life passthrough=no protocol=udp src-port=1024-65535
I’m still struggling with this. I believe it’s a result of local port used in a UDP connection being used outbound not being mapped for inbound traffic. i.e. a UDP connects from 192.168.1.10:50258 (nat’d through 217.x.x.114) to 216.82.23.5:13005; but I get dropped packets logged from src: 216.82.23.5:13005 to dst: 217.x.x.114:50258.
The Secondlife wiki states:
Open outbound “session” access for UDP ports. Although UDP is a session-less transport, many firewalls block unsolicited incoming UDP traffic to a particular port unless it has seen recent outgoing UDP traffic from that same port.
My NAT settings are as follows:
0 chain=dstnat action=dst-nat to-addresses=192.168.1.10-192.168.1.99
dst-address=217.x.x.114
1 chain=srcnat action=src-nat to-addresses=217.x.x.114
src-address=192.168.1.10-192.168.1.99
Suggestions gratefully received.