When it comes to setting up FMud the thing which seems to cause people the most problems is the requirement to serve a policy file. There are two issues which come up again and again.
The first is mixing up the domains for the game server and the website. The policy file has to be served on the same domain that the game server is running on, but it must allow connections from the domain that the website with the client is running on.
This means that if your game is running at “mygamedomain.com” on port 1234 but your website domain is “mywebsite.com” you need to make sure your xml policy file is allowing connections from “mywebsite.com” on port 1234.
<allow-access-from domain="mywebsite.com" to-ports="1234" />
This policy file then needs to be served (or at least reachable) on “mygamedomain.com”. This is because the Flash player will automatically try to connect to a policy file on the same domain that you are asking it to open a socket connection to.
The second common problem people run into is not specifying the correct subdomain in the policy file. Flash is pretty strict when it comes to interpreting the policy file for socket connections and you have to make sure that both the domain and subdomain in the policy file match the location where you are hosting the client.
So if you host FMud at “somedomain.com/client.html” you have to add “somedomain.com” to the policy file, as you would expect. However, if people can also reach your client at “www.somedomain.com/client.html” then you also need to add “www.somedomain.com” to your policy file or else Flash will refuse to connect.
<allow-access-from domain="somedomain.com" to-ports="1234" /> <allow-access-from domain="www.somedomain.com" to-ports="1234" />
Both of these issues can be simplified if you use a policy file which allows connections from all domains:
<allow-access-from domain="*" to-ports="1234" />
There’s been some confusion over the security implications of this in the past too. The above policy file directive doesn’t have anything to do with your server’s firewall. No ports are being opened and no additional vulnerabilities are being created. All it does is give permission for Flash apps that may be hosted on any domain to attempt socket connections to your server. If you’re running a MUD server then that’s exactly what you’re expecting anyway. In a shared MUD hosting environment you could replace the specified port with a wildcard as well and that would then cover all games running on the same host. Again, this doesn’t affect your firewall and doesn’t mean all ports are suddenly vulnerable to attack. Speaking of firewalls, remember to add a rule for the port where you’re serving the policy file too.
I recently had an email conversation with someone who was having problems using FMud on their website and it turned out they hadn’t specified the subdomain. A quick search of my emails showed I’d told them the same thing back in 2008, so I guess this is one of those things that just keeps tripping people up.