NAT Loopback Routers
From OpenSimulator
This article or section contains incomplete information. Please help us by completing the content on this page. |
Contents |
INTRODUCTION
What is NAT Loopback and why is it needed to host a public Opensimulator Region?
Currently (as at August 2010), a hosted region on a home connection with a broadband router needs, what is known as NAT Loopback functionality.
Many DSL routers/modems prevent loopback connections as a security feature. This means that a machine on your local network (e.g. behind your DSL router/modem) cannot connect to a forward facing IP address (such as 199.149.252.44) of a machine that it also on your local network. Connecting to the local IP address (such as 192.168.2.40) of that same machine works fine.
This is an issue since each region has to be specify an IP address for the client to connect. This is the ExternalHostName parameter in a regions config file (e.g. bin/Regions/Regions.ini). In the absence of NAT loopback, if a forward facing IP address is specified (such as 199.149.252.44) then external clients will be able to connect to the region but clients on your local network will not. If the internal address were put in ExternalHostName instead (e.g. 192.168.2.40) then viewers on the local network will be able to connect but viewers from an external network would not.
This page shows a list of routers supporting NAT Loopback. Please add both known working and non-working routers to the list.
Working Routers
3Com
- 3CRWDR100A-72
- 3CRWDR101A-75
D-Link
D-Link DGL-4500 series of routers have the largest available nat table of any router on the market. These routers range from 70$-180$ USD depending on where you live and purchase from.
When considering a purchase, consider performance against cost. Upper end ADSL 2+ routers can add several Mbs to your modems sync speed.
Wireless Routers - Access Point Only
These routers are Access Point devices, and contain no ADSL modem and hence need a separate adsl modem operating in Bridge mode.
- D-Link DGL-4500
- D-Link DIR-655
- D-Link DIR-635
- D-Link DIR-601
- D-Link DIR-600
- D-Link DI-524
Routers With ADSL modem No items to list currently
Note: The DGL-4100 & DGL-4300 have been discontinued, and the replacement model is the DIL-825 and DIL-855 - Loopback status unknown on these later models. The DGL-4300 may be available second hand.
Draytek
- Draytek Vigor 2710n [1] does NAT loopback out of the box and seems to be generally an all-round great router.
- Draytek Vigor 120 [2] does NAT loopback out of the box and has some nice features. NOTE that if it's using PPPoA (common in UK and New Zealand) there is a bug that stops Opensim (and Secondlife) ping packets from working so you disconnect after 3 minutes. You need to upgrade to firmware 3.2.4.3 (or higher).
Linksys/Cisco
- Linksys WAG200G with Firmware Version: 1.01.09
- Linksys WRT54G
- Linksys WAG54G v3
- Linksys WAG54G v2 - NZ/Australia version
- Linksys RT31P2
Note: The WAG54G v2 NZ/Australia version has a faster processor, more memory and larger NAT table, and works with OS out of the box. Other market versions may not.
WAG120N Linksys Wireless-N ADSL2+ Modem Router (Australia)
Netgear
- NETGEAR WNR834M : ftp://downloads.netgear.com/files/wnr834m_ref_manual.pdf
- NETGEAR WNR2000 : With firmware 1.2.3.7 ( http://kb.netgear.com/app/answers/detail/a_id/11895 ) loopback now enabled 'out of the box'
- NETGEAR WGR614 : has been confirmed to work out of the box
- Netgear RP614 v3
- Netgear DG834G v3 with latest firmware & v4 upto firmware version v5.01.09 (according to this link, a later firmware update of v4 removed NAT loopback) NAT Loopback returned as menu option with latest v5.01.16 firmware for the v4 model. The latest model versions, marked v5 on the unit's label, has significantly different internals and is not currently Loopback capable(the v5 has the wireless aerial on the right, not the left, as looking from the front. The DG834G v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers.
- Netgear DGN1000 worked out of the box. Note this working item reports its firmware version as V2.1.00.19_VG which seems much newer than the version offered for download on netgear.com.
- NETGEAR FVS338 : loopback issue with firmware v3.0.3-17 (2008). LAN address is incorrectly presented to simulator instead of WAN address. Fixed in latest update v3.0.6-25 (2010).
Thomson
- Thomson SpeedTouch router-modem TG585, ST-585i (requires Telnet acces to it to Enable Loopback)
- Thomson Speedtouch ST-780, ST-516
Other routers & Hardware
- Arris TM502b : http://portforward.com/english/routers/port_forwarding/Arris/TM502b/
- 2wire 2701hg-s NOT Loopback capable. but the 2wire 2701hg-B & 2701hg-D Series ARE loopback capable. (These can be purchased for approximately $50 USD)
- AVM FritzBox (most Models are working perfect, except 3790 VDSL Router, Date Sep 2010) : http://www.avm.de
- Ubee Wireless Cable Router DDW2600 http://www.ubeeinteractive.com/index.php/products/product-overview/wireless_cable_router1/
- BT home hub V2
- If you are using a ZyXEL DSL router/modem from Embarq, please read this configuration guide. This will show you how to reconfigure your DSL router/modem to fix this problem.
KNOWN non-functional for OpenSim:
- Netgear Pro Safe VPN FVS318 : http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS318.aspx
- NetGear WGR614 does not work with ISP required gateway modems
- Belkin F5D7230-4 (the router might work if 3rd party firmware is used, such as DD-WRT : http://www.dd-wrt.com/ )
REFERENCE LINKS:
More Information Related to Routers and Solutions @: osgrid.org/forums/viewtopic.php
Router/Modem Table
Router / Modem Table
(this information gathered from the OpenSimulator WIKI and OSGrid forums information collectively and assembled into this sortable formatted table for ease of use and quick access. Links provided are either to the Manufactures pages or Pages which can further assit in configuration and troubleshooting.)
Make | Model | Status | Notes |
Belgacom BBox-2 | BBox-2 Docs | Works | Also known as SAGEM 3464. BBox-1 work, BBox-2 = Method 1: flash the firmare (in this case we lose the guarantee provider) Method 2: Configure Bbox Bridge mode and put a second router for OpenSim-Sim. |
Dlink | DGL-4500 | Works | [3] |
Dlink | DGL-4300 | Works | [4] |
Dlink | DI-524 | Works | [5] |
Dlink | DIR-600 | Works | [6] |
Dlink | DIR-601 | Works | [7] |
Dlink | DIR-635 | Works | [8] |
Dlink | DIR-655 | Works | [9] |
Draytek | Vigor120 | Works | |
Draytek | Vigor2710 | Works | [10] firmware 3.2.4.3 (or higher). |
Netgear | WNR834M | Works | |
Netgear | WNR2000 | Works | With firmware 1.2.3.7 Loop back now enabled 'out of the box' |
Netgear | WGR614 | Works | confirmed to work out of the box |
Netgear | RP614 | Works | Version 3 or better |
Netgear | DG834G | Works | v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers. |
Linksys/Cisco | RT31P2 | Works | [11] |
Linksys/Cisco | AG241 | Works | [12] |
Linksys/Cisco | WAG200G | Works | [13] Firmware Version: 1.01.09 or better |
Linksys/Cisco | WRT54G | Works | [14] |
Linksys/Cisco | WAG160N | Works | [15] |
Linksys/Cisco | WAG54G v3 | Works | |
Linksys/Cisco | E3000 | Works | [16] |
Linksys/Cisco | WAG54G v2 - NZ/AU | Works | |
3Com / HP | 3CRWDR100A-72 | Works | [17] |
3Com / HP | 3CRWDR101A-75 | Works | [18] |
Arris | TM502b | Works | [19] |
2wire | 2701hg-s | Not Working | |
2wire | 2701hg-B | Works | [20] |
2wire | 2701hg-D | Works | [21] |
Thomson SpeedTouch | TG585 | Works | [22] new ver. Only |
Thomson SpeedTouch | ST-585i | Works | [23] |
Thomson SpeedTouch | ST-780 | Works | [24] |
Thomson SpeedTouch | ST-516 | Works | [25] |
AVM | FRITZ!Box | Works | [26] Except 3790 VDSL Router (old stock) |
Ubee | DDW2600 | Works | [27] Cable Router |
BT | BT Home Hub V2 | Works | [28] |
BT | BT2700HGV | Works | [ http://portforward.com/english/routers/port_forwarding/BT/BT2700HGV/defaultguide.htm] |
Netgear | Pro Safe VPN FVS318 | Not Working | [29] |
Netgear | WGR614 | Not Working | [30] does not work with ISP required gateway modems |
Asus | WL-520GC | Works | [31] |
SMC | SMC-7004VBR | Works | [32] |
Inventel / Livebox | DV42190WA | Works | Sold as Livebox 3420 by Orange/SFR in Europe. Set port forwarding for UDP and TCP separately |
Linksys/Cisco | BEFSR41 | Works | [33] |
Netgear | WNR3500 | Works | [34] NB restart after configuration |
Apple | AirPort Extreme | Works | |
Airlink | Airlink 101 Super G | Works | older model, search for reference |
Airlink | Airlink 101 802.11G wireless | Works | older model, search for reference |
Netgear | RP614v3 and Newer revisions | Works | [35] |
Actiontec | Verizon FiOS Router Model # 424WR | Works | [36] Set TCP and UDP separately |
Netgear | WNDR3700 | Works | [37] |
Actiontec | GT701-WG | Works | [38] |
Cisco | RV042 | Works | |
Scientific Atlanta | WebSTAR-DPR2320 | Works | [39] Google for more info |
Linux specific solutions
SETTING UP A LINUX COMPUTER TO ACT AS A ROUTER
For Linux based Netfilter (iptables) routers, you want to set up the NAT table with some extra entries The following script is something to get you started, you'll need to fix up the variables at the top to match your system and network.
#!/bin/bash # # vvvvv - Fix these! - vvvvv IPTABLES=/usr/sbin/iptables LAN_NETWORK=192.168.0.0/24 SERVER_IP=192.168.0.2 INTERNET_IP=100.100.100.100 REMOTING_PORT=8895 REGION_PORT=9000 # ^^^^^ - Fix these! - ^^^^^ # First, the Destination NAT, anything going to the external address on our ports, we redirect to the server # Note, if you have a double NAT running and this router doesn't actually have the internet IP address, you'll # need another set of PREROUTING-DNAT lines with the --destination (-d) set to the internet facing private address $IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REMOTING_PORT --jump DNAT --to-destination $SERVER_IP $IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p udp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP $IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP # Second, the Source NAT, we need this so that returning packets to our LAN clients go back through the router first, # otherwise, the server will try to talk directly to the client and the client will reject them $IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REMOTING_PORT --jump SNAT --to-source $INTERNET_IP $IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p udp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP $IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP
DNS solution
It's possible to host your own DNS-server, so you can prevent some of the dns-naming problems mentioned before. If http://example.org resolves to the external ip, and that loopback connection is prevented by your router, you could point your resolv.conf to a local nameserver like:
nameserver 192.168.2.2
Now you need bind/named installed in order to handle the dns-requests. You can find a bind example configfile here.
openWRT Routers:
If you use openWRT firmware on your router, check here: OpenWRT NATLoopback
Windows XP and Windows 7 Work Around:
Please see this -> Windows XP: http://help.newworldgrid.com/lang/en/loopback-adapter-on-windows-xp
Windows 7: http://help.newworldgrid.com/lang/en/loopback-windows
See more potential loopback solutions here: http://opensimulator.org/wiki/Network_Settings#DynDNS_loopback