NAT Loopback Routers

From OpenSimulator

Revision as of 19:40, 25 October 2012 by Arielle (Talk | contribs)

Jump to: navigation, search


Contents

INTRODUCTION

What is NAT Loopback and why is it needed to host a public Opensimulator Region?

Currently (as at August 2010), a hosted region on a home connection with a broadband router needs, what is known as NAT Loopback functionality.

Many DSL routers/modems prevent loopback connections as a security feature. This means that a machine on your local network (e.g. behind your DSL router/modem) cannot connect to a forward facing IP address (such as 199.149.252.44) of a machine that it also on your local network. Connecting to the local IP address (such as 192.168.2.40) of that same machine works fine.

This is an issue since each region has to be specify an IP address for the client to connect. This is the ExternalHostName parameter in a regions config file (e.g. bin/Regions/Regions.ini). In the absence of NAT loopback, if a forward facing IP address is specified (such as 199.149.252.44) then external clients will be able to connect to the region but clients on your local network will not. If the internal address were put in ExternalHostName instead (e.g. 192.168.2.40) then viewers on the local network will be able to connect but viewers from an external network would not.

This page shows a list of routers supporting NAT Loopback. Please add both known working and non-working routers to the list.

Working Routers

3Com

  • 3CRWDR100A-72
  • 3CRWDR101A-75

D-Link

D-Link DGL-4500 series of routers have the largest available nat table of any router on the market.  These routers range from 70$-180$ USD depending on where you live and purchase from.

When considering a purchase, consider performance against cost. Upper end ADSL 2+ routers can add several Mbs to your modems sync speed.

Wireless Routers - Access Point Only

These routers are Access Point devices, and contain no ADSL modem and hence need a separate adsl modem operating in Bridge mode.

Routers With ADSL modem No items to list currently

Note: The DGL-4100 & DGL-4300 have been discontinued, and the replacement model is the DIL-825 and DIL-855 - Loopback status unknown on these later models. The DGL-4300 may be available second hand.

Draytek

  • Draytek Vigor 2710n [1] does NAT loopback out of the box and seems to be generally an all-round great router.
  • Draytek Vigor 120 [2] does NAT loopback out of the box and has some nice features. NOTE that if it's using PPPoA (common in UK and New Zealand) there is a bug that stops Opensim (and Secondlife) ping packets from working so you disconnect after 3 minutes. You need to upgrade to firmware 3.2.4.3 (or higher).

Linksys/Cisco

Note: The WAG54G v2 NZ/Australia version has a faster processor, more memory and larger NAT table, and works with OS out of the box. Other market versions may not.

WAG120N Linksys Wireless-N ADSL2+ Modem Router (Australia)

Netgear

  • NETGEAR WNR834M : ftp://downloads.netgear.com/files/wnr834m_ref_manual.pdf
  • NETGEAR WNR2000 : With firmware 1.2.3.7 ( http://kb.netgear.com/app/answers/detail/a_id/11895 ) loopback now enabled 'out of the box'
  • NETGEAR WGR614 : has been confirmed to work out of the box
  • Netgear RP614 v3
  • Netgear DG834G v3 with latest firmware & v4 upto firmware version v5.01.09 (according to this link, a later firmware update of v4 removed NAT loopback) NAT Loopback returned as menu option with latest v5.01.16 firmware for the v4 model. The latest model versions, marked v5 on the unit's label, has significantly different internals and is not currently Loopback capable(the v5 has the wireless aerial on the right, not the left, as looking from the front. The DG834G v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers.
  • Netgear DGN1000 worked out of the box. Note this working item reports its firmware version as V2.1.00.19_VG which seems much newer than the version offered for download on netgear.com.
  • NETGEAR FVS338 : loopback issue with firmware v3.0.3-17 (2008). LAN address is incorrectly presented to simulator instead of WAN address. Fixed in latest update v3.0.6-25 (2010).

Thomson

  • Thomson SpeedTouch router-modem TG585, ST-585i (requires Telnet acces to it to Enable Loopback)
  • Thomson Speedtouch ST-780, ST-516

Other routers & Hardware

KNOWN non-functional for OpenSim:


REFERENCE LINKS:

More Information Related to Routers and Solutions @: osgrid.org/forums/viewtopic.php

Router/Modem Table

Router / Modem Table

(this information gathered from the OpenSimulator WIKI and OSGrid forums information collectively and assembled into this sortable formatted table for ease of use and quick access. Links provided are either to the Manufactures pages or Pages which can further assit in configuration and troubleshooting.)

Make Model Status Notes
Belgacom BBox-2 BBox-2 Docs Works Also known as SAGEM 3464. BBox-1 work, BBox-2 = Method 1: flash the firmare (in this case we lose the guarantee provider) Method 2: Configure Bbox Bridge mode and put a second router for OpenSim-Sim.
Dlink DGL-4500 Works [3]
Dlink DGL-4300 Works [4]
Dlink DI-524 Works [5]
Dlink DIR-600 Works [6]
Dlink DIR-601 Works [7]
Dlink DIR-635 Works [8]
Dlink DIR-655 Works [9]
Draytek Vigor120 Works
Draytek Vigor2710 Works [10] firmware 3.2.4.3 (or higher).
Netgear WNR834M Works
Netgear WNR2000 Works With firmware 1.2.3.7 Loop back now enabled 'out of the box'
Netgear WGR614 Works confirmed to work out of the box
Netgear RP614 Works Version 3 or better
Netgear DG834G Works v1, v2, v3 & v4 are end of line in most markets. The v3 & v4 are proven good performers.
Linksys/Cisco RT31P2 Works [11]
Linksys/Cisco AG241 Works [12]
Linksys/Cisco WAG200G Works [13] Firmware Version: 1.01.09 or better
Linksys/Cisco WRT54G Works [14]
Linksys/Cisco WAG160N Works [15]
Linksys/Cisco WAG54G v3 Works
Linksys/Cisco E3000 Works [16]
Linksys/Cisco WAG54G v2 - NZ/AU Works
3Com / HP 3CRWDR100A-72 Works [17]
3Com / HP 3CRWDR101A-75 Works [18]
Arris TM502b Works [19]
2wire 2701hg-s Not Working
2wire 2701hg-B Works [20]
2wire 2701hg-D Works [21]
Thomson SpeedTouch TG585 Works [22] new ver. Only
Thomson SpeedTouch ST-585i Works [23]
Thomson SpeedTouch ST-780 Works [24]
Thomson SpeedTouch ST-516 Works [25]
AVM FRITZ!Box Works [26] Except 3790 VDSL Router (old stock)
Ubee DDW2600 Works [27] Cable Router
BT BT Home Hub V2 Works [28]
BT BT2700HGV Works [ http://portforward.com/english/routers/port_forwarding/BT/BT2700HGV/defaultguide.htm]
Netgear Pro Safe VPN FVS318 Not Working [29]
Netgear WGR614 Not Working [30] does not work with ISP required gateway modems
Asus WL-520GC Works [31]
SMC SMC-7004VBR Works [32]
Inventel / Livebox DV42190WA Works Sold as Livebox 3420 by Orange/SFR in Europe. Set port forwarding for UDP and TCP separately
Linksys/Cisco BEFSR41 Works [33]
Netgear WNR3500 Works [34] NB restart after configuration
Apple AirPort Extreme Works
Airlink Airlink 101 Super G Works older model, search for reference
Airlink Airlink 101 802.11G wireless Works older model, search for reference
Netgear RP614v3 and Newer revisions Works [35]
Actiontec Verizon FiOS Router Model # 424WR Works [36] Set TCP and UDP separately
Netgear WNDR3700 Works [37]
Actiontec GT701-WG Works [38]
Cisco RV042 Works
Scientific Atlanta WebSTAR-DPR2320 Works [39] Google for more info

Linux specific solutions

SETTING UP A LINUX COMPUTER TO ACT AS A ROUTER


For Linux based Netfilter (iptables) routers, you want to set up the NAT table with some extra entries The following script is something to get you started, you'll need to fix up the variables at the top to match your system and network.
#!/bin/bash
#
# vvvvv - Fix these! - vvvvv
IPTABLES=/usr/sbin/iptables
LAN_NETWORK=192.168.0.0/24
SERVER_IP=192.168.0.2
INTERNET_IP=100.100.100.100
REMOTING_PORT=8895
REGION_PORT=9000
# ^^^^^ - Fix these! - ^^^^^
 
# First, the Destination NAT, anything going to the external address on our ports, we redirect to the server
# Note, if you have a double NAT running and this router doesn't actually have the internet IP address, you'll
# need another set of PREROUTING-DNAT lines with the --destination (-d) set to the internet facing private address
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REMOTING_PORT --jump DNAT --to-destination $SERVER_IP
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p udp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP
$IPTABLES -t nat -I PREROUTING -d $INTERNET_IP -p tcp --dport $REGION_PORT --jump DNAT --to-destination $SERVER_IP
 
# Second, the Source NAT, we need this so that returning packets to our LAN clients go back through the router first,
# otherwise, the server will try to talk directly to the client and the client will reject them
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REMOTING_PORT --jump SNAT --to-source $INTERNET_IP
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p udp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP
$IPTABLES -t nat -I POSTROUTING -s $LAN_NETWORK -d $SERVER_IP -p tcp --dport $REGION_PORT --jump SNAT --to-source $INTERNET_IP

--Hell Fire

DNS solution

It's possible to host your own DNS-server, so you can prevent some of the dns-naming problems mentioned before. If http://example.org resolves to the external ip, and that loopback connection is prevented by your router, you could point your resolv.conf to a local nameserver like:

nameserver 192.168.2.2

Now you need bind/named installed in order to handle the dns-requests. You can find a bind example configfile here.

openWRT Routers:

If you use openWRT firmware on your router, check here: OpenWRT NATLoopback

Windows XP and Windows 7 Work Around:

Please see this -> Windows XP: http://help.newworldgrid.com/lang/en/loopback-adapter-on-windows-xp

Windows 7: http://help.newworldgrid.com/lang/en/loopback-windows


See more potential loopback solutions here: http://opensimulator.org/wiki/Network_Settings#DynDNS_loopback

Personal tools
General
About This Wiki