Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008470opensim[GRID] Robust Serverpublic2019-02-01 03:532019-08-27 14:33
ReporterJeffKelley 
Assigned ToUbitUmarov 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version0.9.0.1 
Target VersionFixed in Version 
Summary0008470: Proposal : Separating public and private hostnames in the configuration files
DescriptionThe following proposal aims to distinguish the public and the private addresses in the configuration files to facilitate secure NATed grids setup. In the current situation, a grid server running behind a NAT router has to query itself (or the ROBUST host that we assume to be on the same network) on its external IP address via a loopback mechanism. Private port is then exposed to the public network. Requests to the private port can read or alter assets, inventory and personal data.

Description :

A PrivURL variable is added in the [Const] section of Robust.HG.ini and Opensim.ini.

Robust.HG.ini :

[Const]
    BaseURL = "http://127.0.0.1" [^]
    PrivURL = ${Const|BaseURL}
    PublicPort = "8002"
    PrivatePort = "8003"

Opensim.ini :

[Const]
    BaseHostname = "127.0.0.1"
    BaseURL = http://${Const|BaseHostname} [^]
    PrivURL = ${Const|BaseURL}
    PublicPort = "8002"
    PrivatePort = "8003"

and every occurence of
    ${Const|BaseURL}:${Const|PrivatePort}
is changed to
    ${Const|PrivURL}:${Const|PrivatePort}
in Robust.HG.ini, Opensim.ini, GridCommon.ini.

NATed grids can then declare
    PrivURL = "http://localhost" [^]
or
    PrivURL = "http://192.168.0.15" [^]

and every request to port 8003 will be routed locally.
The port may now be closed at the box/router level.

Example comment :

"If you run a grid behind a NAT gateway, you may change PrivURL to the local address of the machine running ROBUST (e.g. http://localhost [^] or http://192.168.0.15 [^]). Private port (8003) may then be closed at the gateway."

Files modified :

    Opensim.ini.example, GridCommon.ini.example, Robust.HG.ini.example


Patch is on the way.

Please, discuss.
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (Multiple Regions per Sim)
Physics EngineBulletSim
Script Engine
EnvironmentUnknown
Mono VersionNone
Viewer
Attached Files? file icon OpenSim.ini.example [^] (61,350 bytes) 2019-07-30 02:50
? file icon GridCommon.ini.example [^] (9,263 bytes) 2019-07-30 02:50

- Relationships

-  Notes
(0034085)
tampa (reporter)
2019-02-01 04:06

"Grid behind NAT" is already a bad idea given that the vast majority of home connections(where NAT is mostly present) usually have less than 2mbit in upload and will thus be painfully slow for visitors or outside users in general.

"Requests to the private port can read or alter assets, inventory and personal data." If you want HG to work some things need to be readable and if you want Kitely Market to deliver your asset server needs to be accessible also. Outside of that if you setup proper security then there really is no way to alter inventory or profiles.

I don't think this is a good idea for a robust-region setup, perhaps for standalones.
(0034088)
BillBlight (developer)
2019-02-01 04:35

Someone who already knows what they are doing are most likely doing this already, it may confuse the everyday user with multiple URL configs.
(0035513)
aiaustin (developer)
2019-07-29 14:00
edited on: 2019-07-30 02:59

I recently came across this issue using a grid on my home setup behind a typical home router. I have to set up port forwarding to allow an external IP address to map through to the internal Ip number of the server. The problem then is that the current settings use the BaseURL for the PrivatePort. Whereas, to keep the PrivatePort closed and unmapped/forwarded, that needs to be changed to the internal host... I use the IP number on the internal network.

Its a simple fix as described by JeffKelly above. The default OpenSim.ini.example can simply set BaseURL and PrivURL to the same setting as a default and it all works like it does today... but then its much clearer what you have to do when in a NAT style router environment... which I think could apply to many people setting up their own home OpenSim grids.

@tampa... the PrivatePort is (normally) closed to the outside world anyway, that's exactly what its for, so allowing a simple way if it is necessary to separate the URL use for the PrivatePort makes sense. Home connections these days are also getting faster, but anyway there are many use cases for home grids. We want to make setup easier without folks having to struggle to work out this simple setup, which I believe was used by Fred Beckhusen for DreamGrid to help small grid owners get things working when in home router style situations.

Bill, the default for the example files just leaves the PrivURL identical to the BaseURL, so no change. But the comment and the example is there to help those needing it.

(0035515)
aiaustin (developer)
2019-07-30 02:24
edited on: 2019-07-30 11:38

Jeff, as far as I can see we don't have any example of using the BaseURL/PrivatePort combination in config lines in Robust.HG.ini.example (or Robust.ini.example)… so I think only two files need altering in the dev master source?

Opensim.ini.example, GridCommon.ini.example

(0035516)
aiaustin (developer)
2019-07-30 02:51

I am not set up to easily create the patch but I attach the two current files modified as needed if someone can make the patch?

Opensim.ini.example, GridCommon.ini.example
(0035580)
aiaustin (developer)
2019-08-15 11:12

I wonder if @Ubit could eyeball this simple .example file proposed change.. and if it is okay create a patch/commit for it using the two replacement files attached? It will make life more straightforward for those behind NAT on home style routers to configure things and does not change anything by default for everyone else.
(0035620)
UbitUmarov (administrator)
2019-08-27 14:33
edited on: 2019-08-28 00:27

added the changes to master, thx


- Issue History
Date Modified Username Field Change
2019-02-01 03:53 JeffKelley New Issue
2019-02-01 04:06 tampa Note Added: 0034085
2019-02-01 04:35 BillBlight Note Added: 0034088
2019-07-29 14:00 aiaustin Note Added: 0035513
2019-07-30 01:54 aiaustin Note Edited: 0035513 View Revisions
2019-07-30 02:24 aiaustin Note Added: 0035515
2019-07-30 02:50 aiaustin File Added: OpenSim.ini.example
2019-07-30 02:50 aiaustin File Added: GridCommon.ini.example
2019-07-30 02:51 aiaustin Note Added: 0035516
2019-07-30 02:52 aiaustin Note Edited: 0035513 View Revisions
2019-07-30 02:57 aiaustin Note Edited: 0035513 View Revisions
2019-07-30 02:59 aiaustin Note Edited: 0035513 View Revisions
2019-07-30 05:19 aiaustin Note Edited: 0035515 View Revisions
2019-07-30 11:38 aiaustin Note Edited: 0035515 View Revisions
2019-08-15 11:12 aiaustin Note Added: 0035580
2019-08-15 11:12 aiaustin Assigned To => UbitUmarov
2019-08-15 11:12 aiaustin Status new => assigned
2019-08-27 14:33 UbitUmarov Note Added: 0035620
2019-08-28 00:27 aiaustin Note Edited: 0035620 View Revisions


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker