[Opensim-dev] density

Skidz Tweak skidz.tweak at gmail.com
Mon Mar 23 01:38:32 UTC 2009 

Sorry about this.. formatting problems again... 

 

 

Hi All. 

 

I have set up a grid in my home, and trying to let a friend connect. 

Having some problems. and I know it has to do with my iptables. at least I
think so. 

 

I have all 5 servers and one sim running on:

192.168.1.181

 

I have the domain name grid.gridaverse.com pointed to my external IP
address:

98.100.106.10

 

In my firewall script I have added the following rules for forwarding:

$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s $UNIVERSE -d $EXTIP --dport 8000:8006 -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s $UNIVERSE -d $EXTIP --dport 8895 -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s $UNIVERSE -d $EXTIP --dport 9000:9001 -j ACCEPT

 

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8002 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8002 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8002

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8001 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8001 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8001

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8000 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8000 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8000

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8003 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8003 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8003

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8004 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8004 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8004

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8005 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8005 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8005

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8006 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8006 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8006

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8895 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8895 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8895

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 9000 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 9000 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9000

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 9000 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 9000 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9000

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 9001 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 9001 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9001

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 9001 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 9001 -m state
--state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9001

 

Also per the site http://opensimulator.org/wiki/Network_Settings I added
these:

$IPTABLES -t nat -A OUTPUT --dst 98.100.106.10 -p tcp --dport 9000:9010 -j
DNAT --to-destination 192.168.1.181

$IPTABLES -t nat -A OUTPUT --dst 98.100.106.10 -p udp --dport 9000:9010 -j
DNAT --to-destination 192.168.1.181

$IPTABLES -t nat -A PREROUTING --dst 98.100.106.10 -p tcp --dport 9000:9010
-j DNAT --to-destination 192.168.1.181

$IPTABLES -t nat -A PREROUTING --dst 98.100.106.10 -p udp --dport 9000:9010
-j DNAT --to-destination 192.168.1.181

 

After that I did run the firewall script again. and I did restart the
network.

 

Now I start up the 5 servers and not the sim.. and tested it on shields up:
https://www.grc.com/x/

Results from scan of ports: 8000-8006, 8895, 9000

    5 Ports Open

    4 Ports Closed

    0 Ports Stealth

 

So I believe the port forwarding is correct. Even though some are closed, I
believe that is because the sim is not running.

 

 

 

For the region/default.xml setting I placed in the:

internal_ip_address="192.168.1.181" 

internal_ip_port="9000" 

allow_alternate_ports="false"

external_host_name="98.100.106.10"

 

Now, when I start up the sim, I get an ERROR:

11:25:31 - [STARTUP]: Registration of region with grid failed, aborting
startup

- System.Exception: Unable to connect to grid at http://127.0.0.1:8001: The
grid

 service could not contact the http url http://98.100.106.10:9000/simstatus/
at

your region.  Please make sure this url is reachable by the grid service

 

Now, I have assumed that the rules I added from the site
http://opensimulator.org/wiki/Network_Settings were forwarding the traffic
back to my 181 box when something on the internal netorked called it on port
9000 to the router, but that does not seem to be happening.

 

I have also tried adding a host entry in both my ubuntu router, and windows
server pointing grid.gridaverse.com to 192.168.1.181 and tried replacieng my
external host name to that domain name. 

I am able to start up the sim after that, and. someone from the outside can
login. but.. he never makes it to the sim.. just to the handshake.

 

I believe if I added grids.gridaverse.com to my internal DNS server it would
fix this problem, but to be hostest. everytime I have looked into doing
something like that with BIND, I don't understand a damn thing I read. But.
then again.. shouldn't the entry in /etc/host compensate for that?

 

Any help would be greatly apprecaited. I am passing on my knowledge so
helping me will help. well.. like the 20 people that read my blog.. lol..
http://blog.skidzpartz.com 

Also if you have additional questions about the setup, the last 3 blog
entries documented it exactly.

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090322/26be7c42/attachment-0001.html>

More information about the Opensim-dev mailing list