[Opensim-dev] External connection to grid and IP tables... Please :)

[Gustavo Alberto Navarro Bilbao]

Hi Skidz

Try leaving internal_ip_address "0.0.0.0", and test it again.
That will work.

Best regardas
Albert

/////////////////////////////////////////////////////////////////////

2009/3/23 Skidz Tweak <skidz.tweak at gmail.com>:
> Sorry about this.. formatting problems again... and forgot to change
> subject.. lol. yea.. been a long day..
>
>
>
>
>
> Hi All…
>
>
>
> I have set up a grid in my home, and trying to let a friend connect.
>
> Having some problems… and I know it has to do with my iptables… at least I
> think so…
>
>
>
> I have all 5 servers and one sim running on:
>
> 192.168.1.181
>
>
>
> I have the domain name grid.gridaverse.com pointed to my external IP
> address:
>
> 98.100.106.10
>
>
>
> In my firewall script I have added the following rules for forwarding:
>
> $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
> -s $UNIVERSE -d $EXTIP --dport 8000:8006 -j ACCEPT
>
> $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
> -s $UNIVERSE -d $EXTIP --dport 8895 -j ACCEPT
>
> $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp
> -s $UNIVERSE -d $EXTIP --dport 9000:9001 -j ACCEPT
>
>
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8002 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8002 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8002
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8001 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8001 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8001
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8000 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8000 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8000
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8003 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8003 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8003
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8004 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8004 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8004
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8005 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8005 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8005
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8006 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8006 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8006
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8895 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8895 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:8895
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 9000 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 9000 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9000
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 9000 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 9000 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9000
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 9001 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 9001 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9001
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 9001 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 9001 -m state
> --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.181:9001
>
>
>
> Also per the site http://opensimulator.org/wiki/Network_Settings I added
> these:
>
> $IPTABLES -t nat -A OUTPUT --dst 98.100.106.10 -p tcp --dport 9000:9010 -j
> DNAT --to-destination 192.168.1.181
>
> $IPTABLES -t nat -A OUTPUT --dst 98.100.106.10 -p udp --dport 9000:9010 -j
> DNAT --to-destination 192.168.1.181
>
> $IPTABLES -t nat -A PREROUTING --dst 98.100.106.10 -p tcp --dport 9000:9010
> -j DNAT --to-destination 192.168.1.181
>
> $IPTABLES -t nat -A PREROUTING --dst 98.100.106.10 -p udp --dport 9000:9010
> -j DNAT --to-destination 192.168.1.181
>
>
>
> After that I did run the firewall script again… and I did restart the
> network.
>
>
>
> Now I start up the 5 servers and not the sim.. and tested it on shields up:
> https://www.grc.com/x/
>
> Results from scan of ports: 8000-8006, 8895, 9000
>
>     5 Ports Open
>
>     4 Ports Closed
>
>     0 Ports Stealth
>
>
>
> So I believe the port forwarding is correct. Even though some are closed, I
> believe that is because the sim is not running.
>
>
>
>
>
>
>
> For the region/default.xml setting I placed in the:
>
> internal_ip_address="192.168.1.181"
>
> internal_ip_port="9000"
>
> allow_alternate_ports="false"
>
> external_host_name="98.100.106.10"
>
>
>
> Now, when I start up the sim, I get an ERROR:
>
> 11:25:31 - [STARTUP]: Registration of region with grid failed, aborting
> startup
>
> - System.Exception: Unable to connect to grid at http://127.0.0.1:8001: The
> grid
>
>  service could not contact the http url http://98.100.106.10:9000/simstatus/
> at
>
> your region.  Please make sure this url is reachable by the grid service
>
>
>
> Now, I have assumed that the rules I added from the site
> http://opensimulator.org/wiki/Network_Settings were forwarding the traffic
> back to my 181 box when something on the internal netorked called it on port
> 9000 to the router, but that does not seem to be happening.
>
>
>
> I have also tried adding a host entry in both my ubuntu router, and windows
> server pointing grid.gridaverse.com to 192.168.1.181 and tried replacieng my
> external host name to that domain name.
>
> I am able to start up the sim after that, and… someone from the outside can
> login… but.. he never makes it to the sim.. just to the handshake…
>
>
>
> I believe if I added grids.gridaverse.com to my internal DNS server it would
> fix this problem, but to be hostest… everytime I have looked into doing
> something like that with BIND, I don't understand a damn thing I read. But…
> then again.. shouldn't the entry in /etc/host compensate for that?
>
>
>
> Any help would be greatly apprecaited… I am passing on my knowledge so
> helping me will help… well.. like the 20 people that read my blog.. lol..
> http://blog.skidzpartz.com
>
> Also if you have additional questions about the setup, the last 3 blog
> entries documented it exactly.
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>