[Opensim-users] Hosting OPENSIM behind a firewall

Ursula MATOVA ursula.matova at klintcentral.net
Sun Oct 28 17:08:58 UTC 2007 

Greetings all,

Sorry, I had not the possibility to test the following till today ... :S

(( So, Tedd, I understood that it will be difficult to access OpenSim  
from both LAN & Internet at the same time ... ))

But, before trying to find a solution to my primary posted question,  
I'd like to be able to run a Grid that could be reached from the  
internet.
I spent the whole day testing many many different configurations with  
a friend, located in UK... But no success ...

Here are what I did :

First, adding an entry in my DNS ( both in the internal one, and in  
the public one ). So, when somebody try to reach my server from  
internet, he get my External Public IP, and when I try the same from  
my LAN, I get the internal IP ( also on the same sub-network ).

Second, I have configured my IPF/IPNAT NetBSD based firewall as follow :

(( 192.168.5.91 is the internal IP of my server running OpenSIM ))

IPF.CONF

pass in quick log on fxp0 proto tcp from any to any port 8000 >< 8005  
flags S keep state
pass in quick log on fxp0 proto tcp from any to any port 9000 >< 9015  
flags S keep state
pass in quick log on fxp0 proto udp from any to any port 9000 >< 9015  
keep state
pass in quick log on fxp0 proto tcp from any to any port = 8895 flags  
S keep state


IPNAT.CONF :
map fxp0 192.168.0.0/16 -> 0/32 portmap tcp/udp 8000:65000
map fxp0 192.168.0.0/16 -> 0/32
.../...
rdr fxp0 0/0 port 8000 -> 192.168.5.91 port 8000 tcp
rdr fxp0 0/0 port 8001 -> 192.168.5.91 port 8001 tcp
rdr fxp0 0/0 port 8002 -> 192.168.5.91 port 8002 tcp
rdr fxp0 0/0 port 8003 -> 192.168.5.91 port 8003 tcp
rdr fxp0 0/0 port 8004 -> 192.168.5.91 port 8004 tcp
rdr fxp0 0/0 port 8005 -> 192.168.5.91 port 8005 tcp
rdr fxp0 0/0 port 8895 -> 192.168.5.91 port 8895 tcp
rdr fxp0 0/0 port 9000 -> 192.168.5.91 port 9000 tcp
rdr fxp0 0/0 port 9001 -> 192.168.5.91 port 9001 tcp
rdr fxp0 0/0 port 9001 -> 192.168.5.91 port 9000 udp
rdr fxp0 0/0 port 9001 -> 192.168.5.91 port 9001 udp
.../...
rdr fxp0 0/0 port 9001 -> 192.168.5.91 port 9015 tcp
rdr fxp0 0/0 port 9001 -> 192.168.5.91 port 9015 udp


Here is now the configuration I use for Opensim :

GridServer_Config.xml has the following network parameters :
* default_asset_server="http://opensim.klintcentral.net:8003/"
* default_user_server="http://opensim.klintcentral.net:8002/"

UserServer_Config.xml has the following network parameters :
* default_grid_server="http://opensim.klintcentral.net:8001/"

OpenSIM.ini :
grid_server_url = "http://opensim.klintcentral.net:8001"
user_server_url="http://opensim.klintcentral.net:8002"
asset_server_url="http://opensim.klintcentral.net:8003"

Regions/1000_1000.xml : ( and others )
internal_id_address="0.0.0.0"
external_host_name="opensim.klintcentral.net"


Then, after starting opensim, as usual, in grid mode ...
I ask my friend to try to connect to my server using the following  
parameters :

-loginuri http://opensim.klintcentral.net:8002/

Results :

The communication on port 8002 seems to be OK, the user_server  
receive the request and I can trace the communication into my ipf logs :

.../...
28/10/2007 16:55:58.926658 fxp0 @0:9 p 89.156.163.xx,8002 ->  
86.29.160.xxx,50442 PR tcp len 20 1454 -A K-S OUT NAT
28/10/2007 16:55:58.926765 ex1 @0:9 p 192.168.5.91,8002 ->  
86.29.160.xxx,50442 PR tcp len 20 1454 -A K-S IN
28/10/2007 16:55:58.926897 fxp0 @0:9 p 89.156.163.xx,8002 ->  
86.29.160.xxx,50442 PR tcp len 20 1454 -A K-S OUT NAT
28/10/2007 16:55:58.927002 ex1 @0:9 p 192.168.5.91,8002 ->  
86.29.160.xxx,50442 PR tcp len 20 1454 -A K-S IN
28/10/2007 16:55:58.927125 fxp0 @0:9 p 89.156.163.xx,8002 ->  
86.29.160.xxx,50442 PR tcp len 20 1454 -A K-S OUT NAT
.../...

But I never see any communication on the 900x UDP ports :S

And S/L Client fails with the following error :

On the UserServer console I can read the following :

Notifying OpenSim Test ( http://192.168.5.91:9000 )
Informing Region --> http://192.168.5.91:9000/

On the OpenSIM Console I can read the following :

ExpectUser() - Welcoming new user ...

On the GridServer Console I can read the following :

requesting data for region xxxxxxxxxxxxxxxxxxxxxxxxx
found region

But the S/L client fails with the following error :

Unable to connect. Login packet never received by login server.

************************************************************************ 
**********************************************************

Does somebody have an idea about that problem ?
What did I do wrong ?

Many thanks in advance for your help,

Regards.


Le 14 oct. 07 à 01:11, Tedd Hansen a écrit :

> Te short answer is that you can't.
>
> You can not be on same LAN as OpenSim and at the same time allow  
> remote access. This because of two reasons:
> * First the IP reported would be your external IP, this is not  
> necessarily a showstopper if your router is good.
> * Second because the -REPLY- UDP packets from the OpenSim server  
> would be sent directly to you, not via the router. (Because source  
> IP is not set when replying UDP packets, so server chooses "best  
> suited interface", which would be dropping it directly to LAN  
> without sending it through NAT router back to you.)
>
>
> Solution (you need an additional NAT router, like a wireless router  
> or something): Set OpenSim server behind NAT inside your already  
> NAT'ed network. Tell it to use official IP. Do all necessary port  
> portforwarding on both NAT routers. And your external NAT router  
> needs to support NAT'ing packets coming from LAN to its external  
> interface in the same manner it would NAT external packets.
>
>
> I hope you followed me on that one... ;)
>
>
> Sincerely,
>  Tedd
>
> -----Opprinnelig melding-----
> Fra: opensim-users-bounces at lists.berlios.de [mailto:opensim-users- 
> bounces at lists.berlios.de] På vegne av Ursula MATOVA
> Sendt: 14. oktober 2007 00:52
> Til: opensim-users at lists.berlios.de
> Emne: [Opensim-users] Hosting OPENSIM behind a firewall
>
> Greetings All,
>
> Well, I'm trying to get some informations and help to be able to run
> my own grid at home and to be able to share it with some of my  
> friends.
>
> The only documentation I found on internet is the following : http://
> opensimulator.org/wiki/
> OpenSim:Network_settings#Issues_with_NAT_and_Port_Forwarding
>
> I have tried to set it up a few weeks ago, without success ...
>
> Could somebody point me to some more "howto" or giving me some
> informations / tips ?
>
> For your informations,
>
> I'm running a 4x4 sims grid under windows ( for now, I'll move to
> linux asap ).
>
> I'm using a home made firewall using NetBSD ( IPF / IPNAT ) and have
> my Own DNS Server for my internals servers ...
>
> I also have a static external IP address, and I can manage the DNS
> entries for my domain name.
>
> Any help will be very appreciated,
>
> Many thanks in advance,
>
> Regards,
>
> Ursula.
>
> (( Sorry about my english ... But sometimes, it's really bad ))
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
>

More information about the Opensim-users mailing list