[Opensim-users] NAT & Corporate Firewall
Gary Beck
gab4gab at gmail.com
Wed Mar 30 16:39:14 UTC 2011
Chris/Fleep
If all was well in your setup then Tests 1,2 &3 should work for both on and off campus users.
Off Campus being sent a local network address for handshake implies that on the server system ucsim1.irc.uc.edu is resolving to the local address instead of the external IP address. To work properly both on-campus and off-campus need to be sent the external IP address.
On Campus failures in Tests 1 & 2 indicate that NAT Loop-Back is not in effect. You don't appear to be reaching your local server from on-campus using it's external IP address. However, if the failure is at handshake and Loop-Back is in effect that suggests the UDP port is open for the local address and blocked for the external address.
Off Campus failures in Tests 1 & 2 suggest that the TCP port is open while the UPD port is not (assuming failure is at handshake.) I know you say they're verified open but this is what your results indicate.
- Gary
----- Original Message -----
From: Fleep Tuque
To: opensim-users at lists.berlios.de
Sent: Wednesday, March 30, 2011 11:49
Subject: Re: [Opensim-users] NAT & Corporate Firewall
Yep no luck with that one either.
[University of Cincinnati]
RegionUUID = 5985af1b-4223-4a12-ba87-1c3830a44e97
Location = 9000,9000
InternalAddress = 0.0.0.0
InternalPort = 9000
AllowAlternatePorts = False
ExternalHostName = ucsim1.irc.uc.edu
This is what I see on the opensim.log:
2011-03-30 11:44:07,114 DEBUG - OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation.LocalSimulationConnectorModule [LOCAL SIMULATION CONNECTOR]: Found region University of Cincinnati to send SendCreateChildAgent
2011-03-30 11:44:07,118 INFO - OpenSim.Region.Framework.Scenes.Scene [CONNECTION BEGIN]: Region University of Cincinnati told of incoming root agent Fleep Tuque 883317bb-bcf1-4e5b-82f1-330f24fb32a7 (circuit code 871509482, teleportflags 128)
2011-03-30 11:44:07,344 INFO - OpenSim.Region.Framework.Scenes.Scene [CONNECTION BEGIN]: Region University of Cincinnati authenticated and authorized incoming root agent Fleep Tuque 883317bb-bcf1-4e5b-82f1-330f24fb32a7 (circuit code 871509482)
2011-03-30 11:44:07,348 DEBUG - OpenSim.Region.CoreModules.Agent.Capabilities.CapabilitiesModule [CAPS]: Reregistering caps for agent 883317bb-bcf1-4e5b-82f1-330f24fb32a7. Old caps path e89d38e3-fc0c-4c17-bf91-2b0e73b89735, new caps path 00e226b9-6b4a-4025-974b-c813725f6b52.
2011-03-30 11:44:07,350 DEBUG - OpenSim.Framework.Capabilities.Caps [CAPS]: Registered seed capability /CAPS/00e226b9-6b4a-4025-974b-c813725f6b520000/ for 883317bb-bcf1-4e5b-82f1-330f24fb32a7
2011-03-30 11:44:07,353 DEBUG - OpenSim.Region.CoreModules.Framework.EventQueue.EventQueueGetModule [EVENTQUEUE]: Found Existing UUID!
2011-03-30 11:44:07,356 INFO - OpenSim.Region.CoreModules.Avatar.ObjectCaps.ObjectAdd [OBJECTADD]: /CAPS/OA/65e157bc-6345-4ab3-bd27-a9d9074b4768/
2011-03-30 11:44:07,359 INFO - OpenSim.Region.CoreModules.Avatar.ObjectCaps.GetTextureModule [GETTEXTURE]: /CAPS/30f93e03-8f90-45d7-a6ee-a8e3c9fda71f
2011-03-30 11:44:13,837 DEBUG - OpenSim.Framework.Capabilities.Caps [CAPS]: Seed Caps Request in region: University of Cincinnati
2011-03-30 11:44:13,840 DEBUG - OpenSim.Region.Framework.Scenes.Scene [SCENE]: Incoming client Fleep Tuque in region University of Cincinnati via regular login. Client IP verification not performed.
On the client side it gets to Region Handshake and then hangs.. Users from on campus are still able to log in though.
- Chris /Fleep
Chris M. Collins (SL: Fleep Tuque)
Project Manager, UC Second Life
Second Life Ambassador, Ohio Learning Network
UCit Instructional & Research Computing
University of Cincinnati
406E Zimmer Hall
PO Box 210088
Cincinnati, OH 45221-0088
(513)556-3018
chris.collins at uc.edu
UC Second Life: http://homepages.uc.edu/secondlife
OLN Second Life: http://www.oln.org/emerging_technologies/emtech.php
On Wed, Mar 30, 2011 at 11:17 AM, Diva Canto <diva at metaverseink.com> wrote:
Try the missing combination
InternalAddress=0.0.0.0 ExternalHostName=ucsim1.irc.uc.edu
On 3/30/2011 8:11 AM, Fleep Tuque wrote:
Hi Edmund,
Nod I've tried that permutation too, no luck. Here are the combinations I've tried so far:
Test 1: InternalAddress = 10.23.23.x ExternalHostName = 129.137.2.x
Result On-Campus: FAIL Result Off-Campus: FAIL
Test 2: InternalAddress = 0.0.0.0 ExternalHostName = 129.137.2.x
Result On-Campus: FAIL Result Off-Campus: FAIL
Test 3: InternalAddress = 10.23.23.x ExternalHostName = ucsim1.irc.uc.edu
Result On-Campus: SUCCESS Result Off-Campus: FAIL
Test 4: InternalAddress = ucsim1.irc.uc.edu ExternalHostName = ucsim1.irc.uc.edu
Result: Opensim.exe crashes
Leaving at the default InternalAddress = 0.0.0.0 and ExternalHostName = SYSTEMIP works for on campus users but not for off campus users.
Has anyone else run into this problem with a campus or corporate firewall? How did you resolve it?
Thanks again,
- Chris
Chris M. Collins (SL: Fleep Tuque)
Project Manager, UC Second Life
Second Life Ambassador, Ohio Learning Network
UCit Instructional & Research Computing
University of Cincinnati
406E Zimmer Hall
PO Box 210088
Cincinnati, OH 45221-0088
(513)556-3018
chris.collins at uc.edu
UC Second Life: http://homepages.uc.edu/secondlife
OLN Second Life: http://www.oln.org/emerging_technologies/emtech.php
On Wed, Mar 30, 2011 at 11:03 AM, Edmund Edgar <lists at edochan.com> wrote:
Hi Fleep.
Maybe you've already tried this, but I'd suggest setting
ExternalHostName as your external IP (129.137.2.x) rather than your
hostname (ucsim1.irc.uc.edu).
Behind NAT, some places (including Amazon EC2, I found) use an (IMHO
evil) thing called Split DNS (or "Split Brain DNS"), where the IP
address you get inside the firewall is different to the one you get
outside your firewall. This may be causing your OpenSim box to think
that ucsim1.irc.uc.edu is 10.23.23.x rather than 129.137.2.x.
HTH, let us know how you get on.
On 30 March 2011 23:44, Fleep Tuque <fleep513 at gmail.com> wrote:
> the client
> correctly uses the external IP to communicate with the robust server, but
> after the authentication process, I see the client trying to send packets to
> the simulator machine's internal IP (10.23.23.x) instead of an external IP
> address (129.137.2.x).
> [snip]
> In the region.ini file I've tried
> various permutations of the InternalAddress and ExternalHostName variables,
> currently InternalAddress is set to the internal IP 10.23.23.x and the
> ExternalHostName is set to the hostname ucsim1.irc.uc.edu (the box running
> opensim.exe).
--
Edmund Edgar
Founder, KK Social Minds
Educational Technology for the Web and Virtual Worlds
ed at socialminds.jp
+81 090 3912 3380
Skype: edmundedgar
Second Life: Edmund Earp
Linked In: edmundedgar
Twitter: @edmundedgar
http://www.socialminds.jp
_______________________________________________
Opensim-users mailing list
Opensim-users at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users
_______________________________________________
Opensim-users mailing list
Opensim-users at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users
_______________________________________________
Opensim-users mailing list
Opensim-users at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users
------------------------------------------------------------------------------
_______________________________________________
Opensim-users mailing list
Opensim-users at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20110330/6b107589/attachment.html>
More information about the Opensim-users
mailing list