[Opensim-users] NAT & Corporate Firewall

Fleep Tuque fleep513 at gmail.com
Sun Feb 5 14:43:39 UTC 2012 

(This is a very old thread, but I wanted to post our final resolution to
the problem in the same thread so it's easily linked to on the Nabble
archive.)

Because our campus uses 1-to-1 NATing (each machine on the campus network
has both an internal and an external IP address), we had to move our
Opensim server to the DMZ and have it assigned a static external IP address
in order for off campus users to connect.

Through this thread, we discovered Opensim does the DNS resolution for the
remote client and spits out whatever the IP address resolves to locally,
which means no matter what combination of IP address or hostname is listed
in the region.ini file, so long as the hostname resolves to an internal IP
address from inside the network, no one from outside could connect.  The
only option was to bypass the 1-to-1 NATing and have an external static IP
address assigned, and then everything worked perfectly from both on and off
campus.

Hope this helps anyone else on a similar network setup and many thanks
again to everyone who helped us figure out what was happening under the
hood.  :)

- Chris/Fleep

Chris M. Collins (SL/OS: Fleep Tuque)
Center for Simulations & Virtual Environments Research (UCSIM)
UCIT Instructional & Research Computing
University of Cincinnati
406A Zimmer Hall
315 College Drive
PO BOX 210088
Cincinnati, OH 45221-0088
chris.collins at uc.edu
(513) 556-3018

http://ucsim.uc.edu

On Tue, Apr 5, 2011 at 3:25 PM, Gary Beck <gab4gab at gmail.com> wrote:

> Teravus,
>   Thank you for that explanation.  I guess nothing is simple.  The more I
> tested the less clear it was exactly how things worked.
> - Gary
>
>
> ----- Original Message ----- On April 05, 2011 "Teravus Ovares" said:
> Subject: Re: [Opensim-users] NAT & Corporate Firewall
>
>
> We've had this discussion before on this list so you might be able to
> dig in the archives for the long winded answer.
>
> The short winded answer is this:   The UDP protocol requires that the
> login server and any 'region connect' messages have an IP address in
> the response to the client.  If the UDP protocol allowed you to only
> send a hostname, then this wouldn't be an issue.   As far as the
> region looking up it's DNS info, neither the login server, or the
> region has enough of a network structure understanding to manage that
> 'external ip/internal ip' thing better at the moment.    Ideally,
> someone could write a subnet matching/ip rewriting scheme that gets
> sent to the login server so that the login server could supply the
> correct IP address based on the connecting client ip but it's probably
> going to be a lot of work to refactor that in because of the
> complexities of the object RegionInfo and how it interacts with the
> various types of grid services, (standalone, grid, standalone grid,
> hypergrid...  etc).
>
> One thing that I think is important to note.    I vaguely remember
> something about sending the client 0.0.0.0 and triggering the client
> to do the lookup but, at the time, the client had some bugs that
> prevented it from working.   That might be a more feasable way to move
> forward.   Test that option.
>
> -Teravus
>
>
> ______________________________**_________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/**mailman/listinfo/opensim-users<https://lists.berlios.de/mailman/listinfo/opensim-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20120205/3e8cb552/attachment.html>

More information about the Opensim-users mailing list