<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hi Fred / et all,</p>
<p>My Grid configuration is running behind a company firewall. So all service we provide are serviced by the company firewall. We dont want to advertise our internal IP addresses to the outside world. So we run an internal DNS server with all the internal network and an external DNS server to provide services to users on the internet. The Split DNS concept. In this way we make our Network configuration more secure beside all other security measures we do on the FW of course. By port forwarding we redirect the traffic from Internet to the right ports on the Grid or Region server. When I started to configure OpenSim I first use FQDN (host.domain.nl) and got the same result as mentioned by Tom. After monitoring the network I saw package that could not be resolved. </p>
<p>For the internal network users and the users from internet you want the configuration to be transparent without have to use different configuration. The only solution to use OpenSim Grid in combination with split DNS and a FW is to use FQDN. Then the resolving of the internal and external DNS will result respectively in the internal IP address for internal users (for instance an address like 192.168.0.1) and the FW IP address for external users (for instance 47.185.237.187) with forwarding of ports to the internal servers. This configuration works for all services we provide but not for OpenSim's Region.ini. This configuration will only work when you put in the FW IP address.</p>
<p>Somehow there is something wrong in the resolving and accepting the FQDN in the Region.ini</p>
<p>I think more and more OpenSim network will be behind FW and security system with split DNS and use internal un-routable IP ranges (class A: 10.x.x.x and class B: 192.168.x.x). Normally this configuration can work stand-alone. But when my FW is down the standalone grid will not work because of the external IP address in the Region.ini. When FQDN in the Region.ini are correctly resolved then internal users can work on the grid because it doesn't need the FW to connect to but use the internal DNS that resolve the FQDN to the internal IP address.</p>
<p>So the FQDN in the Region.ini does not lead to the right IP (in this case internal IP address) it will result in a TP that is not working because the Regio Server can not be found.</p>
<p>with regard,</p>
<p>Johan Taal</p>
<p><br /></p>
<p><br /></p>
<p><br /></p>
<p>Fred Beckhusen schreef op 2017-05-23 20:36:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div class="pre" style="margin: 0; padding: 0; font-family: monospace"><span style="white-space: nowrap;">Johan Taal: You have an interesting comment that the FQDN should not be used on regions. Are you saying that the DNS system at the far end may have issues resolving it to an IP? Or that the LAN user cannot get to the region because their DNS server is not resolving, thus occasionally leading to Thomas Ringates flaky tp problem?</span><br /> <br /> <br /> <span style="white-space: nowrap;">Tom:</span><br /> <br /> Your region file looks fine. The Outbound Disallow looks correct, too. That's a good catch - an exception should be made to the use http:// 'rule'.<br /> <br /> One minor point: I believe Maxprims = 10000 is meaningless without an economy module. It only reports that number to a osSL function for prims can check parcel limits. And the viewer stops at 45,000 no matter what you type in.<br /> <br /> <span style="white-space: nowrap;">I have the same Linksys, too, and it works great for me.</span><br /> <br /> Fred<br /> <br /> _______________________________________________<br /> <span style="white-space: nowrap;">Opensim-users mailing list</span><br /> <span style="white-space: nowrap;"><a href="mailto:Opensim-users@opensimulator.org">Opensim-users@opensimulator.org</a></span><br /> <span style="white-space: nowrap;"><a href="http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users">http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users</a></span></div>
</blockquote>
<p><br /></p>
</body></html>