(This is a very old thread, but I wanted to post our final resolution to the problem in the same thread so it's easily linked to on the Nabble archive.)
Because our campus uses 1-to-1 NATing (each machine on the campus network has both an internal and an external IP address), we had to move our Opensim server to the DMZ and have it assigned a static external IP address in order for off campus users to connect. Through this thread, we discovered Opensim does the DNS resolution for the remote client and spits out whatever the IP address resolves to locally, which means no matter what combination of IP address or hostname is listed in the region.ini file, so long as the hostname resolves to an internal IP address from inside the network, no one from outside could connect. The only option was to bypass the 1-to-1 NATing and have an external static IP address assigned, and then everything worked perfectly from both on and off campus. Hope this helps anyone else on a similar network setup and many thanks again to everyone who helped us figure out what was happening under the hood. :) - Chris/Fleep Chris M. Collins (SL/OS: Fleep Tuque) Center for Simulations & Virtual Environments Research (UCSIM) UCIT Instructional & Research Computing University of Cincinnati 406A Zimmer Hall 315 College Drive PO BOX 210088 Cincinnati, OH 45221-0088 [email protected] (513) 556-3018 http://ucsim.uc.edu On Tue, Apr 5, 2011 at 3:25 PM, Gary Beck <[email protected]> wrote: > Teravus, > Thank you for that explanation. I guess nothing is simple. The more I > tested the less clear it was exactly how things worked. > - Gary > > > ----- Original Message ----- On April 05, 2011 "Teravus Ovares" said: > Subject: Re: [Opensim-users] NAT & Corporate Firewall > > > We've had this discussion before on this list so you might be able to > dig in the archives for the long winded answer. > > The short winded answer is this: The UDP protocol requires that the > login server and any 'region connect' messages have an IP address in > the response to the client. If the UDP protocol allowed you to only > send a hostname, then this wouldn't be an issue. As far as the > region looking up it's DNS info, neither the login server, or the > region has enough of a network structure understanding to manage that > 'external ip/internal ip' thing better at the moment. Ideally, > someone could write a subnet matching/ip rewriting scheme that gets > sent to the login server so that the login server could supply the > correct IP address based on the connecting client ip but it's probably > going to be a lot of work to refactor that in because of the > complexities of the object RegionInfo and how it interacts with the > various types of grid services, (standalone, grid, standalone grid, > hypergrid... etc). > > One thing that I think is important to note. I vaguely remember > something about sending the client 0.0.0.0 and triggering the client > to do the lookup but, at the time, the client had some bugs that > prevented it from working. That might be a more feasable way to move > forward. Test that option. > > -Teravus > > > ______________________________**_________________ > Opensim-users mailing list > [email protected] > https://lists.berlios.de/**mailman/listinfo/opensim-users<https://lists.berlios.de/mailman/listinfo/opensim-users> >
_______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
