Hi Fred / et all,
My Grid configuration is running behind a company firewall. So all
service we provide are serviced by the company firewall. We dont want to
advertise our internal IP addresses to the outside world. So we run an
internal DNS server with all the internal network and an external DNS
server to provide services to users on the internet. The Split DNS
concept. In this way we make our Network configuration more secure
beside all other security measures we do on the FW of course. By port
forwarding we redirect the traffic from Internet to the right ports on
the Grid or Region server. When I started to configure OpenSim I first
use FQDN (host.domain.nl) and got the same result as mentioned by Tom.
After monitoring the network I saw package that could not be resolved.
For the internal network users and the users from internet you want the
configuration to be transparent without have to use different
configuration. The only solution to use OpenSim Grid in combination with
split DNS and a FW is to use FQDN. Then the resolving of the internal
and external DNS will result respectively in the internal IP address for
internal users (for instance an address like 192.168.0.1) and the FW IP
address for external users (for instance 47.185.237.187) with forwarding
of ports to the internal servers. This configuration works for all
services we provide but not for OpenSim's Region.ini. This configuration
will only work when you put in the FW IP address.
Somehow there is something wrong in the resolving and accepting the FQDN
in the Region.ini
I think more and more OpenSim network will be behind FW and security
system with split DNS and use internal un-routable IP ranges (class A:
10.x.x.x and class B: 192.168.x.x). Normally this configuration can work
stand-alone. But when my FW is down the standalone grid will not work
because of the external IP address in the Region.ini. When FQDN in the
Region.ini are correctly resolved then internal users can work on the
grid because it doesn't need the FW to connect to but use the internal
DNS that resolve the FQDN to the internal IP address.
So the FQDN in the Region.ini does not lead to the right IP (in this
case internal IP address) it will result in a TP that is not working
because the Regio Server can not be found.
with regard,
Johan Taal
Fred Beckhusen schreef op 2017-05-23 20:36:
> Johan Taal: You have an interesting comment that the FQDN should not be used
> on regions. Are you saying that the DNS system at the far end may have
> issues resolving it to an IP? Or that the LAN user cannot get to the region
> because their DNS server is not resolving, thus occasionally leading to
> Thomas Ringates flaky tp problem?
>
> Tom:
>
> Your region file looks fine. The Outbound Disallow looks correct, too.
> That's a good catch - an exception should be made to the use http://
> 'rule'.
>
> One minor point: I believe Maxprims = 10000 is meaningless without an
> economy module. It only reports that number to a osSL function for prims can
> check parcel limits. And the viewer stops at 45,000 no matter what you type
> in.
>
> I have the same Linksys, too, and it works great for me.
>
> Fred
>
> _______________________________________________
> Opensim-users mailing list
> Opensim-users@opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
_______________________________________________
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
