Re: Problems with teleporting in grid mode, from simulator instance to another instance? (Ferd)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Problems with teleporting in grid mode, from simulator instance to another instance? (Ferd)

Fred Beckhusen
Johan Taal:  You have an interesting comment that the FQDN should not be used on regions.  Are you saying that the DNS system at the far end may have issues resolving it to an IP?  Or that the LAN user cannot get to the region because their DNS server is not resolving, thus occasionally leading to Thomas Ringates flaky tp problem?


Tom:

Your region file looks fine.    The Outbound Disallow looks correct,
too.  That's a   good catch - an exception should be made to the use
http://  'rule'.

One minor point: I believe   Maxprims = 10000 is meaningless without an
economy module. It only reports that number to a osSL function for prims
can check parcel limits. And the viewer stops at 45,000 no matter what
you type in.

I have the same Linksys, too, and it works great for me.

Fred

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems with teleporting in grid mode, from simulator instance to another instance? (Ferd)

Johan Taal

Hi Fred / et all,

My Grid configuration is running behind a company firewall.  So all service we provide are serviced by the company firewall. We dont want to advertise our internal IP addresses to the outside world. So we run an internal DNS server with all the internal network and an external DNS server to provide services to users on the internet. The Split DNS concept. In this way we make our Network configuration more secure beside all other security measures we do on the FW of course. By port forwarding we redirect the traffic from Internet to the right ports on the Grid or Region server. When I started to configure OpenSim I first use FQDN (host.domain.nl) and got the same result as mentioned by Tom. After monitoring the network I saw package that could not be resolved. 

For the internal network users and the users from internet you want the configuration to be transparent without have to use different configuration. The only solution to use OpenSim Grid in combination with split DNS and a FW is to use FQDN. Then the resolving of the internal and external DNS will result respectively in the internal IP address for internal users (for instance an address like 192.168.0.1) and the FW IP address for external users (for instance 47.185.237.187) with forwarding of ports to the internal servers. This configuration works for all services we provide but not for OpenSim's Region.ini. This configuration will only work when you put in the FW IP address.

Somehow there is something wrong in the resolving and accepting the FQDN in the Region.ini

I think more and more OpenSim network will be behind FW and security system with split DNS and use internal un-routable IP ranges (class A: 10.x.x.x and class B: 192.168.x.x). Normally this configuration can work stand-alone. But when my FW is down the standalone grid will not work because of the external IP address in the Region.ini. When FQDN in the Region.ini are correctly resolved then internal users can work on the grid because it doesn't need the FW to connect to but use the internal DNS that resolve the FQDN to the internal IP address.

So the FQDN in the Region.ini does not lead to the right IP (in this case internal IP address) it will result in a TP that is not working because the Regio Server can not be found.

with regard,

Johan Taal




Fred Beckhusen schreef op 2017-05-23 20:36:

Johan Taal:  You have an interesting comment that the FQDN should not be used on regions.  Are you saying that the DNS system at the far end may have issues resolving it to an IP?  Or that the LAN user cannot get to the region because their DNS server is not resolving, thus occasionally leading to Thomas Ringates flaky tp problem?


Tom:

Your region file looks fine.    The Outbound Disallow looks correct, too.  That's a   good catch - an exception should be made to the use http://  'rule'.

One minor point: I believe   Maxprims = 10000 is meaningless without an economy module. It only reports that number to a osSL function for prims can check parcel limits. And the viewer stops at 45,000 no matter what you type in.

I have the same Linksys, too, and it works great for me.

Fred

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users



_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems with teleporting in grid mode, from simulator instance to another instance? (Ferd)

AJLDuarte

FQDN on externalhostname should be working

Make sure you did not set a option ResolveAddress to true

Btw this was broken by mistake, but only for a few hours on master

Think the issue did not reach any RC

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of taalj
Sent: Tuesday, May 23, 2017 20:36
To: [hidden email]
Cc: Fred Beckhusen
Subject: Re: [Opensim-users] Problems with teleporting in grid mode, from simulator instance to another instance? (Ferd)

 

Hi Fred / et all,

My Grid configuration is running behind a company firewall.  So all service we provide are serviced by the company firewall. We dont want to advertise our internal IP addresses to the outside world. So we run an internal DNS server with all the internal network and an external DNS server to provide services to users on the internet. The Split DNS concept. In this way we make our Network configuration more secure beside all other security measures we do on the FW of course. By port forwarding we redirect the traffic from Internet to the right ports on the Grid or Region server. When I started to configure OpenSim I first use FQDN (host.domain.nl) and got the same result as mentioned by Tom. After monitoring the network I saw package that could not be resolved. 

For the internal network users and the users from internet you want the configuration to be transparent without have to use different configuration. The only solution to use OpenSim Grid in combination with split DNS and a FW is to use FQDN. Then the resolving of the internal and external DNS will result respectively in the internal IP address for internal users (for instance an address like 192.168.0.1) and the FW IP address for external users (for instance 47.185.237.187) with forwarding of ports to the internal servers. This configuration works for all services we provide but not for OpenSim's Region.ini. This configuration will only work when you put in the FW IP address.

Somehow there is something wrong in the resolving and accepting the FQDN in the Region.ini

I think more and more OpenSim network will be behind FW and security system with split DNS and use internal un-routable IP ranges (class A: 10.x.x.x and class B: 192.168.x.x). Normally this configuration can work stand-alone. But when my FW is down the standalone grid will not work because of the external IP address in the Region.ini. When FQDN in the Region.ini are correctly resolved then internal users can work on the grid because it doesn't need the FW to connect to but use the internal DNS that resolve the FQDN to the internal IP address.

So the FQDN in the Region.ini does not lead to the right IP (in this case internal IP address) it will result in a TP that is not working because the Regio Server can not be found.

with regard,

Johan Taal

 

 

 

Fred Beckhusen schreef op 2017-05-23 20:36:

Johan Taal:  You have an interesting comment that the FQDN should not be used on regions.  Are you saying that the DNS system at the far end may have issues resolving it to an IP?  Or that the LAN user cannot get to the region because their DNS server is not resolving, thus occasionally leading to Thomas Ringates flaky tp problem?


Tom:

Your region file looks fine.    The Outbound Disallow looks correct, too.  That's a   good catch - an exception should be made to the use http://  'rule'.

One minor point: I believe   Maxprims = 10000 is meaningless without an economy module. It only reports that number to a osSL function for prims can check parcel limits. And the viewer stops at 45,000 no matter what you type in.

I have the same Linksys, too, and it works great for me.

Fred

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

 


_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users