[JDEV] Server 1.2 Setup questions
Keith Minkler
keith at digix.dyndns.org
Tue Nov 14 01:07:03 CST 2000
Yes, my NAT "router" forwards everythin on ports 5269 and 5222 to the internal IP address, and that's all it needs...
My jabber server, and all the transports are run on the same machine, and *.foo.dyndns.org points to the same IP address as my NAT server, foo.dyndns.org.
My transports connect to etherx "foo.dyndns.org", not an internal IP address, and my clients as well, so I guess you could say my packets take the long route to get to the server.. *g*.. since it goes client -> near router -> far router -> port forwarded to server -> server but it works great.
Hope this helps,
Keith
On Tue, Nov 14, 2000 at 03:02:16PM +0800, Vincent Lim wrote:
> Keith,
> do you configure your NAT firewall to listen out for port 5269 in this case?
> Or, how do you configure the NAT firewall to enable dialback to work?
>
> Vincent
> ===================================================
> Guys...
>
> I'm running a 1.2 (and 1.0 and 1.3) server behind a NAT firewall, on a dyndns.org IP adderss, and it works perfectly fine.
>
> As long as you use the DNS name everywhere, it works perfectly. You can't go around calling your server localhost, when it's foo.dyndns.org to everyone else. Even behind my firewall, I connect to my dyndns.org Hostname, not the Internal name.
>
> Dialback works fine for me, even in my secluded hole in the ground server... I even run transports that I can still access while logged into jabber.org...
>
> Why is my situation any different than yours? my IP changes, but I have a dyndns.org account to compensate, and jabber, and dialback works fine, BUT now i have the added security of dialback! what could be better?
>
> -Keith
>
> On Mon, Nov 13, 2000 at 09:54:05PM -0800, Bob Monaghan wrote:
> > Another problem occurs when running servers behind a firewall with NAT,
> > and/or
> > port-forwarding.
> > The DNS address of the visible IP address on the firewall isn't the ultimate
> > destination of the XML packets. They end up going to a system that has an
> > non-routable
> > IP address that doesn't reflect the "real" IP address. This ultimately makes
> > jabberd useless to me. I noticed that the ICQ transport (possibly others)
> > relies on this as well..
> >
> > :(
> >
> > bob..
> >
> >
> > -----Original Message-----
> > From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]On Behalf Of
> > Lazarus Long
> > Sent: November 13, 2000 9:37 PM
> > To: jdev at jabber.org
> > Cc: security at jabber.org
> > Subject: Re: [JDEV] Server 1.2 Setup questions
> >
> >
> > > IF YOU WANT SECURITY / SAFETY / PRIVACY, RUN YOUR OWN SERVERS.
> > >
> > > > invalid address. Soon (not now, as 1.0 still exists and is for the time
> > > > being supported), this won't work.
> >
> >
> >
>
>
More information about the JDev
mailing list