[JDEV] RE: [jadmin] install jabber server behind firewall
Frank Vernon
frank at mancala.com
Fri Feb 9 18:50:04 CST 2001
Hi all-
I too have been wrestling with 1.4 trying to get it to run behind a firewall
today. I finally got it running locally but still no luck in interoperating
with the jabber.org server.
The problem seems to be buried somewhere within the dialback mechanism but
I'm new to the codebase so it's slow going trying to figure out exactly
what's going on. Is there any documentation on the details of the dialback
strategy? I can't seem to find any. Does anyone know if it's exchanging
explicit IP addresses as apposed to just the canonical names defined in
jabber.xml? (If so, this mechanism will never work in a NAT'ed firewall
scenario like mine.)
I've captured packets and can see the 'error' result in the
<db:result.../db:result> exchange. From reading the code it looks like 'db'
definitely refers to the dialback mechanism. I've browsed the code at some
length and it would appear that for the most part the hashed items in the
captured stream are not IP addresses but it's hard to tell in all cases. A
little documentation would go a long way here.
I'm pretty sure that my firewall configuration is correct. I'm forwarding
ports 5222 and 5269 and I have DNS setup so that my server name resolves to
the IP address on the outside of the firewall. In theory, as far as a remote
server is concerned, my server should appear to be sitting at the firewall
address. Is there a reverse lookup in this process? Is there another port in
use here? Any other pointers?
BTW- I think it would great if the debug output of the server included the
raw XML packets at each step. Also some more detail in the db:result 'error'
would be helpful to debug these issues.
Thanks-
Frank
> -----Original Message-----
> From: jadmin-admin at mailman.jabber.org
> [mailto:jadmin-admin at mailman.jabber.org]On Behalf Of Chris Schultz
> Sent: Friday, February 09, 2001 1:30 PM
> To: Chris Pile; jadmin at mailman.jabber.org
> Subject: Re: [jadmin] install jabber server behind firewall
>
>
> I don't have the firewall logs in front of me, but there are no ports
> open to this system. I also tried removing the s2s and dnsrv entries
> but I could not get jabberd to start (I got a config file parse error).
>
> BTW, everything else pretty much works. I'm just worried about dinging
> update.jabber.org with every user that hits my internal server.
>
> --Chris
>
> Chris Pile wrote:
> >
> > I get similar messages:
> > 20010209T15:31:00: [notice] (update.jabber.org): bouncing a packet to
> > 959967024 at update.jabber.org/1.1.1.5 from chris at somedomain.tld/JabberIM:
> > Unable to deliver, destination unknown
> >
> > Although I also removed the s2s and dnsrv entries in my jabber.xml
> > config.
> >
> > I haven't had chance yet but will set up a simple firewall and log to
> > see what port etc this traffic is transmitted on.
> >
> > Chris: do you have any firewall logs to suggest that traffic is being
> > sent to/from jabber.org? I just figured these messages indicated that
> > the info could not be sent.
> >
> > Thanks,
> > Chris Pile
> >
> > Chris Schultz wrote:
> > >
> > > I'm having a related issue. I'm trying to set up my Jabber 1.4 server
> > > for intranet use only. And yet it keeps trying to communicate with
> > > update.jabber.org. Here's the error.log file:
> > >
> > > 20010209T03:50:59: [notice] (update.jabber.org): bouncing a packet to
> > > 959967039 at update.jabber.org/0.9.3.5 from
> > > chris at monitor.availigence.com/Winjab: Server Connect Timeout
> > > 20010209T03:51:31: [alert] (s2s): We were told by
> update.jabber.org that
> > > our sending name monitor.availigence.com is invalid, either something
> > > went wrong on their end, we tried using that name improperly, or dns
> > > does not resolve to us
> > >
> > > Now I'm sure that update can't talk to my box because I've blocked
> > > access at the firewall. But why is our internal server still
> trying to
> > > communicate with the outside world at all?
> > >
> > > My jabber.xml file is below. I've taken out update, jud,
> mod_version.so
> > > but the behavior still continues.
> > >
> > > Any help would be greatly appreciated.
> > >
> > > --Chris
> > >
> > > <jabber>
> > > <service id="sessions">
> > > <host><jabberd:cmdline
> > > flag="h">monitor.availigence.com</jabberd:cmdline></host>
> > > <jsm xmlns="jabber:config:jsm">
> > > <filter>
> > > <default/>
> > > <max_size>100</max_size>
> > > <allow>
> > > <conditions>
> > > <ns/>
> > > <unavailable/>
> > > <from/>
> > > <resource/>
> > > <subject/>
> > > <body/>
> > > <show/>
> > > <type/>
> > > <roster/>
> > > <group/>
> > > </conditions>
> > > <actions>
> > > <error/>
> > > <offline/>
> > > <reply/>
> > > <continue/>
> > > <settype/>
> > > </actions>
> > > </allow>
> > > </filter>
> > > <register notify="yes">
> > > <instructions>Choose a username and password to register with
> > > this server.</instructions>
> > > <name/>
> > > <email/>
> > > </register>
> > > <welcome>
> > > <subject>Welcome!</subject>
> > > <body>Welcome to the Jabber server at localhost -- we hope you
> > > enjoy this service! For information about how to use Jabber, visit the
> > > Jabber User's Guide at http://docs.jabber.org/</body>
> > > </welcome>
> > > <vcard2jud/>
> > > <browse>
> > > <conference type="private"
> > > jid="conference.monitor.availigence.com" name="Conference"/>
> > > <service type="aim" jid="aim.monitor.availigence.com"
> name="AIM
> > > Transport">
> > > <ns>jabber:iq:gateway</ns>
> > > <ns>jabber:iq:register</ns>
> > > </service>
> > > </browse>
> > > </jsm>
> > >
> > > <load main="jsm">
> > > <jsm>./jsm/jsm.so</jsm>
> > > <mod_echo>./jsm/jsm.so</mod_echo>
> > > <mod_roster>./jsm/jsm.so</mod_roster>
> > > <mod_time>./jsm/jsm.so</mod_time>
> > > <mod_vcard>./jsm/jsm.so</mod_vcard>
> > > <mod_last>./jsm/jsm.so</mod_last>
> > > <mod_announce>./jsm/jsm.so</mod_announce>
> > > <mod_agents>./jsm/jsm.so</mod_agents>
> > > <mod_browse>./jsm/jsm.so</mod_browse>
> > > <mod_admin>./jsm/jsm.so</mod_admin>
> > > <mod_filter>./jsm/jsm.so</mod_filter>
> > > <mod_offline>./jsm/jsm.so</mod_offline>
> > > <mod_presence>./jsm/jsm.so</mod_presence>
> > > <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
> > > <mod_auth_digest>./jsm/jsm.so</mod_auth_digest>
> > > <mod_auth_0k>./jsm/jsm.so</mod_auth_0k>
> > > <mod_log>./jsm/jsm.so</mod_log>
> > > <mod_register>./jsm/jsm.so</mod_register>
> > > <mod_xml>./jsm/jsm.so</mod_xml>
> > > </load>
> > > </service>
> > >
> > > <xdb id="xdb">
> > > <host/>
> > > <load>
> > > <xdb_file>./xdb_file/xdb_file.so</xdb_file>
> > > </load>
> > > <xdb_file xmlns="jabber:config:xdb_file">
> > > <spool><jabberd:cmdline
> flag='s'>./spool</jabberd:cmdline></spool>
> > > </xdb_file>
> > > </xdb>
> > >
> > > <service id="c2s">
> > > <load>
> > > <pthsock_client>./pthsock/pthsock_client.so</pthsock_client>
> > > </load>
> > > <pthcsock xmlns='jabber:config:pth-csock'>
> > > <authtime/>
> > > <karma>
> > > <init>10</init>
> > > <max>10</max>
> > > <inc>1</inc>
> > > <dec>1</dec>
> > > <penalty>-6</penalty>
> > > <restore>10</restore>
> > > </karma>
> > > <ip port="5222"/>
> > > </pthcsock>
> > > </service>
> > >
> > > <log id='elogger'>
> > > <host/>
> > > <logtype/>
> > > <format>%d: [%t] (%h): %s</format>
> > > <file>error.log</file>
> > > <stderr/>
> > > </log>
> > > <log id='rlogger'>
> > > <host/>
> > > <logtype>record</logtype>
> > > <format>%d %h %s</format>
> > > <file>record.log</file>
> > > </log>
> > >
> > > <service id="dnsrv">
> > > <host/>
> > > <load>
> > > <dnsrv>./dnsrv/dnsrv.so</dnsrv>
> > > </load>
> > > <dnsrv xmlns="jabber:config:dnsrv">
> > > <resend service="_jabber._tcp">s2s</resend> <!-- for
> supporting
> > > SRV records -->
> > > <resend>s2s</resend>
> > > </dnsrv>
> > > </service>
> > > <service id="s2s">
> > > <load>
> > > <dialback>./dialback/dialback.so</dialback>
> > > </load>
> > > <dialback xmlns='jabber:config:dialback'>
> > > <legacy/>
> > > <ip port="5269"/>
> > > <karma>
> > > <init>50</init>
> > > <max>50</max>
> > > <inc>4</inc>
> > > <dec>1</dec>
> > > <penalty>-5</penalty>
> > > <restore>50</restore>
> > > </karma>
> > > </dialback>
> > > </service>
> > > <service id="conference.monitor.availigence.com">
> > > <load><conference>./conference/conference.so</conference></load>
> > > <conference xmlns="jabberd:config:conference">
> > > <private/>
> > > <history>30</history>
> > > <vCard>
> > > <FN>Conference</FN>
> > > <DESC>This service is for private conferencing rooms.</DESC>
> > > <URL>http://www.availigence.com/</URL>
> > > </vCard>
> > > <notice>
> > > <join> has become available</join>
> > > <leave> has left</leave>
> > > <rename> is now known as </rename>
> > > </notice>
> > > </conference>
> > > </service>
> > > <service id='aim.monitor.availigence.com'>
> > >
> > >
> <load><aim_transport>./aim-transport/aimtrans.so</aim_transport></load>
> > > <aimtrans xmlns='jabber:config:aimtrans'>
> > > <vCard>
> > > <FN>AIM Transport</FN>
> > > <DESC>An AIM Transport!</DESC>
> > > </vCard>
> > > </aimtrans>
> > > </service>
> > >
> > > <io>
> > > <rate points="5" time="25"/>
> > > </io>
> > >
> > > <pidfile>./jabber.pid</pidfile>
> > > </jabber>
> > >
>
> --
> Chris Schultz ................................804.521.3072...o..
> Availigence, Inc. ............................804.935.0165...f..
> http://www.availigence.com ....... chris.schutlz at NOSPavailigence.com
More information about the JDev
mailing list