[JDEV] Jabber server redirection

Thu Feb 21 16:06:38 CST 2002

As a matter of basic security, they should have a firewall between the
web server and the 'net.  Any firewall can forward ports.

 - Dave

Dave Dykstra wrote:
> 
> On Thu, Feb 21, 2002 at 08:34:54AM -0500, Dave wrote:
> > I'm starting to feel like that Aflack duck that nobody listens to.
> > You can simply forward ports 5222 and 5269 from company.com to
> > jabber.sub.company.com and everything will work like a charm :-)
> 
> I'm sure that won't be acceptable in my case; the people who run the web
> server company.com won't want all that traffic going through their server.
> I am asking the network administrators if they might be able to redirect
> the traffic for specific ports before it gets the web server, and that's a
> possibility but I think that too may be too restrictive.
> 
> 
> On Wed, Feb 20, 2002 at 03:10:00PM +0000, Thomas Parslow (PatRat) wrote:
> > > I would like to be able to set up jabber in my company so that people can
> > > have a jabber ID of id at company.com, rather than id at jabber.sub.company.com
> > > when we run a server on jabber.sub.company.com.  Is there a way to do that,
> > > or a plan to be able to do that at some point?  It's conceivable that I'd
> > > be able to run a small redirection server on the machine called company.com,
> > > but it has to use very little resources because the primary purpose of that
> > > machine is web service.  In fact, I'm thinking I might want to set up
> > > the redirection server to lookup up IDs in a database and redirect people
> > > to different servers for load balancing.  Any suggestions?
> > >
> > > Thanks,
> > >
> > > - Dave Dykstra
> > 
> > Hi,
> > 
> > How about using SRV record for the domain? The Jabber server should
> > recognize the SRV record (it's supported it since 1.2 afaik) and
> > connect to wherever it points to for S2S. You'd need to add something
> > like this to the DNS zone for company.com:
> > 
> > _jabber._tcp    IN SRV  30 30 5269 jabber.sub.company.com
> 
> 
> That sounds very promising.   Yesterday I happened to be looking at an
> ethereal trace of the messages between the Microsoft Exchange Instant
> Messenger server that's been set up in my company and one of its clients,
> and I saw the client doing a DNS SRV query and thought jabber needed
> something like that.  I had searched for something like that in the
> gabber source code and in the jabberd directory in the jabber server
> source code but didn't think to check other directories; I found it now
> under dnsrv.
> 
> I don't unerstand how it helps for servers to use this though.  Wouldn't
> the clients have to do it?  I don't see anywhere in the gabber source where
> it attemps to do anything like this.
> 
> 
> > The problem with this is getting the clients to connect to the correct
> > server, if you just set them to connect to "jabber.sub.company.com" then
> > they will send "jabber.sub.company.com" as the to attribute of the
> > opening <stream:stream> tag which makes the server look for
> > "jabber.sub.company.com" in the spool directory.
> > 
> > The only solution I can see to this is for clients to support
> > connecting to an address which is different from the server name. In
> > the client I am developing I allow the user to specify the name of the
> > server in the username field by entering it in the form:
> > user at server.com.
> 
> I think I know what you mean.  We experimented with changing the name that
> the server calls itself to company.com while still saying the server was
> jabber.sub.company.com when logging in, hoping that at least jabber ids
> could then be thought of as id at company.com, but gabber couldn't handle it.
> 
> 
> > Does anyone have any other ideas on how to do this?
> > 
> > Thomas Parslow (PatRat) ICQ #:26359483
> > Rat Software
> > http://www.rat-software.com/
> > Please leave quoted text in place when replying
> 
> 
> - Dave Dykstra
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 