[JDEV] jabberd and Proxies : leave AOL alone

Jay Curry rusty at curry.net
Mon Mar 11 10:52:05 CST 2002 

>From what I know of IPv6, accessing IPv4 services is done via a NAT type
translation. The data is tunneled if the IPv6 host is not directly
attached to a IPv6 backbone provider. This is little different from most
dsl implementations where the connection from your dslam to your ISP is
an ATM circuit, yet all you see is an ethernet like connection.

There are two or three specific places where I see people wanting to do
http tunneling. Clients behind any firewall, Servers behind corporate
firewalls, and Servers behind home firewalls. As the original question
was about servers, we can drop the first possibility. Besides from what
I understand but have not tested, that capability is built into the
server already, and mearly needs clients built to do that form of
tunnelling.

I have a hard time believing that people behind a home firewall are
going to have any serious difficulty getting a hole through that
firewall for s2s connectivity. If they do, it is because someone other
than the server implementer has control over the firewall, and for some
reason the two are not talking reasonably. 

That leaves servers behind a corporate firewall. A well planned and
implemented project to put a server into the environment would have the
buyoff of the security people. There would either be a ready made hole
in the firewall for them, or they would be in theprocess of developing a
sock or proxy solution specific to the s2s protocol.

That leaves servers being put into a corproate environment without
corporate buy in. Sad to say it, but I agree with Riviere that adding
http tunneling features to jabberd to support this type of
implementation is probably a bad idea.

That's just my opinion, I could be wrong.

-Rusty

On Mon, 2002-03-11 at 02:28, Riviere Stéphane Jean wrote:
> In that case, the IPv6 network would have the same problem with SMTP and
> NNTP servers, wouldn't it ? I don't think that HTTP tunneling of SMTP/NNTP
> is planned, but perhaps I'm wrong...
> 
> I don't think that HTTP-tunneling of everything is a good thing.
> The point is : firewalls were "created" to filter access to network
> ressources. The HTTP port is opened on most of them to allow web-surfing and
> webserver hosting. If every protocols get HTTP-tunneled, the firewall
> becomes completely useless, because all protocols will go through the HTTP
> port. So, what you'll get will be HTTP-level firewalls that will filter the
> tunneled  protocols...
> 
> I really think that HTTP-tunneling is a short-time workaround to solve the
> current firewall problems. Making Jabber accepted as a standard protocol
> like SMTP or HTTP by network administrators will perhaps take time, but it's
> probably the only good solution...
> 
> 
> Stéphane.
> 
> 
> 
> -----Message d'origine-----
> De : Dave [mailto:dave at dave.tj]
> Envoyé : vendredi 8 mars 2002 22:37
> À : jdev at jabber.org
> Objet : Re: [JDEV] jabberd and Proxies : leave AOL alone
> 
> 
> Before we go picking at AOL, it's worth noting that an IPv6 network
> has no way of accessing our IPv4 internet without proxies, unless your
> IPv6 network also has a valid IPv4 block mapped to it.  In that case,
> putting your server on the Internet will be impossible, even if you
> aren't using AOL.  Having an HTTP-based s2s sidesteps all these issues
> in a very convenient way.
> 
>  - Dave
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list