[JDEV] jabberd behind NAT fails s2s interoperation

Justin Georgeson jgeorgeson at unboundtech.com
Wed Oct 2 14:59:19 CDT 2002 

My server behind a NAT is configured with the public FQDN in the <host> 
tag, and has <alias to='name'> in the c2s section. I don't ever bind to 
a specific IP address (<ip port='5222'/>  binds to all available 
interfaces). The FQDN resolves to the public IP address, and I have port 
5222, 5223, and 5269 forwarded to the jabber server. I guess the only 
thinkg left I can think of to check is if the NATis actually working. 
For example, try to telnet to goof.com on port 5269 from outside the 
NAT. Also, you can see the public internet form the jabberd box (like 
browse the web and such)?

matthew c. mead wrote:
> I've still not been able to get this going.
> 
> Is anyone else out there running a jabber server behind a nat
> firewall and getting s2s to work with success?
> 
> Thanks.
> 
> 
> 
> -matt
> 
> On Thu, Sep 26, 2002 at 01:55:20PM -0400, matthew c. mead wrote:
> 
>>I do not use the -h switch.  I do have the following in
>>jabber.xml as an element in the <service id="sessions"> element:
>>
>><host>goof.com</host>
>>
>>
>>
>>-matt
>>
>>On Thu, Sep 26, 2002 at 12:07:28PM -0500, Justin Georgeson wrote:
>>
>>>No, the receiving server does a dns lookup of the hostname given to find 
>>>the ip address to contact for verification. When you start jabber, do 
>>>you give it a -h flag? If so that value needs to resolve, via DNS to the 
>>>ip of your nat. If not, use the value of the <host> tag right after the 
>>>start of the <service id="sessions"> tag in jabber.xml. From what you 
>>>have said so far, you should be using goof.com as the <host>/-h value.
>>>
>>>matthew c. mead wrote:
>>>
>>>>On Thu, Sep 26, 2002 at 04:58:51PM +0100, Richard Dobson wrote:
>>>>
>>>>
>>>>>>Yeah, I found that one out by trying.  I still don't see what's
>>>>>>going wrong.
>>>>>>
>>>>>>Does dialback require that the ip address specified by the A
>>>>>>record for the server name have a PTR which points back to the
>>>>>>server name?
>>>>>
>>>>>No you do not need a PTR but the domain your server is claiming to be needs
>>>>>to point to the machine you are trying to use.
>>>>
>>>>
>>>>I have an A record for goof.com that points to a NAT box.  That
>>>>box forwards packets on the jabber ports to a box on my internal
>>>>network that runs the jabber server.
>>>>
>>>>I do not have a PTR record for the ip address that points to the
>>>>canonical name "goof.com."
>>>>
>>>>Given this, I can't figure out what's wrong.  Does the dialback
>>>>code pass the IP address of the interface to which it is bound to
>>>>the remote server?  If so, this could be the problem - in my
>>>>case, it would be passing the internal ip address, rather than
>>>>the external.
>>>>
>>>>Thanks for helping me eliminate the worry of needing a PTR
>>>>record.  My guess is what I've described above is happening.
>>>>
>>>>
>>>>
>>>>-matt
>>>>
>>>
>>>-- 
>>>Justin Georgeson
>>>UnBound Technologies, Inc.
>>>http://www.unboundtech.com
>>>Main   713.329.9330
>>>Fax    713.460.4051
>>>Mobile 512.789.1962
>>>
>>>5295 Hollister Road
>>>Houston, TX 77040
>>>Real Applications using Real Wireless Intelligence(tm)
>>>
>>>_______________________________________________
>>>jdev mailing list
>>>jdev at jabber.org
>>>http://mailman.jabber.org/listinfo/jdev
>>>
>>
>>-- 
>>matthew c. mead
>>
>>http://www.goof.com/~mmead/
>>_______________________________________________
>>jdev mailing list
>>jdev at jabber.org
>>http://mailman.jabber.org/listinfo/jdev
>>
> 
> 

-- 
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main   713.329.9330
Fax    713.460.4051
Mobile 512.789.1962

5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)

More information about the JDev mailing list