[JDEV] jabberd behind NAT fails s2s interoperation

matthew c. mead mmead at goof.com
Wed Sep 25 18:36:24 CDT 2002 

Thanks for the explanation.

Is this key the ssl certificate that I built?  If so, would it
being self-signed be a problem?  Should I go back to no ssl?

Following is the debug output from a send from mmead at goof.com to
mmead at jabber.org.

Does it make any sense to you?

Thanks for your help!



-matt

Wed Sep 25 19:31:45 2002  deliver.c:474 DELIVER 1:jabber.org <message to='mmead at jabber.org' from='mmead at goof.com/Psi'>
<body>test</body></message>
Wed Sep 25 19:31:45 2002  deliver.c:678 delivering to instance 'dnsrv'
Wed Sep 25 19:31:45 2002  dnsrv.c:264 dnsrv: Creating lookup request queue for jabber.org
Wed Sep 25 19:31:45 2002  dnsrv.c:273 dnsrv: Transmitting lookup request: <host>jabber.org</host>
Wed Sep 25 19:31:45 2002  dnsrv.c:159 DNSRV CHILD: Read from buffer: <host>jabber.org</host>Wed Sep 25 19:31:45 2002  mtq 817E900 leaving to pth

Wed Sep 25 19:31:45 2002  dnsrv.c:112 dnsrv: Recv'd lookup request for jabber.org
Wed Sep 25 19:31:45 2002  mio.c:607 mio while loop topWed Sep 25 19:31:45 2002  srv_resolv.c:112 srv: SRV resolution of _jabber._tcp.jabber.org

Wed Sep 25 19:31:45 2002  srv_resolv.c:99 srv: Standard resolution of jabber.org
Wed Sep 25 19:31:45 2002  dnsrv.c:123 Resolved jabber.org((null)): 208.245.212.108      resend to:s2s
Wed Sep 25 19:31:45 2002  dnsrv.c:338 incoming resolution: <host ip='208.245.212.108' to='s2s'>jabber.org</host>
Wed Sep 25 19:31:45 2002  deliver.c:474 DELIVER 4:s2s <route to='s2s' ip='208.245.212.108'><message to='mmead at jabber.org' from='mmead at goof.com/Psi'>
<body>test</body></message></route>
Wed Sep 25 19:31:45 2002  deliver.c:678 delivering to instance 's2s'
Wed Sep 25 19:31:45 2002  dialback_out.c:192 dbout packet[208.245.212.108]: <message to='mmead at jabber.org' from='mmead at goof.com/Psi'>
<body>test</body></message>
Wed Sep 25 19:31:45 2002  dialback_out.c:212 outgoing packet with key jabber.org/goof.com and located existing 0
Wed Sep 25 19:31:45 2002  dialback_out.c:99 Attempting to connect to jabber.org/goof.com at 208.245.212.108
Wed Sep 25 19:31:45 2002  mio.c:527 calling the connect handler for mio object 81F5280
Wed Sep 25 19:31:45 2002  dialback_out.c:329 dbout read: fd 21 flag 4 key jabber.org/goof.com
Wed Sep 25 19:31:45 2002  log.c:116 <log type='notice' from='jabber.org'>failed to establish connection</log>
Wed Sep 25 19:31:45 2002  deliver.c:474 DELIVER 3:jabber.org <log type='notice' from='jabber.org'>failed to establish connection</log>
Wed Sep 25 19:31:45 2002  deliver.c:678 delivering to instance 'elogger'
20020925T23:31:45: [notice] (jabber.org): failed to establish connection
Wed Sep 25 19:31:45 2002  deliver.c:606 delivery failed (Server Connect Failed)
Wed Sep 25 19:31:45 2002  log.c:116 <log type='notice' from='jabber.org'>bouncing a packet to mmead at jabber.org from mmead at goof.com/Psi: Server Connect Failed</log>
Wed Sep 25 19:31:45 2002  deliver.c:474 DELIVER 3:jabber.org <log type='notice' from='jabber.org'>bouncing a packet to mmead at jabber.org from mmead at goof.com/Psi: Server Connect Failed</log>
Wed Sep 25 19:31:45 2002  deliver.c:678 delivering to instance 'elogger'
20020925T23:31:45: [notice] (jabber.org): bouncing a packet to mmead at jabber.org from mmead at goof.com/Psi: Server Connect Failed
Wed Sep 25 19:31:45 2002  deliver.c:474 DELIVER 1:goof.com <message to='mmead at goof.com/Psi' from='mmead at jabber.org' type='error'>
<body>test</body><error code='502'>Server Connect Failed</error></message>
Wed Sep 25 19:31:45 2002  deliver.c:678 delivering to instance 'sessions'
Wed Sep 25 19:31:45 2002  deliver.c:94 (8128300)incoming packet <message to='mmead at goof.com/Psi' from='mmead at jabber.org' type='error'>
<body>test</body><error code='502'>Server Connect Failed</error></message>


On Wed, Sep 25, 2002 at 05:59:27PM -0500, Justin Georgeson wrote:
> Dialback works by the sending server giving the receiving server a key. 
> The receiving server does a DNS lookup and contacts the returned IP 
> address. Then the key is verified. If the verification if succsessful, 
> the receiving server tells the sending server it's ok to proceed. While 
> trying to figure out the internals I noticed that the process seems to 
> start again in the middle when the receiving server contacts the looked 
> up IP to verify the key. This contact marks the beginning of a dialback 
> connection where the sending server becomes a receiving server. It all 
> got very confusing trying to look at all the packets in the log file and 
> trace it by hand.
> 
>  From the error message, I would say it is definitely a dialback issue, 
> and it is probably the server on the other end not being able to verify 
> the server behind the NAT. Run the server in debug mode and capture the 
> output ( jabberd .... -D > debug.log 2>&1). Then look for entries in 
> dialback*.c
> 
> matthew c. mead wrote:
> > Anybody?
> > 
> > Anyone familiar with how dial back works?  I have to assume
> > that's what's failing...
> > 
> > 
> > -matt
> > 
> > On Wed, Sep 25, 2002 at 09:41:03AM -0400, matthew c. mead wrote:
> > 
> >>I've asked on JADMIN but haven't gotten any response.  I'm hoping
> >>someone here has more knowledge of the issues involved:
> >>
> >>I just recently installed a jabber server at goof.com.
> >>Unfortunately, I cannot get it to interoperate with other jabber
> >>servers using s2s.
> >>
> >>I do not have control over the PTR record for the external ip
> >>addresses my server answers.
> >>
> >>Is there some way to get s2s working despite this?  Sending from
> >>goof.com to external servers yields a connect failure.  Sending
> >>from external servers to goof.com yields that the remote server
> >>does not have permission to respond with the specified ip
> >>address.
> >>
> >>My NAT box allows all outbound connections.  It has forwarding
> >>rules to forward inbound packets it receives for TCP ports 5222,
> >>5223, 5269, and 7000 to the machine running the jabber server.
> >>
> >>Any ideas?
> >>
> >>Thanks!
> >>
> >>
> >>
> >>-matt
> >>
> >>-- 
> >>matthew c. mead
> >>
> >>http://www.goof.com/~mmead/
> >>_______________________________________________
> >>jdev mailing list
> >>jdev at jabber.org
> >>http://mailman.jabber.org/listinfo/jdev
> >>
> > 
> > 
> 
> -- 
> Justin Georgeson
> UnBound Technologies, Inc.
> http://www.unboundtech.com
> Main   713.329.9330
> Fax    713.460.4051
> Mobile 512.789.1962
> 
> 5295 Hollister Road
> Houston, TX 77040
> Real Applications using Real Wireless Intelligence(tm)
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 

-- 
matthew c. mead

http://www.goof.com/~mmead/

More information about the JDev mailing list