[JDEV] s2s/dialback/SOCKS

Ragavan S jabber_dev at hotmail.com
Tue Mar 25 15:13:30 CST 2003 

Hello,

I am trying to setup s2s communications between 2 jabber 1.4.2 servers on 
Linux machines with static IP addresses -- one on the internet and the other 
on a company intranet (behind a firewall).

Using ssh port forwards and iptables, I am able to establish network 
connectivity between these two machines. So, for example, from the external 
server (jabber-external.company.com), I am able to telnet to port 5269 of 
the internal server (jabber-internal.company.com) and similarly, from the 
internal server I am able to telnet out (using SOCKS).

I run the jabberd process on the external machine in a straightforward 
manner, while I socksify the jabberd process on the internal machine (so it 
can go outside).

However, the dialback protocol seems to fail. Thus, even though the two 
servers have network connectivity going both sides, the actual dialback 
process doesn't get validated and I get a Server Connect Failed error. A 
look at the jabberd debug logs reveals that the external server stops with a 
<db:result>33345..</db:result> exchange while the internal server's last 
exchange seems to be a <db:verify>33345..</db:verify> before it reports a 
<stream:error>I guess we're trying to use the wrong name, 
sorry</stream:error>.

So, I am curious to find out if people have successfully gotten s2s 
communications working in such a scenario (inside/outside firewall), and if 
so, was there anything other than having bi-directional network connectivity 
open? Also, does anyone know if having a SOCKS server in between affect the 
dialback process (if the SOCKS server doesn't do any form of DNS function).

If this does have something to do with the dialback protocol itself, besides 
the upcoming SASL support for s2s in jabberd2, are there other options I can 
look at?

By the way, I can post the detailed debug logs if that would be more 
helpful, but I wanted to figure out if someone already has such a setup 
working well for them. I will also continue looking into this (maybe strace 
or tcpdump).

Thanks in advance for any insights, and let me know if you need more 
clarifications.

Ragavan

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail

More information about the JDev mailing list