[jadmin] Re: Jabberd2 + Behind NAT + Proxy65

[Magnus Henoch]

"Matt Gibson" <diwelf at gmail.com> writes:

> I've been trying with a couple friends for a few days to see if we can
> get proxy65 working.
> before we go any furthur I thought I should ask if anyone else has
> successfully gotten it working.
>
> Scenario is:
>
> Jabberd2, on Gentoo, running inside my LAN.
>
> Clients INTERNAL to the LAN can file transfer no problem.
>
> Clients OUTSIDE the lan transferring to other clients OUTSIDE the lan
> does not work
>
> Clients INSIDE the lan transferring to other clients OUTSIDE the lan
> does not work.
>
> The firewall has port 5223 forwarded to the NAT jabber server on the
> LAN. That is it.

A starting piece of advice: look at the IP addresses the clients are
sending back and forth in their XML stanzas.  That will probably show
the problem - clients outside the LAN trying to access internal IP
addresses, or such.

But I think I know what happens.  Proxy65 is running inside the LAN,
and thus believes that its only IP address is (for example)
192.168.0.2.  It gets queries over Jabber from clients (both inside
and outside), and reports its internal IP to all of them.  Thus, when
a client inside the LAN tries to send a file, the receiver needs to
connect either to the client itself or to the proxy, both of which
fails due to NAT.

Why the clients outside the LAN can't transfer files to clients inside
the LAN is beyond me though; though they couldn't use the proxy, they
should be able to establish a direct connection; the client inside the
LAN connects to a random port of the client outside the LAN.

Thus, you need to:

1. Forward a port for the proxy.
2. Make the proxy advertise both internal and external IP address.
   Currently proxy65 can't do that, so you'll have to hack the code.

-- 
Magnus
JID: legoscia at jabber.cd.chalmers.se