[JDEV] Jabber server redirection
dwd at bell-labs.com
Fri Feb 22 14:47:52 CST 2002
Ah, but there are two different company.com servers, one just for the
intranet and one for the internet. I only care about the one on the inside
and there's no need to have a firewall between it and the intranet.
Another problem with the forwarding idea is that I don't necessarily want
to locate the jabber server on the same LAN as the web server, and it
would result in all the jabber traffic making an extra trip across the WAN.
Maybe that's not very significant bandwidth-wise but it hurts reliability;
more points of failure.
- Dave Dykstra
On Thu, Feb 21, 2002 at 05:06:38PM -0500, dave at dave.tj wrote:
> As a matter of basic security, they should have a firewall between the
> web server and the 'net. Any firewall can forward ports.
> - Dave
> Dave Dykstra wrote:
> > On Thu, Feb 21, 2002 at 08:34:54AM -0500, Dave wrote:
> > > I'm starting to feel like that Aflack duck that nobody listens to.
> > > You can simply forward ports 5222 and 5269 from company.com to
> > > jabber.sub.company.com and everything will work like a charm :-)
> > I'm sure that won't be acceptable in my case; the people who run the web
> > server company.com won't want all that traffic going through their server.
> > I am asking the network administrators if they might be able to redirect
> > the traffic for specific ports before it gets the web server, and that's a
> > possibility but I think that too may be too restrictive.
> > On Wed, Feb 20, 2002 at 03:10:00PM +0000, Thomas Parslow (PatRat) wrote:
> > > > I would like to be able to set up jabber in my company so that people can
> > > > have a jabber ID of id at company.com, rather than id at jabber.sub.company.com
> > > > when we run a server on jabber.sub.company.com. Is there a way to do that,
> > > > or a plan to be able to do that at some point? It's conceivable that I'd
> > > > be able to run a small redirection server on the machine called company.com,
> > > > but it has to use very little resources because the primary purpose of that
> > > > machine is web service. In fact, I'm thinking I might want to set up
> > > > the redirection server to lookup up IDs in a database and redirect people
> > > > to different servers for load balancing. Any suggestions?
> > > >
> > > > Thanks,
> > > >
> > > > - Dave Dykstra
> > >
> > > Hi,
> > >
> > > How about using SRV record for the domain? The Jabber server should
> > > recognize the SRV record (it's supported it since 1.2 afaik) and
> > > connect to wherever it points to for S2S. You'd need to add something
> > > like this to the DNS zone for company.com:
> > >
> > > _jabber._tcp IN SRV 30 30 5269 jabber.sub.company.com
> > That sounds very promising. Yesterday I happened to be looking at an
> > ethereal trace of the messages between the Microsoft Exchange Instant
> > Messenger server that's been set up in my company and one of its clients,
> > and I saw the client doing a DNS SRV query and thought jabber needed
> > something like that. I had searched for something like that in the
> > gabber source code and in the jabberd directory in the jabber server
> > source code but didn't think to check other directories; I found it now
> > under dnsrv.
> > I don't unerstand how it helps for servers to use this though. Wouldn't
> > the clients have to do it? I don't see anywhere in the gabber source where
> > it attemps to do anything like this.
> > > The problem with this is getting the clients to connect to the correct
> > > server, if you just set them to connect to "jabber.sub.company.com" then
> > > they will send "jabber.sub.company.com" as the to attribute of the
> > > opening <stream:stream> tag which makes the server look for
> > > "jabber.sub.company.com" in the spool directory.
> > >
> > > The only solution I can see to this is for clients to support
> > > connecting to an address which is different from the server name. In
> > > the client I am developing I allow the user to specify the name of the
> > > server in the username field by entering it in the form:
> > > user at server.com.
> > I think I know what you mean. We experimented with changing the name that
> > the server calls itself to company.com while still saying the server was
> > jabber.sub.company.com when logging in, hoping that at least jabber ids
> > could then be thought of as id at company.com, but gabber couldn't handle it.
> > > Does anyone have any other ideas on how to do this?
> > >
> > > Thomas Parslow (PatRat) ICQ #:26359483
> > > Rat Software
> > > http://www.rat-software.com/
> > > Please leave quoted text in place when replying
> > - Dave Dykstra
More information about the JDev