ejabberd - Comments for "[ejabberd 2.0] S2S : proxying on the same port"

random port problem

yougouff — Mon, 07 Apr 2008 09:01:47 +0000

Thanks for your help badlop.

After try, this doesn't work.
I get a better result with applying the two code lines ( "{outgoing_s2s_port, 5268}." and "{5268, ejabberd_s2s_in, [" ) of your solution on each servers.

When I scan ports, the opening connection come from a random port like
- FROM ejabberd A random port Y TO ejabberd B port 5268

then, ejabberd B respond
- FROM ejabberd B port 5268 TO ejabberd A random port Y

The firewall accepted the response because A opened the connection to B, and B responded on the same port.

But after a while, B would like to open a connection to A from random port X to 5268. This connection is blocked because opened by B (firewall doesn't allow that).
To test this, I add a contact situated on B server to the list of A client. B certainly need to open a connection.
I think my problem doesn't have solution in this configuration. Each connection opened by B will be blocked by the firewall.

Thanks again.
Yougouff

Try the undocumented option: outgoing_s2s_port

mfoss — Sat, 05 Apr 2008 17:53:56 +0000

yougouff wrote:

Otherwise, I read there is a patch for proxying with ejabberd 1.3 called s2s_proxy. I heard it will be develop for ejabberd 2.X. It's a good thing, helpful in my case.

But s2s_proxy uses s2s to communicate between proxy client and proxy server, so I guess you will suffer the same problem.

yougouff wrote:

My single solution with the firewall is to open a connection with a port X and respond on this port X like this:
- FROM ejabberd A port X TO ejabberd B port Y
- FROM ejabberd B port Y TO ejabberd A port X

Is it possible to configure S2S so ? (I don't think but who know ?)

You can try this, maybe it works.

In the first server:

%% If SRV lookup fails, then port 5268 is used to communicate with remote server
{outgoing_s2s_port, 5268}.

In the second server where incoming TCP connections to port 5269 are blocked:

{listen, [
  ...
  {5268, ejabberd_s2s_in, [
                           {shaper, s2s_shaper},
                           {max_stanza_size, 131072}
                          ]}
]}.

[ejabberd 2.0] S2S : proxying on the same port

yougouff — Wed, 02 Apr 2008 06:56:23 +0000

Hum... Yes, it looks like difficult.