ejabberd - Comments for "mod_proxy65 shortcoming"

Comments recovered

mfoss — Sat, 11 Dec 2010 00:29:04 +0000

The spam detector marked two of your comments. I've recovered them now.

Right, then not ...

viðarr — Fri, 10 Dec 2010 22:52:10 +0000

I wrote two contructive posts in an attempt to help you, the first more than 20 hours ago and both of them probably ended up in some mechanism that is supposed to thwart unsolicited commenters, just because I made the mistake of editing them after posting. Oh well, sorry but this way I'll simply refrain from posting anything further here. Besides, the website keeps warning me of the use of the strtotime PHP function ...

Just to let you know.

viðarr — Fri, 10 Dec 2010 05:34:20 +0000

An upgrade of ejabberd indeed solved the problem. I had to replace the host with another distro that has more recent packages, but on the other hand this is the only service that will run on this box.

NB: there was another post that has to be approved by the admins, apparently. Let's hope they'll do so ... it contained some details concerning your particular questions (besides the hostname issue).

what ejabberd version are you using?

viðarr — Fri, 10 Dec 2010 00:12:31 +0000

roughnecks wrote:

But i cannot bind to a public ip, 'cause i'm behind a natting router: is there any trick that could let me use the proxy ?

DSL router or Linux router? Basically with iptables/netfilter you could use DNAT to forward it from the routers external interface to the internal host (and even change the port number, if needed). Relevant ports are 5222, 5223, 5269, 7777 and if you dare exposing the web interface: 5280. In addition to that you'll have to allow it to forward to the internal host. Last but not least your kernel needs to know that you want to allow IPv4 forwarding (use sysctl).

For the ports to which the clients connect, it would look like this

sudo iptables -t nat -I PREROUTING -i extif -p tcp --dport 5222:5223 -j DNAT --to-destination 192.168.x.y
sudo iptables -I FORWARD -p tcp -d 192.168.x.y --dport 5222:5223 -j ACCEPT

192.168.x.y is the internal hosts IP.
extif is the external interface of the router.

roughnecks wrote:

I tried bindind (in proxy_mod conf) to 0,0,0,0 and to private address (192.168.x.x) with no luck

Try setting "hostname" (not "host", which is the logical node name within XMPP) to the external(!) IP of your router. I think in my case the version is too old (it's the one shipping with Debian), so I'm going to attempt an upgrade to 2.1.5.

NB: the docs say you should avoid using the host name in the "hostname" field and use the IP preferably.

Same problem here

viðarr — Thu, 09 Dec 2010 23:49:49 +0000

Check out the docs: http://www.process-one.net/en/ejabberd/guide_en#modproxy

"{hostname, HostName}
Defines a hostname advertised by the service when establishing a session with clients. This is useful when you run the service behind a NAT. The default is the value of ip option. Examples: "proxy.mydomain.org", "200.150.100.50". Note that not all clients understand domain names in stream negotiation, so you should think twice before setting domain name in this option."

This suggests that it is the solution to our problem, but it does not work on my side.

Version string is: "2.0.0" ... now I don't know whether *that's* the problem. It's fairly old, I think.

same problem here

roughnecks — Sun, 18 Apr 2010 19:35:52 +0000

I'm behind a dyndns with wildcards option set...so my proxy.domain.dyndns.org should be ok resolving to my ip.

But i cannot bind to a public ip, 'cause i'm behind a natting router: is there any trick that could let me use the proxy ?

P.S.
I tried bindind (in proxy_mod conf) to 0,0,0,0 and to private address (192.168.x.x) with no luck

Thank You