Home

[ejabberd 2.0] S2S : proxying on the same port

Submitted by yougouff on Tue, 2008-03-25 16:26

Hi there,

I have two ejabberd 2.0 running on two servers. Each works independently well. When I want to use S2S, it works just in one way (due to the company firewall that I can't modify).

S2S actually works like this :
- FROM ejabberd A port X TO ejabberd B port 5269.......OK
- FROM ejabberd B port Y TO ejabberd A port 5269.......blocked by firewall

My single solution with the firewall is to open a connection with a port X and respond on this port X like this:
- FROM ejabberd A port X TO ejabberd B port Y
- FROM ejabberd B port Y TO ejabberd A port X

Is it possible to configure S2S so ? (I don't think but who know ?)

Otherwise, I read there is a patch for proxying with ejabberd 1.3 called s2s_proxy. I heard it will be develop for ejabberd 2.X. It's a good thing, helpful in my case.

Thanks for your responses, and thanks for ejabberd community work.
Regards.
Yougouff

[ejabberd 2.0] S2S : proxying on the same port

Submitted by yougouff on Wed, 2008-04-02 06:56.

Hum... Yes, it looks like difficult.

»

Try the undocumented option: outgoing_s2s_port

Submitted by mfoss on Sat, 2008-04-05 17:53.
yougouff wrote:

Otherwise, I read there is a patch for proxying with ejabberd 1.3 called s2s_proxy. I heard it will be develop for ejabberd 2.X. It's a good thing, helpful in my case.

But s2s_proxy uses s2s to communicate between proxy client and proxy server, so I guess you will suffer the same problem.

yougouff wrote:

My single solution with the firewall is to open a connection with a port X and respond on this port X like this:
- FROM ejabberd A port X TO ejabberd B port Y
- FROM ejabberd B port Y TO ejabberd A port X

Is it possible to configure S2S so ? (I don't think but who know ?)

You can try this, maybe it works.

In the first server:

%% If SRV lookup fails, then port 5268 is used to communicate with remote server
{outgoing_s2s_port, 5268}.

In the second server where incoming TCP connections to port 5269 are blocked:

{listen, [
  ...
  {5268, ejabberd_s2s_in, [
                           {shaper, s2s_shaper},
                           {max_stanza_size, 131072}
                          ]}
]}.
»

random port problem

Submitted by yougouff on Mon, 2008-04-07 09:01.

Thanks for your help badlop.

After try, this doesn't work.
I get a better result with applying the two code lines ( "{outgoing_s2s_port, 5268}." and "{5268, ejabberd_s2s_in, [" ) of your solution on each servers.

When I scan ports, the opening connection come from a random port like
- FROM ejabberd A random port Y TO ejabberd B port 5268

then, ejabberd B respond
- FROM ejabberd B port 5268 TO ejabberd A random port Y

The firewall accepted the response because A opened the connection to B, and B responded on the same port.

But after a while, B would like to open a connection to A from random port X to 5268. This connection is blocked because opened by B (firewall doesn't allow that).
To test this, I add a contact situated on B server to the list of A client. B certainly need to open a connection.
I think my problem doesn't have solution in this configuration. Each connection opened by B will be blocked by the firewall.

Thanks again.
Yougouff

»
Syndicate content

User login