'Re: Re[2]: [JDEV] Jabber server redirection'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jabber-jdev
Subject:    Re: Re[2]: [JDEV] Jabber server redirection
From:       dave () dave ! tj
Date:       2002-02-24 3:54:04
[Download RAW message or body]

Okay, I see what you're talking about.  Your situation is a lot more
complex than I thought.  SRV records and/or coordinated routers are
definitely your best bet.  I tend to like coordinated routers, because
everything is transparent to your users, but SRV records are better for
some rather fundamental reasons (most of which were already mentioned).

 - Dave


Dave Dykstra wrote:
> 
> Ah, but there are two different company.com servers, one just for the
> intranet and one for the internet.  I only care about the one on the inside
> and there's no need to have a firewall between it and the intranet.
> 
> Another problem with the forwarding idea is that I don't necessarily want
> to locate the jabber server on the same LAN as the web server, and it
> would result in all the jabber traffic making an extra trip across the WAN.
> Maybe that's not very significant bandwidth-wise but it hurts reliability;
> more points of failure.
> 
> - Dave Dykstra
> 
> On Thu, Feb 21, 2002 at 05:06:38PM -0500, dave@dave.tj wrote:
> > As a matter of basic security, they should have a firewall between the
> > web server and the 'net.  Any firewall can forward ports.
> > 
> >  - Dave
> > 
> > 
> > Dave Dykstra wrote:
> > > 
> > > On Thu, Feb 21, 2002 at 08:34:54AM -0500, Dave wrote:
> > > > I'm starting to feel like that Aflack duck that nobody listens to.
> > > > You can simply forward ports 5222 and 5269 from company.com to
> > > > jabber.sub.company.com and everything will work like a charm :-)
> > > 
> > > I'm sure that won't be acceptable in my case; the people who run the web
> > > server company.com won't want all that traffic going through their server.
> > > I am asking the network administrators if they might be able to redirect
> > > the traffic for specific ports before it gets the web server, and that's a
> > > possibility but I think that too may be too restrictive.
> > > 
> > > 
> > > On Wed, Feb 20, 2002 at 03:10:00PM +0000, Thomas Parslow (PatRat) wrote:
> > > > > I would like to be able to set up jabber in my company so that people can
> > > > > have a jabber ID of id@company.com, rather than id@jabber.sub.company.com
> > > > > when we run a server on jabber.sub.company.com.  Is there a way to do that,
> > > > > or a plan to be able to do that at some point?  It's conceivable that I'd
> > > > > be able to run a small redirection server on the machine called company.com,
> > > > > but it has to use very little resources because the primary purpose of that
> > > > > machine is web service.  In fact, I'm thinking I might want to set up
> > > > > the redirection server to lookup up IDs in a database and redirect people
> > > > > to different servers for load balancing.  Any suggestions?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > - Dave Dykstra
> > > > 
> > > > Hi,
> > > > 
> > > > How about using SRV record for the domain? The Jabber server should
> > > > recognize the SRV record (it's supported it since 1.2 afaik) and
> > > > connect to wherever it points to for S2S. You'd need to add something
> > > > like this to the DNS zone for company.com:
> > > > 
> > > > _jabber._tcp    IN SRV  30 30 5269 jabber.sub.company.com
> > > 
> > > 
> > > That sounds very promising.   Yesterday I happened to be looking at an
> > > ethereal trace of the messages between the Microsoft Exchange Instant
> > > Messenger server that's been set up in my company and one of its clients,
> > > and I saw the client doing a DNS SRV query and thought jabber needed
> > > something like that.  I had searched for something like that in the
> > > gabber source code and in the jabberd directory in the jabber server
> > > source code but didn't think to check other directories; I found it now
> > > under dnsrv.
> > > 
> > > I don't unerstand how it helps for servers to use this though.  Wouldn't
> > > the clients have to do it?  I don't see anywhere in the gabber source where
> > > it attemps to do anything like this.
> > > 
> > > 
> > > > The problem with this is getting the clients to connect to the correct
> > > > server, if you just set them to connect to "jabber.sub.company.com" then
> > > > they will send "jabber.sub.company.com" as the to attribute of the
> > > > opening <stream:stream> tag which makes the server look for
> > > > "jabber.sub.company.com" in the spool directory.
> > > > 
> > > > The only solution I can see to this is for clients to support
> > > > connecting to an address which is different from the server name. In
> > > > the client I am developing I allow the user to specify the name of the
> > > > server in the username field by entering it in the form:
> > > > user@server.com.
> > > 
> > > I think I know what you mean.  We experimented with changing the name that
> > > the server calls itself to company.com while still saying the server was
> > > jabber.sub.company.com when logging in, hoping that at least jabber ids
> > > could then be thought of as id@company.com, but gabber couldn't handle it.
> > > 
> > > 
> > > > Does anyone have any other ideas on how to do this?
> > > > 
> > > > Thomas Parslow (PatRat) ICQ #:26359483
> > > > Rat Software
> > > > http://www.rat-software.com/
> > > > Please leave quoted text in place when replying
> > > 
> > > 
> > > - Dave Dykstra
> _______________________________________________
> jdev mailing list
> jdev@jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 

_______________________________________________
jdev mailing list
jdev@jabber.org
http://mailman.jabber.org/listinfo/jdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic