Configuring server to server (s2s) connections
s2s (server to server) connections in Jabberd (on OpenBSD)
Configuring server to server communication in jabber.org's jabberd 1.4.2 may be a difficult task - in the server administrator's guide there's little or no information about vital matters. Here are my findings collected when configuring jabberd on OpenBSD 3.2:
IP ports needed
You need to open the following ports:
- UDP 5222 (this is assigned by IANA to jabber-client protocol)
- TCP 5222 (this is assigned by IANA to jabber-client protocol)
- UDP 5269 (this is assigned by IANA to jabber-server protocol for server to server connections)
- TCP 5269 (this is assigned by IANA to jabber-server protocol for server to server connections)
- TCP 5223 (user for SSL connections)
- UDP 5223 (just in case, probably not needed)
- UDP 7000 (sample config for s2s in jabber.xml uses this port for whatever reason)
pass in quick on $int_if proto udp from any to any port = 5222 keep state
pass in quick on $int_if proto tcp from any to any port = 5222 flags S/SA keep state
pass in quick on $int_if proto udp from any to any port = 5269 keep state
pass in quick on $int_if proto tcp from any to any port = 5269 flags S/SA keep state
pass in quick on $int_if proto udp from any to any port = 5223 keep state
pass in quick on $int_if proto tcp from any to any port = 5223 flags S/SA keep state
pass in quick on $int_if proto udp from any to any port = 7000 keep state
SRV records in DNS, proper PTH library
You also need to compile jabberd with GNU PTH 1.4.0 library (not 1.4.1), it is supplied in jabberd-1.4.2 package and used if there's no pth present on your system.
Then you need to create SRV records for the Jabber services. I use Dan J. Bernstein's DJBDNS tinydns server, so the task was a little more compicated for me.
I've used the Rob Mayoff's tinydns Record Maker to generate proper SRV record definitions in DJBDNS format.
For my jabber server at office.altkom.com.pl, I've used the following params for the SRV record maker:
| Service | _jabber-server._tcp.office.altkom.com.pl |
| Priority | 10 |
| Weight | 0 |
| Port | 5269 |
| Target | office.altkom.com.pl |
| Service | _jabber._tcp.office.altkom.com.pl |
| Priority | 10 |
| Weight | 0 |
| Port | 5269 |
| Target | office.altkom.com.pl |
| Service | _jabber-client._tcp.office.altkom.com.pl |
| Priority | 10 |
| Weight | 0 |
| Port | 5222 |
| Target | office.altkom.com.pl |
This resulted in the following records in tinydns data format:
:_jabber._tcp.office.altkom.com.pl:33:\000\012\000\000\024\225\006office\006altkom\003com\002pl\000
:_jabber-server._tcp.office.altkom.com.pl:33:\000\012\000\000\024\225\006office\006altkom\003com\002pl\000
:_jabber-client._tcp.office.altkom.com.pl:33:\000\012\000\000\024\146\006office\006altkom\003com\002pl\000
I've placed them in my tinydns server's data file, compiled it and from now on server to server connections worked fine.
To test those SRV records I've used the 'dig' utility:
$ dig @192.168.254.205 _jabber-client._tcp.office.altkom.com.pl srv +noall +answer
; <<>> DiG 9.2.1 <<>> @192.168.254.205 _jabber-client._tcp.office.altkom.com.pl srv +noall +answer
;; global options: printcmd
_jabber-client._tcp.office.altkom.com.pl. 86400 IN SRV 10 0 5222 office.altkom.com.pl.
$ dig _jabber-client._tcp.office.altkom.com.pl srv +noall +answer
; <<>> DiG 9.2.1 <<>> _jabber-client._tcp.office.altkom.com.pl srv +noall +answer
;; global options: printcmd
_jabber-client._tcp.office.altkom.com.pl. 86400 IN SRV 10 0 5222 office.altkom.com.pl.
- Login or register to post comments
- Printer-friendly version