10 Replies Latest reply: Sep 23, 2010 11:43 AM by Tim Harris
greyman Level 1 Level 1 (5 points)
Can someone point me to a documentation that points out was is needed for an iChat server that sits behind a NAT to be able to communicate with Google Talk users through my iChat server.

After looking through all the threads I can not see what I am missing. My internal DNS server shows that I have a working forward and reverse dns (checed using both nslookup and dig) for my hostname I am using both for the server and the chat service. I have added CNAME entries for pubsub.mymachine.mydomain.com. I have checked "Enable XMPP server-to-server federation", and selected "Allow federation with the following domains"

domain added is "talky.l.google.com"

Ports 5222, 5223, 5269 have both NAT and Firewall rules installed.

Any suggestions, pointers, etc are greatly appreciated.

macmini, Mac OS X (10.6.4)
  • greyman Level 1 Level 1 (5 points)
    Below are a sample of the logs that I am getting.


    Aug 17 10:27:57 mail jabberd/resolver[78850]: [xmpp-server.tcp.gmail.com] resolved to 74.125.47.125:5269 (300 seconds to live)
    Aug 17 10:27:57 mail jabberd/resolver[78850]: [xmpp-server.tcp.gmail.com] resolved to 74.125.155.125:5269 (1800 seconds to live)
    Aug 17 10:27:57 mail jabberd/resolver[78850]: [xmpp-server.tcp.gmail.com] resolved to 74.125.47.125:5269 (1800 seconds to live)
    Aug 17 10:27:57 mail jabberd/resolver[78850]: [xmpp-server.tcp.gmail.com] resolved to 74.125.45.125:5269 (1800 seconds to live)
    Aug 17 10:27:57: --- last message repeated 1 time ---
    Aug 17 10:27:57 mail jabberd/s2s[78856]: [7] [74.125.45.125, port=5269] outgoing connection
    Aug 17 10:27:57 mail jabberd/s2s[78856]: [7] [74.125.45.125, port=5269] sending dialback auth request for route 'mail.oneinsane.org/gmail.com'
    Aug 17 10:27:58 mail jabberd/s2s[78856]: [7] [74.125.45.125, port=5269] outgoing route 'mail.oneinsane.org/gmail.com' is now invalid
    Aug 17 10:27:58 mail jabberd/s2s[78856]: [7] [74.125.45.125, port=5269] closing connection
    Aug 17 10:27:58 mail jabberd/s2s[78856]: [7] [74.125.45.125, port=5269] disconnect, packets: 1
  • Tim Harris Level 4 Level 4 (1,460 points)
    Couple of things. Don't restrict which domaines you are wanting to federate with. Unless you are running a truly massive ichat community it's not needed.

    Also you DNS is does not look correct.

    This is what it see as your reverse:


    ;; QUESTION SECTION:
    ;120.107.49.99.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    120.107.49.99.in-addr.arpa. 7200 IN PTR 99-49-107-120.lightspeed.hstntx.sbcglobal.net.
  • greyman Level 1 Level 1 (5 points)
    Tim Harris wrote:
    Also you DNS is does not look correct.

    This is what it see as your reverse:


    ;; QUESTION SECTION:
    ;120.107.49.99.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    120.107.49.99.in-addr.arpa. 7200 IN PTR 99-49-107-120.lightspeed.hstntx.sbcglobal.net.


    That is the one thing that I can not control and I do there is now way my ISP will change the record. So does that mean that I will not be able to do this.

    I do not have any restrictions set on who the server federates with.

    TIA
  • Tim Harris Level 4 Level 4 (1,460 points)
    So I assume you are running 'split' DNS, e.g. from your server a *dig -x 99.49.107.120* returns your server name?
  • greyman Level 1 Level 1 (5 points)
    Yes.
  • greyman Level 1 Level 1 (5 points)
    Configuration has been updated and from what I can tell both my forward and reverse dns are correct. but I am still getting the below messages.

    Sep 22 15:03:15 mail jabberd/s2s[90485]: [7] [74.125.45.125, port=5269] outgoing connection
    Sep 22 15:03:16 mail jabberd/s2s[90485]: [7] [74.125.45.125, port=5269] sending dialback auth request for route 'mail.oneinsane.org/gmail.com'
    Sep 22 15:03:16 mail jabberd/s2s[90485]: [7] [74.125.45.125, port=5269] outgoing route 'mail.oneinsane.org/gmail.com' is now invalid
    Sep 22 15:03:16 mail jabberd/s2s[90485]: [7] [74.125.45.125, port=5269] closing connection
    Sep 22 15:03:16 mail jabberd/s2s[90485]: [7] [74.125.45.125, port=5269] disconnect, packets: 1

    What am I missing?

    TIA
    --
    Ron Rosson
    ron@oneinsane.org
  • Tim Harris Level 4 Level 4 (1,460 points)
    Ron,

    Assuming your email address is a valid ichat address I have added you as a buddy and the two servers are talking to each other. Did you get an incoming buddy request or any errors in the logs.

    The thing that has me confused is this 'now invalid' log entry. Whilst that can happen - it normally happens when the remote server is not sending back the correct details (dialback key) - BUT, there is nothing in the LOG that even acknowledges there is an incoming packet from the google server, so I don't understand what kicks this 'now invalid' message off. Is this a 'live' server, did it used to work and not does not. also, have you change the IP address since your initial post?

    Tim
  • greyman Level 1 Level 1 (5 points)
    I saw you server connect but did not see your buddy request. When you tried the buddy request it should be first name at hostname dot domain name (sorry for it being cryptic but want to avoid spammers)

    The IP address has moved from a not really static IP to a real static IP. If what you tested ends in .165 you have the correct IP.

    What would I use to make a request on your server as a buddy?

    P.S. next step if I can figure it out is to drop the host name for the user.

    TIA
    -Ron
    --
    Ron Rosson
    ron@oneinsane.org
  • Tim Harris Level 4 Level 4 (1,460 points)
    What would I use to make a request on your server as a buddy?


    tim@server.bumfodder.com
  • Tim Harris Level 4 Level 4 (1,460 points)
    So - after some offline discussion it seems that moving to fixed IP address with correct forward and reverse recored fixed it.