messages server proxy65 behind NAT?

Works for me in 10.9.5 Server 3.2.2 : I've posted an update and link to this solution in the newer OS X Server forum as well: OS X Server Messages Server Jabber Proxy65 File Transfer Solution

Update for 10.10.3 / Server App 4.1 : the plist file may be located in a different location, e.g

/Library/Server/Messages/Config/com.apple.Proxy65.plist

But otherwise the technique seems the same

thanks.

could you precise which strings you changed ?

thank you

I just tried this in 10.10.5 with Server.App 4.1.5.

In this file:

/Library/Server/Messages/Config/com.apple.Proxy65.plist

Change this line (which is line # 8)

<string>XX.XX.XX.XX:7777</string>

Where XX.XX.XX.XX is your IP address.

To this:

<string>example.com:7777</string>

Replacing example.com with the actual DNS name of your server.

In this file:

/Applications/Server.app/Contents/ServerRoot/usr/share/proxy65/proxy65.py

Change this line (which is line # 285 )

socket.inet_pton(socket.AF_INET, ip)

To this:

# socket.inet_pton(socket.AF_INET, ip)

Note: be careful when editing this file, as it's Python (.py) and whitespace such as spaces and tabs are important. Best to use a good programmer's text editor such as BBEdit.

Then restart your Messages service and it should work better.

To see if you have solved the issue, go to Server.App / Logs / Proxy Log and make sure you are no longer seeing the error which looks like this:

twisted.internet.error.CannotListenError: Couldn't listen on XX.XX.XX.XX:7777: [Errno 49] Can't assign requested address.

Note: after a server.app upgrade this may fail, with lots of connect/disconnect errors.

If so, do this:

• In Server.app, shut down Messages
• Delete the file /Library/Server/Messages/Config/com.apple.Proxy65.plist
• Start Messages (this will recreate the file)
• Stop Messages
• Edit the file /Library/Server/Messages/Config/com.apple.Proxy65.plist as shown above. (The problem seems to be an invalid secret in the file)
• Start Messages

As a further update, after upgrading to server 5.0 it stopped working again. After more investigation I figured out the problem. For this technique to work you need proper DNS setup as well. What you need is for your public (WAN) DNS name to evaluate to the Private (LAN) IP address, but only for OS X server.

To do this:

1. Go to Server / MyServerName / Overview / Host Name / Edit Host name, follow the prompts to set up "Accessing your server" as "Internet"
2. Follow all the prompts. At the end, when it asks you to set up DNS, say yes.

Then, go to Server/ Advanced/DNS:

1. Lookups: make sure that Perform Lookups for Only Some Clients is set and that "This Server" is checked.
2. Host Names: make sure you have an entry for your DNS name with your Private (LAN) IP address.

You may need to reboot the server at this point.

To test that it's working: in the Terminal enter

dig myservername.com

and verify that you get the LAN address (not the WAN address).

My understanding of why this technique works:

1. The Proxy65.py (Socks5 proxy) advertises to the world (e.g. other Messages clients) the name of the proxy running on port 7777 the public DNS name.
2. The Proxy65.py internally then looks up this DNS name, and (if DNS is set properly as above) gets the private LAN IP address. This allows it to bind to your server's network stack on port 7777.
3. Without the modifications to Proxy65.py and Proxy65.plist and DNS, the reason it doesn't work: Either you are giving it the public IP address (in which case Proxy65.py fails to bind, since it can't bind to the firewall WAN address) or you give it the private IP address (in which case it can bind) but then it advertises to clients the private LAN address, which won't work for anyone outside the firewall/router on the WAN side.

There's probably a more elegant fix that could be made inside Proxy65.py but I haven't figured it out.