Okay, I see what you're talking about. Your situation is a lot more complex than I thought. SRV records and/or coordinated routers are definitely your best bet. I tend to like coordinated routers, because everything is transparent to your users, but SRV records are better for some rather fundamental reasons (most of which were already mentioned).
- Dave Dave Dykstra wrote: > > Ah, but there are two different company.com servers, one just for the > intranet and one for the internet. I only care about the one on the inside > and there's no need to have a firewall between it and the intranet. > > Another problem with the forwarding idea is that I don't necessarily want > to locate the jabber server on the same LAN as the web server, and it > would result in all the jabber traffic making an extra trip across the WAN. > Maybe that's not very significant bandwidth-wise but it hurts reliability; > more points of failure. > > - Dave Dykstra > > On Thu, Feb 21, 2002 at 05:06:38PM -0500, [EMAIL PROTECTED] wrote: > > As a matter of basic security, they should have a firewall between the > > web server and the 'net. Any firewall can forward ports. > > > > - Dave > > > > > > Dave Dykstra wrote: > > > > > > On Thu, Feb 21, 2002 at 08:34:54AM -0500, Dave wrote: > > > > I'm starting to feel like that Aflack duck that nobody listens to. > > > > You can simply forward ports 5222 and 5269 from company.com to > > > > jabber.sub.company.com and everything will work like a charm :-) > > > > > > I'm sure that won't be acceptable in my case; the people who run the web > > > server company.com won't want all that traffic going through their server. > > > I am asking the network administrators if they might be able to redirect > > > the traffic for specific ports before it gets the web server, and that's a > > > possibility but I think that too may be too restrictive. > > > > > > > > > On Wed, Feb 20, 2002 at 03:10:00PM +0000, Thomas Parslow (PatRat) wrote: > > > > > I would like to be able to set up jabber in my company so that people can > > > > > have a jabber ID of [EMAIL PROTECTED], rather than [EMAIL PROTECTED] > > > > > when we run a server on jabber.sub.company.com. Is there a way to do that, > > > > > or a plan to be able to do that at some point? It's conceivable that I'd > > > > > be able to run a small redirection server on the machine called company.com, > > > > > but it has to use very little resources because the primary purpose of that > > > > > machine is web service. In fact, I'm thinking I might want to set up > > > > > the redirection server to lookup up IDs in a database and redirect people > > > > > to different servers for load balancing. Any suggestions? > > > > > > > > > > Thanks, > > > > > > > > > > - Dave Dykstra > > > > > > > > Hi, > > > > > > > > How about using SRV record for the domain? The Jabber server should > > > > recognize the SRV record (it's supported it since 1.2 afaik) and > > > > connect to wherever it points to for S2S. You'd need to add something > > > > like this to the DNS zone for company.com: > > > > > > > > _jabber._tcp IN SRV 30 30 5269 jabber.sub.company.com > > > > > > > > > That sounds very promising. Yesterday I happened to be looking at an > > > ethereal trace of the messages between the Microsoft Exchange Instant > > > Messenger server that's been set up in my company and one of its clients, > > > and I saw the client doing a DNS SRV query and thought jabber needed > > > something like that. I had searched for something like that in the > > > gabber source code and in the jabberd directory in the jabber server > > > source code but didn't think to check other directories; I found it now > > > under dnsrv. > > > > > > I don't unerstand how it helps for servers to use this though. Wouldn't > > > the clients have to do it? I don't see anywhere in the gabber source where > > > it attemps to do anything like this. > > > > > > > > > > The problem with this is getting the clients to connect to the correct > > > > server, if you just set them to connect to "jabber.sub.company.com" then > > > > they will send "jabber.sub.company.com" as the to attribute of the > > > > opening <stream:stream> tag which makes the server look for > > > > "jabber.sub.company.com" in the spool directory. > > > > > > > > The only solution I can see to this is for clients to support > > > > connecting to an address which is different from the server name. In > > > > the client I am developing I allow the user to specify the name of the > > > > server in the username field by entering it in the form: > > > > [EMAIL PROTECTED] > > > > > > I think I know what you mean. We experimented with changing the name that > > > the server calls itself to company.com while still saying the server was > > > jabber.sub.company.com when logging in, hoping that at least jabber ids > > > could then be thought of as [EMAIL PROTECTED], but gabber couldn't handle it. > > > > > > > > > > Does anyone have any other ideas on how to do this? > > > > > > > > Thomas Parslow (PatRat) ICQ #:26359483 > > > > Rat Software > > > > http://www.rat-software.com/ > > > > Please leave quoted text in place when replying > > > > > > > > > - Dave Dykstra > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
