Re: [Server-devel] Jabber presence under NAT named under DMZ issues
Thanks to Jerry's and Martin's notes, I got the XSXO working correctly in my router's DMZ with my external IP and FQDN. I also hotswapped the XS, so to speak. XSXO1 = the install where named broke XSXO2 = my second install XSXO2: After first boot, I edited /var/named-xs/school.external.zone.db for my external IP. Then ran domain_config and named started up without error. That was it. Rebooted. On XSXO1, I backed up the ejabberd db: ejabberdctl backup /tmp/jabber.bak Copied it over to /tmp on XSXO2 and restored it: chown ejabberd:ejabberd /tmp/jabber.bak ejabberdctl restore /tmp/jabber.bak XSXO1 had live Jabber chat users (and has had for the past few days). I gave folks warning, then physically unplugged the USB ethernet adapter from XSXO1 and hooked it up to XSXO2. It came up as eth0 and then everyone automagically came back online! My router sees the USB ethernet adapter's MAC as the DMZ device, so I figured it would do that. I know the XO-1 is a tiny, tiny server but my Jabber user group typically has no more than a dozen users online at any given time. I was just hoping XS on the XO-1 would prove to be a viable backup solution to my big old Dell XS in the event of system maintenance or a power outage. As far as the Jabber presence resetting itself every hour when the XS is behind NAT, I suspect it might be my router. The ejabberd logs only indicated that users disconnected and then reconnected. Robert Howard, one of my Jabber users in San Francisco, is sending me one of his spare DSL modem/router units to try out. Also, given my previous unsuccessful attempts at XS 0.6 on my big old Dell (currently running XS 0.5.2), I'm glad to finally know how to get networking up without breaking named. And now I have a backup XS to keep everyone happy while I update from XS 0.5.2 to 0.6. (My users are borderline obsessive.) The XS's I've set up at schools currently don't have this issue with XS 0.6 as they're not public facing, but their DSL connections do have external static IPs. Another one of the reasons why I wanted to test this out. Anna Schoolfield Birmingham ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Jabber presence under NAT named under DMZ issues
On Fri, Nov 5, 2010 at 10:19 PM, Anna ascho...@gmail.com wrote: After a couple of recent power outages and some disappointed users, I tried out the XS on an XO again, which I'll call XSXO from now on. An XO-1 is a tiny, tiny server. Bear in mind I would not expect it to handle much more than 20~30 users. Additionally, the USB-Ethernet dongles cause a ton of IRQ noise, so if there is a bit of traffic, the CPU gets swamped with handling network activity. One of the nice things of modern network cards (PCI, etc) is that they have gotten really good avoiding raising IRQs, doing DMA, etc. You cannot do any of that with a USB-Ethernet. Initially, I set this up for /etc/sysconfig/network-scripts/ifcfg-eth0-local I assume you ran xs-swapnics at some point? All was going well, except that the ejabberd presence service kept resetting at the top of the hour, every hour. But then named never comes back up: ... school.internal.zone.db:4: schoolserver...@\@basednsna...@\@: bad owner name that means that the domainconfig didn't work. Any logs from ejabberd itself? m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Jabber presence under NAT named under DMZ issues
On Fri, 2010-11-05 at 21:19 -0500, Anna wrote: Eventually, after many hours of troubleshooting, I put the XSXO into the DMZ in my router and the presence service quit resetting us every hour. Of course, I deleted /etc/sysconfig/network-scripts/ifcfg-eth0-local once I set XSXO in the DMZ. I edited /etc/hosts for: 67.195.160.76schoolserver.random.net random.net Don't think you want to have the router's external address in the XSXO's hosts file. I'd stick with localhost here. I put the OpenDNS IPs in named-xs.conf.in and then make -f xs-config.make named-xs.conf Think that is prior to 0.6.0 try domain_config I actually use OpenDNS DNS IPs in my router instead of my ISP's DNS IPs. Should be no problem with that. Here's /var/named-xs/school.external.zone.db @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. schoolserverINA67.195.160.76 schoolINCNAMEschoolserver wwwINCNAMEschoolserver ntpINCNAME schoolserver timeINCNAMEschoolserver presenceINCNAMEschoolserver xsINCNAMEschoolserver libraryINCNAMEschoolserver conference.schoolserverINCNAMEschoolserver But then named never comes back up: Starting named: Error in named configuration: zone localdomain/IN: loaded serial 42 zone localhost/IN: loaded serial 42 zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700 zone 255.in-addr.arpa/IN: loaded serial 42 zone 0.in-addr.arpa/IN: loaded serial 42 dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name (check-names) school.internal.zone.db:2: no TTL specified; zone rejected school.internal.zone.db:4: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:4: no TTL specified; zone rejected school.internal.zone.db:5: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:5: no TTL specified; zone rejected school.internal.zone.db:6: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:6: no TTL specified; zone rejected school.internal.zone.db:7: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:7: no TTL specified; zone rejected school.internal.zone.db:8: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:8: no TTL specified; zone rejected school.internal.zone.db:9: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:9: no TTL specified; zone rejected school.internal.zone.db:10: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:10: no TTL specified; zone rejected school.internal.zone.db:11: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:11: no TTL specified; zone rejected school.internal.zone.db:13: schoolserve...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:13: no TTL specified; zone rejected school.internal.zone.db:14: schoo...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:14: no TTL specified; zone rejected school.internal.zone.db:15: ww...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:15: no TTL specified; zone rejected school.internal.zone.db:16: nt...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:16: no TTL specified; zone rejected school.internal.zone.db:17: tim...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:17: no TTL specified; zone rejected school.internal.zone.db:18: presenc...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:18: no TTL specified; zone rejected school.internal.zone.db:19: x...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:19: no TTL specified; zone rejected school.internal.zone.db:20: librar...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:20: no TTL specified; zone rejected school.internal.zone.db:22: conference.schoolserve...@\@BASEDNSNAME\@ \@: bad owner name (check-names) school.internal.zone.db:22: no TTL specified; zone rejected school.internal.zone.db:29: no TTL specified; zone rejected school.internal.zone.db:32: no TTL specified; zone rejected zone \...@\@basednsna...@\@/IN: loading from master file school.internal.zone.db failed: bad name (check-names) localhost_resolver/@@BASEDNSNAME@@/in: bad name (check-names) dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name (check-names) school.internal.zone.db:2: no TTL specified; zone rejected school.internal.zone.db:4: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:4: no TTL specified; zone rejected
[Server-devel] Jabber presence under NAT named under DMZ issues
As a lot of folks know, I've been running an XS out of my house since early 2008. I have a static IP from my ISP and a FQDN associated to that IP. Let's call it random.net and let's say my public static IP is 67.195.160.76 (those are obviously fake). Of course, that's not my real domain or real IP, but I'd rather keep that out of a public email list. If you're curious, contact me personally for the real IP and domain if you want to ping, connect to the Jabber server, or even ssh in. My users are all over the North American continent: NY and NJ, Virginia, Florida, California, and Canada. Folks are on XOs (Sugar and Gnome), various Linux distros (Ubuntu, Debian, Fedora) on various hardware platforms (Desktops, notebooks, and netbooks), Android tablets, Macs, and at least one Nokia 600. Clients include Sugar Chat, Pidgin, Gajim, Finch, Adium, and goodness knows what else. We're a diverse group! I'm mentioning this due to the top of the hour presence issue on XS 0.6 impacting all my users. Everyone can connect just fine with schoolserver.random.net port 5223 but at the top of the hour, every hour, the presence service resets if the XS is not in the DMZ. After a couple of recent power outages and some disappointed users, I tried out the XS on an XO again, which I'll call XSXO from now on. My regular XS running XS 0.5.2 (a big old Dell) has a UPS, but that only lasts about 1/2 an hour until the battery runs down. To keep the LAN up during a blackout, I hook up an AC inverter to an old car battery, which keeps the DSL modem/router up for many, many hours. That would also keep an XSXO up for many, many hours during a power outage. With a shiny new USB ethernet adapter from the OLPC-SF summit, it seemed a fine time to get this going. Besides, I'd like to redo that big old Dell: backing up stuff, vacuuming out the cat hair, and installing XS 0.6. Per the instructions on the wiki, I put OLPC-School-Server-0.6-i386.img on an 8 GB class 6 SD card and it booted up just fine. I ran yum update, rebooted, then did: /etc/sysconfig/olpc-scripts/domain_config random.net Initially, I set this up for /etc/sysconfig/network-scripts/ifcfg-eth0-local IPADDR=192.168.1.200 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 GATEWAY=192.168.1.254 Then I edited /etc/httpd/conf/httpd-xs.conf for Listen 80 Rebooted again. In my router, I opened up ports 5222, 5223, and 80 to 192.168.1.200 and my users got on Jabber at schoolserver.random.net. Apache resolved at random.net just fine. All was going well, except that the ejabberd presence service kept resetting at the top of the hour, every hour. I tried opening ports 22, 443, 8080. I tried shutting down the following services, one at a time, waiting to see what would happen at the top of the hour: dhcpd moodle pgsql-xs xsactivation idmgr xs-rysncd Eventually, after many hours of troubleshooting, I put the XSXO into the DMZ in my router and the presence service quit resetting us every hour. Of course, I deleted /etc/sysconfig/network-scripts/ifcfg-eth0-local once I set XSXO in the DMZ. I edited /etc/hosts for: 67.195.160.76schoolserver.random.net random.net I put the OpenDNS IPs in named-xs.conf.in and then make -f xs-config.make named-xs.conf I actually use OpenDNS DNS IPs in my router instead of my ISP's DNS IPs. Here's /var/named-xs/school.external.zone.db @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. schoolserverINA67.195.160.76 schoolINCNAMEschoolserver wwwINCNAMEschoolserver ntpINCNAME schoolserver timeINCNAMEschoolserver presenceINCNAMEschoolserver xsINCNAMEschoolserver libraryINCNAMEschoolserver conference.schoolserverINCNAMEschoolserver But then named never comes back up: Starting named: Error in named configuration: zone localdomain/IN: loaded serial 42 zone localhost/IN: loaded serial 42 zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700 zone 255.in-addr.arpa/IN: loaded serial 42 zone 0.in-addr.arpa/IN: loaded serial 42 dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name (check-names) school.internal.zone.db:2: no TTL specified; zone rejected school.internal.zone.db:4: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:4: no TTL specified; zone rejected school.internal.zone.db:5: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:5: no TTL specified; zone rejected school.internal.zone.db:6: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:6: no TTL specified; zone rejected school.internal.zone.db:7: schoolserver...@\@basednsna...@\@: bad owner name (check-names) school.internal.zone.db:7: no TTL specified; zone rejected school.internal.zone.db:8: