powered by Jive Software

Can kraken be gateway of another kraken?

Hi all, i have openfire in server1 with kraken im gateway installed, this server is public and is working OK, now, i have server2 in my lan, no internet access, and i want to use the transport of the server1 as transports of server2, each server is Openfire 3.7.1 and Kraken version is 1.1.3beta3, If i use Psi to try to register with a transport of server1, i got that access denied beacuse my account doesn’t belong to server1, something like, and, if i configure server2, to use server1 as yahoo gateway for example, when i click the test button i get success, but, when try to register the transport, it ask for my yahoo credentials, but the auth last forever

exist a workarround for this, or it can’t be done???

thanks

I’ve never installed the plugin you’re talking about, but unless Kraken has some special proxy ability built into it, I don’t see how this could work the way you want it to. The way I understand what you said, server 1 has no problems, and it has an internal and as well it has a public, external internet IP. Presumably there’s some kind of firewall that prevents NAT’d addresses from leaving the network (at least on whatever port #2 was trying to go out on in order to begin conversing with yahoo…), otherwise I #2 should work fine – unless this Kraken “IM gateway” software is expected to be available to a direct internet query from the Yahoo server if your server 2 is trying to connect with it as an equal (server, and not just a client)…

Are you running Linux and IP Tables? Does Kraken actually have a setting where one would be able to put in a proxy (such as socks5, etc) or did you literally configure your server #2 to use server #1 as its gateway (for all network needs)? If server #1 is indeed your gateway, and server #2 does need to be accessibly via the internet in order to talk to the yahoo server correctly, then you’ve got a couple problems. Somehow, you need to figure out what port Yahoo is trying to contact your server #2 on, (evidence would normally be in /var/log/messages or /var/log/syslog on server #1, if your ip tables settings are configured to log dropped and/or denied incoming packets). Then, once you open and nat that port to server #2, you need to also turn ip forwarding on in the kernel/network settings of server #1, and then allow the forward to take place in ip tables as well.

Just a little FYI, PREROUTING rules go in the “*nat” table, and -A FORWARD rules usually go in the regular “*filter” section, IIRC. Where your settings are for allowing IP forwarding in the OS is a toss up – it’s different in most every distro that I’ve come accross.

Yes, i have Linux and IP Tables, but everything is set OK, all needed ports open, etc, well, i think so, but, users from server1 can talk with server2, this work in both way, and yes, i configured server2 to use server1 as its gateway, but just for yahoo transport so i don’t think it needs to be accessible from the outside but server1.

when configuring the gateway in the openfire, i use the Test option and it gives me the green “Success”, i’ve tried this with port 5269 and 5222, but when tried to register the transport in my client, i got an endless authenticating, the only thing i’ve seen, is the logs files, i’m goint to right now and let you know

thanks for replying my answer