Hi,
We are currently defining rules in our firewal to allow external connections to the instant messenging server (that you specified in the plugin documentation).
We found out that each server name is mapped to several ip addresses, and we were wondering how you connect to each instant messenging (i try to find out in the code, but it seems that you use each transport library to connect, and i don’'t have the source code).
I have some questions regarding the connection:
-if you can not connect to the first ip, do you try to connect to the other ip addresses?
-do you handle failover. Let’'s say that we are connected to the external server and teh connection to the host is lost: do you try to connect on other available ip addresses ?do we receive any failure notification ?
Thank you,
Melanie
Hi Melanie,
It’‘s not really a matter of failover as much as it’‘s the way the services work. =/ (I don’‘t know Yahoo all that well, and this doesn’'t apply to IRC) But with AIM/ICQ, first you connect to an OSCAR login server. That login server points you at a “BOS” server which handles the bulk of the session. There are other servers that may need to be connected to as well, such as buddy icon servers, chatroom servers, that sort of thing. Basically part of the protocol includes a message saying “hey you need to connect to this server now”. The only real consistent thing is the login server you connect to at first, and the port you connect to on all of the servers. I may be wrong here, but I think the login server hostname even points to multiple IP addresses. =/
MSN does something similar where you connect to a “nexus” server and it sends you off to a login server of it’‘s choosing. I’'m a little fuzzy on the details beyond that except that I see mention of a notification server and such.
Typically opening up the corresponding outgoing ports entirely will take care of the problem. (the normally stick with their own ports) Beyond that, there might be some docs out there on the net somewhere that offer suggestions on firewalling for AIM/ICQ, MSN, and Yahoo. Note that the Yahoo transport has the support to try multiple ports. Before it was trying 5050, 443, 80, and something else. I actually kind of killed that functionality in beta 5, but hey. =) (ie, I’'m forcing a single port)
If you do find such documentation to list out what should be opened in one’‘s firewall, would you mind posting it here and I’‘ll add it to the plugin’'s docs?
Hi Daniel,
Thanks for these information. I tried to look online for additional documentation about firewall setup, but i couldn’'t find anything more. Basically it says that we need to open the ports you listed in your plugin documentation.
Indeed, you’'re right, the login server hostname point to multiple IP addresses, this is true not only for AIM, but for yahoo, MSN and ICQ as well.
And as you said, once the user is successfully authenticated on the login server, the user should connect to another server which will handle the session (OSCAR based and MSN, don’‘t know about yahoo ). So basically it’'s easier to allow any communication on each port, rather than to add a rule for each ip address.
About the failover, I think my question was not clear. Once we are successfully registered and logged on the external instant messenging. What’'s happen if for any reason the connection with one external transport is lost? The Gateway plugin is notified when it lost any connection ? How the administrator can be informed? And when the connection is lost, does the gateway tries to reconnect again ?
Thanks,
Melanie
melane wrote:
About the failover, I think my question was not clear. Once we are successfully registered and logged on the external instant messenging. What’'s happen if for any reason the connection with one external transport is lost? The Gateway plugin is notified when it lost any connection ? How the administrator can be informed? And when the connection is lost, does the gateway tries to reconnect again ?
At the moment the plugin does not try to connect again. (Related issue: GATE-23) If a connection is lost, the end user should be notified. Administrators should be able to look in debug logs assuming I’‘ve done things right. If the user is not being notified about the connection being lost, then there’'s a bug in my code somewhere.
jadestorm wrote:
At the moment the plugin does not try to connect again. (Related issue: GATE-23) If a connection is lost, the end user should be notified. Administrators should be able to look in debug logs assuming I’‘ve done things right. If the user is not being notified about the connection being lost, then there’'s a bug in my code somewhere.
Today, our ISP had some problems so our connection was down for about 30 minutes. My friends told me that they were offline (they’‘re using standard ICQ clients and Miranda IM with ICQ), but my Gateway ICQ transport contact remained online, and the transport buddies were also in the state they were before the connection was lost (I think this is unexpected, if I understand your post correctly ). After I restarted Miranda, the transport contact and the transport buddies were all offline, and when the connection to the internet was reestablished in the afternoon, I had to unlog from the transport and log back on to appear online (sure, auto-reconnect does not work yet… but I expected I’'d only have to log on, or more precisely that when the gateway can not log me on to ICQ it logs me off the transport as well, perhaps with an error message).
Cheers,
Filip
Anything in the debug logs?
jadestorm wrote:
Anything in the debug logs?
Sorry, I didn’‘t have logging active (shame on me), I’'ll try next time…
fkonvick wrote:
jadestorm wrote:
Anything in the debug logs?
Sorry, I didn’‘t have logging active (shame on me), I’'ll try next time…
Nah, no shame, the problem with debug logging is that you don’‘t know you need it until it’'s too late.