powered by Jive Software

Distributed Openfire servers each behind NAT/Firewall

Hi

just starting out on my XMPP/Openfire research, to see if Openfire/XMPP can be used as the solution for my problem.

I want to have the following scenario:

  • multiple, geographically distributed computer clubs

  • hosted in premises over which, frequently, you have no network control (i.e. cannot control routers or firewalls)

  • they do have (restricted) access to the internet, generally.

I would like to host an Openfire server in the open internet.

I would also like to run a node in each computer club (possibly also Openfire)

I would like it if:

  1. clients in the club LAN can chat to each other, presence detection etc, on the LAN itself

  2. clients in each club LAN can discover the other node(s) in other locations which are online or were online

  3. clients in each club LAN can discover the clients connected to those other nodes(s), if those other clients have allowed themselves to be discoverable

Obviously (1) is trivially possible with a local Openfire server.

I know that there is a good change that BOSH and a bit of Apache magic should allow XMPP clients even in a restricted LAN to talk to my internet Openfire server, so they could all be clients of a central server.

But that is not exactly what I want: I want them to be clients of a local server, and that local server to be part of a distributed network of servers, and those servers be able to talk to each other: but without being able to control port forwarding and NAT on the local networks.

After a bit of research, it is not clear to me if I can have multiple Openfire servers, each behind a NAT/firewall which for the sake of argument let’s assume only allows ports 80 and 443, communicate with each other.

Possible?

In theory it can be possible, though i’m not sure about 80/443 ports. You can test this by simulating such setup. Two servers behind firewalls with only these ports allowed. Then try putting such port number into Server to server settings on both servers and check if they can see each other.