powered by Jive Software

Proxy or internal hostname handling. Possible?

Hey folks, I’‘m trying to get smack to handle an internal network connection to a server that is normally referenced externally. Here’'s the problem:

jHost = “moo.internal.host.com”;

uName = “bob”;

pWord = “password”;

conn=new XMPPConnection(jHost);


Here’‘s the problem. jHost is normally referred to as ‘‘jabber.host.com’’, and is accessed via a NAT rule in the firewall, therefore all JID’‘s are ‘‘bob@jabber.host.com’’. Since I’'m developing internally, I give my jHost as the ‘‘internal’’ name of the machine hosting jabberd, ‘‘moo.internal.host.com’’.

Smack is assuming the JID of teh client is ‘‘bob@moo.internal.host.com’’, and not ‘‘bob@jabber.host.com’’. If I try to Chat someone off-local host, I get a ‘‘Server Connect Timeout’’ message, since the JID is given as the internal address, ala Not Routable.

How do I tell Smack to either:

  1. explicitely set the JID of the user I’'m logging in as, or

  2. use a proxy, which I can set up on my firewall to allow “out, then back in” connectivity. Then I can specify my hostname as ‘‘jabber.host.com’’, but use this proxy at my.external.host.com to connect to it for me.



Perhaps I don’‘t entirely understand the issue. Isn’'t it up to the server to set the “from” field as your JID for outgoing messages? Also, can you explain how Smack might use a proxy?



Yah, that’‘s what I thought as well, but here’‘s what’'s happening. (this is for Jig, an IRC gateway for using and IRC client with Jabber).

Here is my connect methodology:

161 out.println(“NOTICE jabberUser :Connecting to jabber…”);

162 // Log some information.


164 logIt("**** JabberID

: " + jabberID);

165 logIt("**** Username

: " + userName);

166 logIt("**** Nickname

: " + nickName);

167 logIt("**** Password

: " + passWord);

168 logIt("**** JabberHost --: " + jabberHost);

169 logIt("**** Socket

: " + incoming);


171 // Okay, connect to jabber…


173 // Create a connection to the jabber.org server.

174 try {

175 conn = new XMPPConnection(jabberHost);

176 conn.login(userName,passWord);

177 }

after connecting, I send a message:

239 logIt("**** PRIVMSG to " + target + " : " + msg);

240 try {

241 Chat newChat = conn.createChat(target);

242 Message newMessage = newChat.createMessage();

243 newMessage.setBody(msg);

244 newChat.sendMessage(newMessage);

245 }

In my output logs, I’'m seeing:

**** JabberID

: shayde@jabber.stonekeep.com

**** Username

: shayde

**** Nickname

: shevett

**** Password

: xxxxxxxx

**** JabberHost --: naboo.stonekeep.com

**** Socket

: Socket[addr=/,port=3896,localport=8189]

**** PRIVMSG to dbs@jabber.stonekeep.com : Yo dude.

However, in my client (Exodus), the message appears as coming from ‘‘shayde@naboo.stonekeep.com/Smack’’

Further tidbits…

In Exodus, I can connect to my local server as "dbs@jabber.stonekeep.com", but there is a secondary tab that says “Connection” where I can specify a host to connect to. That -does- log me in correctly, showing up as ‘‘dbs@jabber.stonekeep.com’’ even though I’'m locally connected to ‘‘naboo.stonekeep.com’’.

One last bit.

I removed my shayde.xml file(s) from my Jabber spool directories, and re-created the account using Exodus. My shayde.xml file shows up spiffy.

Now when I connect from Smack, I’'m getting:

**** JabberID

: shayde@jabber.stonekeep.com

**** Username

: shayde

**** Nickname

: shevett

**** Password

: abc123

**** JabberHost --: naboo.stonekeep.com

**** Socket

: Socket[addr=/,port=3945,localport=8189]

**** Exception thrown by XMPPConnection…

username: shayde

password: xxxxxx

hostname: naboo.stonekeep.com

(401) Unauthorized – org.jivesoftware.smack.XMPPException

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:275)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:231)

at IRCThread.run(IRCThread.java:176)

because I’‘m assuming the account I’'m trying to authenticate against is being set up by smack as ‘‘shayde@naboo.stonekeep.com’’, not ‘‘shayde@jabber.stonekeep.com’’.

A proxy would fix this, since i woulnd’‘t have to socket directly via my local name to the server - Exodus and toher clients support (I’'m going assume) using an SSL proxy to connect through to a Jabber host.

Does that make sense? Feel free to poke me at JID dbs@jabber.stonekeep.com for more info.

If you are running jabberd as the server and are able to configure it yourself (or have access to someone who does), you can give the server an “alias”.

I’'m running jabberd behind a NAT box so I ran into the same problem. For jabberd, you can edit the XML configuration files (in /etc/jabber on linux) as such:

<service id="c2s">                                                                                <load>                                                                                <pthsock_client>/usr/lib/jabber/pthsock_client.so</pthsock_client>                                                                </load>                                                                                <pthcsock xmlns=''jabber:config:pth-csock''>                                                                                <authtime/>                                                                                <karma>                                                                                <init>10</init>                                                                                <max>10</max>                                                                                <inc>1</inc>                                                                                <dec>1</dec>                                                                                <penalty>-6</penalty>                                                                                <restore>10</restore>                                                                                </karma>                                                                                <alias to="jabber.yourserver.com">werewolf</alias>                                                                                <ip port="5222"></ip>                                                                                <ssl port="5223"></ssl>                                                                                </pthcsock>                                                                                </service>

The only additional line is the “alias” line, the rest is just shown for context.

In this example, the servers external internet name is jabber.yourserver.com and the internal name is werewolf. When using a jabber client internally, I connect to “werewolf” but the server internally translates everything to the proper external name. When you are outside the network on the internet, you reference the server with the normal name.

When you reference JID’'s on the server, you can specify either for (user@jabber.yourhost.com or user@werewolf) and the jabberd server will work with either.

Another option you can use is to simply make a “hosts” file entry on the internal machine to map the external hostname to the internal IP. Since most OS’‘s will read the hosts file before sending out a DNS query it will pick up the correct internal IP. Of course, if it’'s a laptop that may end up being inside and outside, you would have to comment out the host file entry when the laptop is external (which is where the “alias” really comes in handy).

Hope this helps,


I’‘ve actually already done the ‘‘hosts’’ hack to make this work, and will be okay for this testing, but I’‘ll look into the entry as well, that’'s a far more elegant solution.