[Server-devel] Jabber presence under NAT & named under DMZ issues
Anna
aschoolf at gmail.com
Fri Nov 5 22:19:27 EDT 2010
As a lot of folks know, I've been running an XS out of my house since early
2008. I have a static IP from my ISP and a FQDN associated to that IP.
Let's call it random.net and let's say my public static IP is 67.195.160.76
(those are obviously fake). Of course, that's not my real domain or real
IP, but I'd rather keep that out of a public email list. If you're curious,
contact me personally for the real IP and domain if you want to ping,
connect to the Jabber server, or even ssh in.
My users are all over the North American continent: NY and NJ, Virginia,
Florida, California, and Canada. Folks are on XOs (Sugar and Gnome),
various Linux distros (Ubuntu, Debian, Fedora) on various hardware platforms
(Desktops, notebooks, and netbooks), Android tablets, Macs, and at least one
Nokia 600. Clients include Sugar Chat, Pidgin, Gajim, Finch, Adium, and
goodness knows what else. We're a diverse group! I'm mentioning this due
to the "top of the hour" presence issue on XS 0.6 impacting all my users.
Everyone can connect just fine with schoolserver.random.net port 5223 but at
the top of the hour, every hour, the presence service resets if the XS is
not in the DMZ.
After a couple of recent power outages and some disappointed users, I tried
out the "XS on an XO" again, which I'll call XSXO from now on. My regular
XS running XS 0.5.2 (a big old Dell) has a UPS, but that only lasts about
1/2 an hour until the battery runs down. To keep the LAN up during a
blackout, I hook up an AC inverter to an old car battery, which keeps the
DSL modem/router up for many, many hours. That would also keep an XSXO up
for many, many hours during a power outage. With a shiny new USB ethernet
adapter from the OLPC-SF summit, it seemed a fine time to get this going.
Besides, I'd like to redo that big old Dell: backing up stuff, vacuuming out
the cat hair, and installing XS 0.6.
Per the instructions on the wiki, I put OLPC-School-Server-0.6-i386.img on
an 8 GB class 6 SD card and it booted up just fine. I ran yum update,
rebooted, then did:
/etc/sysconfig/olpc-scripts/domain_config random.net
Initially, I set this up for /etc/sysconfig/network-scripts/ifcfg-eth0-local
IPADDR=192.168.1.200
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.254
Then I edited /etc/httpd/conf/httpd-xs.conf for "Listen 80"
Rebooted again.
In my router, I opened up ports 5222, 5223, and 80 to 192.168.1.200 and my
users got on Jabber at schoolserver.random.net. Apache resolved at
random.net just fine. All was going well, except that the ejabberd presence
service kept resetting at the top of the hour, every hour. I tried opening
ports 22, 443, 8080. I tried shutting down the following services, one at a
time, waiting to see what would happen at the top of the hour:
dhcpd
moodle
pgsql-xs
xsactivation
idmgr
xs-rysncd
Eventually, after many hours of troubleshooting, I put the XSXO into the DMZ
in my router and the presence service quit resetting us every hour.
Of course, I deleted /etc/sysconfig/network-scripts/ifcfg-eth0-local once I
set XSXO in the DMZ.
I edited /etc/hosts for:
67.195.160.76 schoolserver.random.net random.net
I put the OpenDNS IPs in named-xs.conf.in and then make -f xs-config.make
named-xs.conf
I actually use OpenDNS DNS IPs in my router instead of my ISP's DNS IPs.
Here's /var/named-xs/school.external.zone.db
@ in soa localhost. root 1 3H 15M 1W 1D
ns localhost.
schoolserver IN A 67.195.160.76
school IN CNAME schoolserver
www IN CNAME schoolserver
ntp IN CNAME schoolserver
time IN CNAME schoolserver
presence IN CNAME schoolserver
xs IN CNAME schoolserver
library IN CNAME schoolserver
conference.schoolserver IN CNAME schoolserver
But then named never comes back up:
Starting named:
Error in named configuration:
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name
(check-names)
school.internal.zone.db:2: no TTL specified; zone rejected
school.internal.zone.db:4: schoolserver1.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:4: no TTL specified; zone rejected
school.internal.zone.db:5: schoolserver2.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:5: no TTL specified; zone rejected
school.internal.zone.db:6: schoolserver3.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:6: no TTL specified; zone rejected
school.internal.zone.db:7: schoolserver4.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:7: no TTL specified; zone rejected
school.internal.zone.db:8: schoolserver5.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:8: no TTL specified; zone rejected
school.internal.zone.db:9: schoolserver6.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:9: no TTL specified; zone rejected
school.internal.zone.db:10: schoolserver7.\@\@BASEDNSNAME\@\@: bad owner
name (check-names)
school.internal.zone.db:10: no TTL specified; zone rejected
school.internal.zone.db:11: schoolserver8.\@\@BASEDNSNAME\@\@: bad owner
name (check-names)
school.internal.zone.db:11: no TTL specified; zone rejected
school.internal.zone.db:13: schoolserver.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:13: no TTL specified; zone rejected
school.internal.zone.db:14: school.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:14: no TTL specified; zone rejected
school.internal.zone.db:15: www.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:15: no TTL specified; zone rejected
school.internal.zone.db:16: ntp.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:16: no TTL specified; zone rejected
school.internal.zone.db:17: time.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:17: no TTL specified; zone rejected
school.internal.zone.db:18: presence.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:18: no TTL specified; zone rejected
school.internal.zone.db:19: xs.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:19: no TTL specified; zone rejected
school.internal.zone.db:20: library.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:20: no TTL specified; zone rejected
school.internal.zone.db:22: conference.schoolserver.\@\@BASEDNSNAME\@\@: bad
owner name (check-names)
school.internal.zone.db:22: no TTL specified; zone rejected
school.internal.zone.db:29: no TTL specified; zone rejected
school.internal.zone.db:32: no TTL specified; zone rejected
zone \@\@BASEDNSNAME\@\@/IN: loading from master file
school.internal.zone.db failed: bad name (check-names)
localhost_resolver/@@BASEDNSNAME@@/in: bad name (check-names)
dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name
(check-names)
school.internal.zone.db:2: no TTL specified; zone rejected
school.internal.zone.db:4: schoolserver1.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:4: no TTL specified; zone rejected
school.internal.zone.db:5: schoolserver2.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:5: no TTL specified; zone rejected
school.internal.zone.db:6: schoolserver3.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:6: no TTL specified; zone rejected
school.internal.zone.db:7: schoolserver4.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:7: no TTL specified; zone rejected
school.internal.zone.db:8: schoolserver5.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:8: no TTL specified; zone rejected
school.internal.zone.db:9: schoolserver6.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:9: no TTL specified; zone rejected
school.internal.zone.db:10: schoolserver7.\@\@BASEDNSNAME\@\@: bad owner
name (check-names)
school.internal.zone.db:10: no TTL specified; zone rejected
school.internal.zone.db:11: schoolserver8.\@\@BASEDNSNAME\@\@: bad owner
name (check-names)
school.internal.zone.db:11: no TTL specified; zone rejected
school.internal.zone.db:13: schoolserver.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:13: no TTL specified; zone rejected
school.internal.zone.db:14: school.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:14: no TTL specified; zone rejected
school.internal.zone.db:15: www.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:15: no TTL specified; zone rejected
school.internal.zone.db:16: ntp.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:16: no TTL specified; zone rejected
school.internal.zone.db:17: time.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:17: no TTL specified; zone rejected
school.internal.zone.db:18: presence.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:18: no TTL specified; zone rejected
school.internal.zone.db:19: xs.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:19: no TTL specified; zone rejected
school.internal.zone.db:20: library.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.internal.zone.db:20: no TTL specified; zone rejected
school.internal.zone.db:22: conference.schoolserver.\@\@BASEDNSNAME\@\@: bad
owner name (check-names)
school.internal.zone.db:22: no TTL specified; zone rejected
school.internal.zone.db:29: no TTL specified; zone rejected
school.internal.zone.db:32: no TTL specified; zone rejected
zone \@\@BASEDNSNAME\@\@/IN: loading from master file
school.internal.zone.db failed: bad name (check-names)
internal/@@BASEDNSNAME@@/IN: bad name (check-names)
school.internal.zone.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 0.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.16.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 16.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.32.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 18.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.48.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 20.18.172.in-addr.arpa/IN: loaded serial 1
dns_rdata_fromtext: school.external.zone.db:1: near 'root': bad name
(check-names)
school.external.zone.db:2: no TTL specified; zone rejected
school.external.zone.db:4: schoolserver.\@\@BASEDNSNAME\@\@: bad owner name
(check-names)
school.external.zone.db:4: no TTL specified; zone rejected
school.external.zone.db:5: no TTL specified; zone rejected
school.external.zone.db:6: no TTL specified; zone rejected
school.external.zone.db:7: no TTL specified; zone rejected
school.external.zone.db:8: no TTL specified; zone rejected
school.external.zone.db:9: no TTL specified; zone rejected
school.external.zone.db:10: no TTL specified; zone rejected
school.external.zone.db:11: no TTL specified; zone rejected
school.external.zone.db:12: no TTL specified; zone rejected
zone \@\@BASEDNSNAME\@\@/IN: loading from master file
school.external.zone.db failed: bad name (check-names)
external/@@BASEDNSNAME@@/IN: bad name (check-names)
[FAILED]
So, is it my router or is there something on the XS that runs at the top of
every hour that breaks if a particular port isn't open? I searched all over
/var/log and didn't see anything.
If someone has advice with either of these options, that would be very
helpful:
1. The XSXO has an IP from my LAN (192.168.1.200 for example) and I can
forward 80, 5222, 5223 (or other ports!) to it and the presence service
doesn't reset every hour.
2. The XSXO is in the DMZ and named will start up.
Anna Schoolfield
Birmingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20101105/3c3085f5/attachment.htm
More information about the Server-devel
mailing list