[ejabberd] eJabberd, clustering, DMZ and s2s

Badlop badlop at gmail.com
Fri Jul 15 23:02:57 MSD 2005


Warning: this is only my personal response. It may not be accurate,
but I try it to be.


2005/7/14, Tomasz Terka <tomaso at plusnet.pl>:
> DMZ node would be responsible for s2s and Transport connections 
> while LAN node would be the one to allow connections from users. 

Don't forget that you can install transports on different machines.


> s2s connections are initialized by node that connection c2s is established to. 

Yes, since ejabberd nodes are independent and ready to run even if the
other nodes go down. They communicate only to share and keep
consistent some tables in the Mnesia database.

So. if you disable S2S on LAN, the clients that connect to LAN will
not have S2S. And ejabberd will not magically check if DMZ can use
S2S, establish the connection and pass all the communication between
those two nodes.


> But possibility of building security enhanced eJabberd configurations 
> would be really nice, and is required by some enviroments.

Yes, it seems a nice improvement for crucial environments. That
feature looks like a good hole that those interested in
security-enhanced-ejabberd could fill, and then share to correspond to
all those that contributed for free other parts to  the project,
right? :)


-- 
Correo: badlop at gmail.com
Mensajería: badlop at jabberes.org


More information about the ejabberd mailing list