[ejabberd] eJabberd Clustering

Holger Weiß holger at zedat.fu-berlin.de
Fri Dec 5 11:09:58 MSK 2014


* mamat hensem <hensem at gmail.com> [2014-12-05 15:11]:
> This is for future reference for everybody.

Thanks for that!

> 3. Allow all port except 4369 in firewall. Apparently epmd will use any port

Except port 4369?  epmd listens on port 4369 and other nodes must be
able to connect to it.

> my mistake here is I have no idea nodes are talking with each other using
> this "epmd" and we need to make sure this epmd thingy can be connected from
> outside, and this epmd thingy just use any port it wants to.

There's two components: (1) the actual Erlang node (beam.smp), which
runs ejabberd, and (2) epmd which maps node names to port numbers.  By
default, beam.smp listens on a random port and then tells the local epmd
which port that is.  Other nodes query epmd on port 4369 to ask the
question "on what port is the ejabberd at foo node listening?", so that
they can then connect to that port.  Thus, your packet filter must
permit access to both.

> kind of sucks isn't it? if later i find out how to make this thing use a
> fixed port, i'll update here.

You can restrict the range of ports used by beam.smp by setting a
FIREWALL_WINDOW in your ejabberdctl.cfg, e.g. FIREWALL_WINDOW=4200-4210.
See:

https://github.com/processone/ejabberd/blob/865509757c7322809/ejabberdctl.cfg.example#L42

See also:

http://www.process-one.net/docs/ejabberd/guide_en.html#firewall

Holger


More information about the ejabberd mailing list