prosodyctl check and xmpp behind nat
660 views
Skip to first unread message
Autopot France
Aug 9, 2018, 6:11:48 PM8/9/18
to Prosody IM Users
Hello,
I have this message
# prosodyctl check
Checking config...
Done.
Failed to determine the external addresses of this server. Checks may be inaccurate.
Checking DNS for host mydomain.org...
serv.mydomain.org. A record points to unknown address 1.1.1.1
Host serv.mydomain.org. does not seem to resolve to this server (IPv4/IPv6)
No targets for mydomain.org appear to resolve to this server.
My xmpp server has a private IP address and is natted but serv.mydomain.org point to the public IP address 1.1.1.1
I think the xmpp server is complaining because it tries to resolve the DNS record but doesn't find it locally.
Does anyone know how to deal with prosody being natted ?
Is this error important ?
Regards
I have this message
# prosodyctl check
Checking config...
Done.
Failed to determine the external addresses of this server. Checks may be inaccurate.
Checking DNS for host mydomain.org...
serv.mydomain.org. A record points to unknown address 1.1.1.1
Host serv.mydomain.org. does not seem to resolve to this server (IPv4/IPv6)
No targets for mydomain.org appear to resolve to this server.
My xmpp server has a private IP address and is natted but serv.mydomain.org point to the public IP address 1.1.1.1
I think the xmpp server is complaining because it tries to resolve the DNS record but doesn't find it locally.
Does anyone know how to deal with prosody being natted ?
Is this error important ?
Regards
Kim Alvefur
Aug 10, 2018, 1:05:07 AM8/10/18
to prosod...@googlegroups.com
Hi,
On Thu, Aug 09, 2018 at 03:11:48PM -0700, Autopot France wrote:
> I have this message
>
> # prosodyctl check
> Checking config...
> Done.
> Failed to determine the external addresses of this server. Checks may be
> inaccurate.
Note how it says "Checks may be inaccurate".
> Checking DNS for host mydomain.org...
> serv.mydomain.org. A record points to unknown address 1.1.1.1
> Host serv.mydomain.org. does not seem to resolve to this server
> (IPv4/IPv6)
> No targets for mydomain.org appear to resolve to this server.
>
NAT should not be an issue as long as ports are forwarded correctly.
This is however tricky to determine from inside the NAT.
> My xmpp server has a private IP address and is natted but serv.mydomain.org
> point to the public IP address 1.1.1.1
Then just make sure the relevant ports are forwarded from the firewall
and it should work.
> Is this error important ?
There's an issue reported here: <https://issues.prosody.im/964>
It is unfortunate that it is mistaken for an error. Suggestions for
better wording are welcome.
`prosodcytl check` is a tool to check for common problems, but it is not
perfect. In this (NAT) situation, it is unable to check if your DNS is
configured correctly because it does not know the public IP address.
If Prosody itself is working for you and your clients then don't worry
about the check.
--
Regards,
Kim "Zash" Alvefur
On Thu, Aug 09, 2018 at 03:11:48PM -0700, Autopot France wrote:
> I have this message
>
> # prosodyctl check
> Checking config...
> Done.
> Failed to determine the external addresses of this server. Checks may be
> inaccurate.
> Checking DNS for host mydomain.org...
> serv.mydomain.org. A record points to unknown address 1.1.1.1
> Host serv.mydomain.org. does not seem to resolve to this server
> (IPv4/IPv6)
> No targets for mydomain.org appear to resolve to this server.
>
> I think the xmpp server is complaining because it tries to resolve the DNS
> record but doesn't find it locally.
>
> Does anyone know how to deal with prosody being natted ?
Are you experiencing problems with Prosody itself? Generally, being behind
> record but doesn't find it locally.
>
> Does anyone know how to deal with prosody being natted ?
NAT should not be an issue as long as ports are forwarded correctly.
This is however tricky to determine from inside the NAT.
> My xmpp server has a private IP address and is natted but serv.mydomain.org
> point to the public IP address 1.1.1.1
and it should work.
> Is this error important ?
It is unfortunate that it is mistaken for an error. Suggestions for
better wording are welcome.
`prosodcytl check` is a tool to check for common problems, but it is not
perfect. In this (NAT) situation, it is unable to check if your DNS is
configured correctly because it does not know the public IP address.
If Prosody itself is working for you and your clients then don't worry
about the check.
--
Regards,
Kim "Zash" Alvefur
Autopot France
Aug 10, 2018, 6:21:26 PM8/10/18
to Prosody IM Users
Thank you Kim for your answer.
I think (like other softwares), there should be an option on the configuration file saying
# In case Prosody behind NAT
public_ip = 1.1.1.1
So that prosody could correlate what it sees as its IP address and what it finds in the DNS answer.
Regards
I think (like other softwares), there should be an option on the configuration file saying
# In case Prosody behind NAT
public_ip = 1.1.1.1
So that prosody could correlate what it sees as its IP address and what it finds in the DNS answer.
Regards
Matthew Wild
Aug 11, 2018, 2:35:12 AM8/11/18
to Prosody IM Users Group
On 10 August 2018 at 23:21, Autopot France <autopot...@gmail.com> wrote:
> Thank you Kim for your answer.
>
> I think (like other softwares), there should be an option on the
> configuration file saying
> # In case Prosody behind NAT
> public_ip = 1.1.1.1
> So that prosody could correlate what it sees as its IP address and what it
> finds in the DNS answer.
I have thought about this, but it's not very useful for people with dynamic IPs.
> Thank you Kim for your answer.
>
> I think (like other softwares), there should be an option on the
> configuration file saying
> # In case Prosody behind NAT
> public_ip = 1.1.1.1
> So that prosody could correlate what it sees as its IP address and what it
> finds in the DNS answer.
I've been thinking of adding a --nat parameter to prosodyctl check
instead, possibly with a way to pass the external IP. There are still
setups that this would not cover, however.
Regards,
Matthew
za...@zash.se
Aug 15, 2018, 1:19:50 AM8/15/18
to prosod...@googlegroups.com
Lördag den 11 augusti 2018 skrev Matthew Wild:
> I've been thinking of adding a --nat parameter to prosodyctl check
> instead, possibly with a way to pass the external IP. There are still
> setups that this would not cover, however.
Maybe it's enough to check for private IP ranges and print "If your public IP is what's in DNA and your firewall, port forwarding is in order then you're good."
> I've been thinking of adding a --nat parameter to prosodyctl check
> instead, possibly with a way to pass the external IP. There are still
> setups that this would not cover, however.
--
Zash
Reply all
Reply to author
Forward
0 new messages