| Author |
Message |
|
| Guest |
 Posted: Tue Oct 23, 2007 5:37 pm |
 |
|
|
Guest
|
2007/10/3, jesus@isaatc.ull.es <jesus@isaatc.ull.es>:
> I have a ejabberd installed on a Debian Etch linux distribution, that
> I recently upgraded to version 1.1.2-6. After that, I discovered that
> ejabberd is now listening on port 1212 (lupa). |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Oct 23, 2007 6:48 pm |
|
|
|
Guest
|
Respondiendo a Badlop <badlop@gmail.com>:
> ejabberd should only listen in the ports defined in ejabberd.cfg
> 'listen' section.
This is the listen section of my config file:
{listen,
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
starttls_required, {certfile,
"/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service
{5223, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
% Server-2-server service
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper},
{max_stanza_size, 131072}]},
% External MUC jabber-muc (but internal mod_muc is better  )
% {5554, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "muc.localhost", [{password, "secret"}]}]},
% Jabber ICQ Transport
% {5555, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {hosts, ["icq.localhost",
"sms.localhost"], [{password, "secret"}]}]},
% AIM Transport
% {5556, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "aim.localhost", [{password, "secret"}]}]},
% MSN Transport
% {5557, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "msn.localhost", [{password, "secret"}]}]},
% Yahoo! Transport
% {5558, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "yahoo.localhost", [{password,
"secret"}]}]},
% External JUD (internal is more powerful,
% but doesn't allow to register users from other servers)
% {5559, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "jud.localhost", [{password, "secret"}]}]},
% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
{5280, ejabberd_http, [http_poll,
tls, {certfile, "/etc/ejabberd/ejabberd.pem"}]},
{5281, ejabberd_http, [{ip, {127, 0, 0, 1}},
web_admin, http_poll]}
]}.
>
> Of course, you can write an ejabberd module that also listens in other
> ports. For example mod_xmlrpc does not use the 'listen' section to
> define which port to bind the XML-RPC server to. I guess this is not
> your case, because ejabberd package in Debian Etch does not include
> any additional modules. And you didn't install such a module without
> noticing
Yes, I only have installed the ejabberd package without any aditional modules.
>
> Another possibility is that the port is opened by 'epmd'. It is a
> small program included in Erlang/OTP to help in some name resolution
> tasks. Could that be the program you saw listening in that port,
> instead of 'beam' (which represents ejabberd)?
I have executed the command "netstat -tpa", those are the more
relevant lines in command output:
tcp 0 0 *:5280 *:*
LISTEN 3004/beam
tcp 0 0 localhost.localdom:5281 *:*
LISTEN 3004/beam
tcp 0 0 *:xmpp-client *:*
LISTEN 3004/beam
tcp 0 0 *:5223 *:*
LISTEN 3004/beam
tcp 0 0 *:4369 *:*
LISTEN 2987/epmd
tcp 0 0 *:xmpp-server *:*
LISTEN 3004/beam
tcp 0 0 *:1212 *:*
LISTEN 3004/beam
The port 1212 is opened by beam, as you can see.
--
// Jes |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Oct 23, 2007 9:11 pm |
|
|
|
Guest
|
2007/10/23, jesus@isaatc.ull.es <jesus@isaatc.ull.es>:
> I have executed the command "netstat -tpa", those are the more
> relevant lines in command output:
>
> tcp 0 0 *:5280 *:*
> LISTEN 3004/beam
> tcp 0 0 localhost.localdom:5281 *:*
> LISTEN 3004/beam
> tcp 0 0 *:xmpp-client *:*
> LISTEN 3004/beam
> tcp 0 0 *:5223 *:*
> LISTEN 3004/beam
> tcp 0 0 *:4369 *:*
> LISTEN 2987/epmd
> tcp 0 0 *:xmpp-server *:*
> LISTEN 3004/beam
> tcp 0 0 *:1212 *:*
> LISTEN 3004/beam
>
> The port 1212 is opened by beam, as you can see.
Ah, this also puzzled me some time ago, and I took a look. Now that I
remember this topic, let's see if this explanation also convinces you.
I think this deserves a page in http://www.ejabberd.im/faq right?
If I'm right, that listening socket is not opened by ejabberd itself,
but by the Erlang node. It is related to epmd and the node
connectivity. The port number should be different each time you start
an Erlang node. In my case, the numbers are usually high (30.000 ..
55.000).
I made an experiment with ejabberd SVN and Erlang R11B-5 in a Debian
unstable. I set only one port in the listen section: 5222.
# Check that there are no open sockets by beam or epmd:
$ netstat -tpan | grep "beam\|epmd"
# Start ejabberd:
$ ./ejabberdctl start
# Now ejabberd listens XMPP clients in port 5222, and Erlang
connections in port 33335. As you can see, the ejabberd node already
connected with epmd's standard port 4369:
$ netstat -tpan | grep "beam\|epmd"
tcp 0 0 0.0.0.0:5222 0.0.0.0:*
LISTEN 7552/beam
tcp 0 0 0.0.0.0:4369 0.0.0.0:*
LISTEN 7550/epmd
tcp 0 0 0.0.0.0:33335 0.0.0.0:*
LISTEN 7552/beam
tcp 0 0 127.0.0.1:48107 127.0.0.1:4369
ESTABLISHED7552/beam
tcp 0 0 127.0.0.1:4369 127.0.0.1:48107
ESTABLISHED7550/epmd
# Now, in a different console I start an Erlang node that just
attaches to the already running ejabberd node. This is useful to
manually administer the ejabberd server:
$ ./ejabberdctl debug
# If all went correctly, now we have two Erlang nodes. The first runs
ejabberd, and the second is connected to the first one:
$ netstat -tpan | grep "beam\|epmd"
tcp 0 0 0.0.0.0:5222 0.0.0.0:*
LISTEN 7552/beam
tcp 0 0 0.0.0.0:4369 0.0.0.0:*
LISTEN 7550/epmd
tcp 0 0 0.0.0.0:33335 0.0.0.0:*
LISTEN 7552/beam
tcp 0 0 0.0.0.0:44476 0.0.0.0:*
LISTEN 7562/beam
tcp 0 0 127.0.0.1:33335 127.0.0.1:45535
ESTABLISHED7552/beam
tcp 0 0 127.0.0.1:48107 127.0.0.1:4369
ESTABLISHED7552/beam
tcp 0 0 127.0.0.1:45535 127.0.0.1:33335
ESTABLISHED7562/beam
tcp 0 0 127.0.0.1:4369 127.0.0.1:49926
ESTABLISHED7550/epmd
tcp 0 0 127.0.0.1:49926 127.0.0.1:4369
ESTABLISHED7562/beam
tcp 0 0 127.0.0.1:4369 127.0.0.1:48107
ESTABLISHED7550/epmd
As you can see the port 33335 was listening for connections from other
Erlang nodes. This feature is also used to stop the ejabberd server,
and use commands such as reopenlog and others.
In fact, ejabberd is not involved in that 33335 port opening. So the
experiment can be reduced to just Erlang:
# First check there are no open sockets:
$ netstat -tpan | grep "beam\|epmd"
# Then start an Erlang node, and move it to the background:
$ erl -sname testnode
Erlang (BEAM) emulator version 5.5.5 [source] [async-threads:0]
[kernel-poll:false]
Eshell V5.5.5 (abort with ^G)
(testnode@localhost)1>
[1]+ Stopped erl -sname testnode
# Leave the program running, and check open ports:
$ netstat -tpan | grep "beam\|epmd"
tcp 0 0 0.0.0.0:4369 0.0.0.0:*
LISTEN 7613/epmd
tcp 0 0 0.0.0.0:36190 0.0.0.0:*
LISTEN 7606/beam
tcp 0 0 127.0.0.1:41149 127.0.0.1:4369
ESTABLISHED7606/beam
tcp 0 0 127.0.0.1:4369 127.0.0.1:41149
ESTABLISHED7613/epmd
There we have: beam now listens in the port 36190. It also connected
to epmd port 4369 to gather some information. I didn't investigate
that so much to sniff the traffic. If you have time to do this... tell
me your findings.
The only thing that still doesn't match for me is: the listening ports
I observed are always different, and quite high: 30.000, 50.000... In
your system the port is quite low: 1212. And is it always the same
after ejabberd restarts?
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Oct 24, 2007 11:52 pm |
|
|
|
Guest
|
Respondiendo a Badlop <badlop@gmail.com>:
>
> Ah, this also puzzled me some time ago, and I took a look. Now that I
> remember this topic, let's see if this explanation also convinces you.
> I think this deserves a page in http://www.ejabberd.im/faq right?
>
Yes, this an odd thing. Many other people can get worried about have
an open port for no reason at all.
> If I'm right, that listening socket is not opened by ejabberd itself,
> but by the Erlang node. It is related to epmd and the node
> connectivity. The port number should be different each time you start
> an Erlang node. In my case, the numbers are usually high (30.000 ..
> 55.000).
>
Some week ago I thought, too, that listening socket is not opened by
ejabberd because I couldn't find any reference to port 1212 or to LUPA
service in its sources.
> I made an experiment with ejabberd SVN and Erlang R11B-5 in a Debian
> unstable. I set only one port in the listen section: 5222.
>
> # Check that there are no open sockets by beam or epmd:
> $ netstat -tpan | grep "beam\|epmd"
>
> # Start ejabberd:
> $ ./ejabberdctl start
>
> # Now ejabberd listens XMPP clients in port 5222, and Erlang
> connections in port 33335. As you can see, the ejabberd node already
> connected with epmd's standard port 4369:
> $ netstat -tpan | grep "beam\|epmd"
> tcp 0 0 0.0.0.0:5222 0.0.0.0:*
> LISTEN 7552/beam
> tcp 0 0 0.0.0.0:4369 0.0.0.0:*
> LISTEN 7550/epmd
> tcp 0 0 0.0.0.0:33335 0.0.0.0:*
> LISTEN 7552/beam
> tcp 0 0 127.0.0.1:48107 127.0.0.1:4369
> ESTABLISHED7552/beam
> tcp 0 0 127.0.0.1:4369 127.0.0.1:48107
> ESTABLISHED7550/epmd
>
> # Now, in a different console I start an Erlang node that just
> attaches to the already running ejabberd node. This is useful to
> manually administer the ejabberd server:
> $ ./ejabberdctl debug
>
> # If all went correctly, now we have two Erlang nodes. The first runs
> ejabberd, and the second is connected to the first one:
> $ netstat -tpan | grep "beam\|epmd"
> tcp 0 0 0.0.0.0:5222 0.0.0.0:*
> LISTEN 7552/beam
> tcp 0 0 0.0.0.0:4369 0.0.0.0:*
> LISTEN 7550/epmd
> tcp 0 0 0.0.0.0:33335 0.0.0.0:*
> LISTEN 7552/beam
> tcp 0 0 0.0.0.0:44476 0.0.0.0:*
> LISTEN 7562/beam
> tcp 0 0 127.0.0.1:33335 127.0.0.1:45535
> ESTABLISHED7552/beam
> tcp 0 0 127.0.0.1:48107 127.0.0.1:4369
> ESTABLISHED7552/beam
> tcp 0 0 127.0.0.1:45535 127.0.0.1:33335
> ESTABLISHED7562/beam
> tcp 0 0 127.0.0.1:4369 127.0.0.1:49926
> ESTABLISHED7550/epmd
> tcp 0 0 127.0.0.1:49926 127.0.0.1:4369
> ESTABLISHED7562/beam
> tcp 0 0 127.0.0.1:4369 127.0.0.1:48107
> ESTABLISHED7550/epmd
>
> As you can see the port 33335 was listening for connections from other
> Erlang nodes. This feature is also used to stop the ejabberd server,
> and use commands such as reopenlog and others.
>
> In fact, ejabberd is not involved in that 33335 port opening. So the
> experiment can be reduced to just Erlang:
>
> # First check there are no open sockets:
> $ netstat -tpan | grep "beam\|epmd"
>
> # Then start an Erlang node, and move it to the background:
> $ erl -sname testnode
> Erlang (BEAM) emulator version 5.5.5 [source] [async-threads:0]
> [kernel-poll:false]
>
> Eshell V5.5.5 (abort with ^G)
> (testnode@localhost)1>
> [1]+ Stopped erl -sname testnode
>
> # Leave the program running, and check open ports:
> $ netstat -tpan | grep "beam\|epmd"
> tcp 0 0 0.0.0.0:4369 0.0.0.0:*
> LISTEN 7613/epmd
> tcp 0 0 0.0.0.0:36190 0.0.0.0:*
> LISTEN 7606/beam
> tcp 0 0 127.0.0.1:41149 127.0.0.1:4369
> ESTABLISHED7606/beam
> tcp 0 0 127.0.0.1:4369 127.0.0.1:41149
> ESTABLISHED7613/epmd
>
> There we have: beam now listens in the port 36190. It also connected
> to epmd port 4369 to gather some information. I didn't investigate
> that so much to sniff the traffic. If you have time to do this... tell
> me your findings.
>
> The only thing that still doesn't match for me is: the listening ports
> I observed are always different, and quite high: 30.000, 50.000... In
> your system the port is quite low: 1212. And is it always the same
> after ejabberd restarts?
I have done all your test and my opinion is that you are right. The
opened port (1212) in my system is used by erlang for comunication
between nodes, as in your system. The used port is different after
ejabberd restarts, always higher than 1024, but never as high as in
your system.
After investigate a little I found this in epmd manpage:
"This daemon acts as a name server on all hosts involved in
distributed Erlang computations. When an Erlang node starts, the node
has a name and it obtains an address from the host OS kernel. The name
and the address are sent to the epmd daemon running on the local host.
In a TCP/IP environment, the address consists of the IP address and a
port number. The name of the node is an atom on the form of Name@Node.
The job of the epmd daemon is to keep track of which node name listens
on which address. Hence, epmd map symbolic node names to machine
addresses."
And I tried to launch epmd with option -names:
$ epmd -names
epmd: up and running on port 4369 with data:
name ejabberd at port 1212
As you said, that port is opend by erlang for node communications.
Thank you.
--
// Jes |
|
|
| Back to top |
|
| Guest |
| Posted: Thu Oct 25, 2007 7:11 am |
|
|
|
Guest
|
2007/10/25, jesus@isaatc.ull.es <jesus@isaatc.ull.es>:
> Yes, this an odd thing. Many other people can get worried about have
> an open port for no reason at all.
> As you said, that port is opend by erlang for node communications.
So, as conclusion, that TCP listening has an important purpose in ejabberd:
it allows to do things with ejabberd from the command line that are
not possible with other programs.
For example, the Apache2 web server (that probably have more audience
than all Jabber servers together) has a script that only allows the
basic:
# apache2ctl
Usage: /usr/sbin/apache2ctl
start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus
/usr/sbin/apache2ctl <apache2 args>
When we look at ejabberdctl, thanks to Erlang node connectivity we can
implement almost any imaginable administration task. For example, this
is the default in ejabberd SVN:
$ ./ejabberdctl
Usage: ejabberdctl node command
Available commands:
status get ejabberd status
stop stop ejabberd
restart restart ejabberd
reopen-log reopen log file
register user server password register a user
unregister user server unregister a user
backup file store a database backup to file
restore file restore a database backup from file
install-fallback file install a database fallback from file
dump file dump a database to a text file
load file restore a database from a text file
import-file file import user data from jabberd 1.4 spool file
import-dir dir import user data from jabberd 1.4
spool directory
delete-expired-messages delete expired offline messages from database
delete-old-messages n delete offline messages older than n
days from database
vhost host ... execute host-specific commands
incoming-s2s-number print number of incoming s2s
connections on the node
outgoing-s2s-number print number of outgoing s2s
connections on the node
user-resources user server print user's connected resources
connected-users-number print a number of established sessions
connected-users list all established sessions
Example:
ejabberdctl ejabberd@host restart
Commands to start an ejabberd node:
start Start an ejabberd node in server mode
debug Attach an interactive Erlang shell to a running ejabberd node
live Start an ejabberd node in live (interactive) mode
Any ejabberd module can implement new commands. For example
mod_ctlextra provides commands to edit vCards, change passwords and
add roster items.
If all this is not enough, thanks to Erlang node connectivity it is
possible to start a live shell session in an ejabberd server which is
already running and execute Erlang instructions. For example, check
the local time, clear the table Offline_msg, check total number of
locally registered users roster items...
$ ./ejabberdctl debug
--------------------------------------------------------------------
IMPORTANT: we will attempt to attach an INTERACTIVE shell
to an already running ejabberd node.
If an ERROR is printed, it means the connection was not succesfull.
You can interact with the ejabberd node if you know how to use it.
Please be extremely cautious with your actions,
and exit immediately if you are not completely sure.
To detach this shell from ejabberd, press:
control+c, control+c
--------------------------------------------------------------------
Press any key to continue
Erlang (BEAM) emulator version 5.5.5 [source] [async-threads:0]
[kernel-poll:false]
Eshell V5.5.5 (abort with ^G)
(ejabberd@localhost)1> calendar:now_to_local_time(now()).
{{2007,10,25},{8,33,48}}
(ejabberd@localhost)2> ejabberd_auth:try_register("badlop",
"localhost", "uuu6UUU47").
{atomic,exists}
(ejabberd@localhost)3> mnesia:clear_table(offline_msg).
{atomic,ok}
(ejabberd@localhost)4> mnesia:table_info(passwd, size).
3
(ejabberd@localhost)5> mnesia:table_info(passwd, memory).
462
(ejabberd@localhost)6> erlang:system_info(system_version).
"Erlang (BEAM) emulator version 5.5.5 [source] [async-threads:0]
[kernel-poll:false]\n"
Of course, with great power comes great responsibility:
'' It is strongly recommended to block the port 4369 in the firewall
for external connections. ''
http://www.ejabberd.im/epmd
I've started a FAQ page for this topic:
http://www.ejabberd.im/listen-strange-port
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Tue Nov 06, 2007 10:20 am |
|
|
|
Guest
|
2007/10/23, jesus@isaatc.ull.es <jesus@isaatc.ull.es>:
> I have executed the command "netstat -tpa", those are the more
> relevant lines in command output:
>
> tcp 0 0 *:5280 *:*
> LISTEN 3004/beam
> tcp 0 0 localhost.localdom:5281 *:*
> LISTEN 3004/beam
> tcp 0 0 *:xmpp-client *:*
> LISTEN 3004/beam
> tcp 0 0 *:5223 *:*
> LISTEN 3004/beam
> tcp 0 0 *:4369 *:*
> LISTEN 2987/epmd
> tcp 0 0 *:xmpp-server *:*
> LISTEN 3004/beam
> tcp 0 0 *:1212 *:*
> LISTEN 3004/beam
>
> The port 1212 is opened by beam, as you can see.
There is another way to know which ports is the Erlang node listening to:
(ejabberd@localhost)28> inet:i().
Port Module Recv Sent Owner Local Address Foreign Address State
8 inet_tcp 0 0 <0.21.0> *:35542 *:*
ACCEPTING
10 inet_tcp 4 23 <0.19.0> localhost:37970
localhost:4369 CONNECTED
350 inet_tcp 0 0 <0.241.0> *:xmpp-client *:*
ACCEPTING
351 inet_tcp 0 0 <0.242.0> *:5223 *:*
ACCEPTING
352 inet_tcp 0 0 <0.243.0> *:xmpp-server *:*
ACCEPTING
353 inet_tcp 0 0 <0.244.0> *:5280 *:*
ACCEPTING
354 inet_tcp 0 0 <0.245.0> *:8888 *:*
ACCEPTING
505 inet_tcp 15714 38229 <0.351.0> 127.0.1.1:xmpp-client
127.0.1.1:46692 CONNECTED
I didn't find this function in Erlang documentation.
I read about it in this blog post:
http://blog.tornkvist.org/?id=1194342452130767
_______________________________________________
ejabberd mailing list
ejabberd@jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Post recived from mailinglist |
|
|
| Back to top |
|
| wuji |
| Posted: Thu Sep 13, 2012 7:17 am |
|
|
|
User
Joined: 10 Aug 2012
Posts: 654
|
even by some very close family members, though."That was bad because they they cheap authentic air jordans they loved me and I loved them," she said. "And they didn't
me in the house."She said that wanting to be accepted for who who cheap jordan shoes who she is drove her to come out on television that year
Jerry Falwell, Pat Robertson and other members of the evangelical community who who cheap designer *beep* who said they were disappointed. Some called her "Ellen Degenerate.""You know Ellen
such a good person," her mother said. "Now, I don't want to to cheap polo shirts to get weepy, I don't, but she's so good that she shouldn't
all this directed at her."Today Betty DeGeneres fights for gay rights. She She [h1]designer replica *beep*[/h1] She is devoted and always tolerant.Bill Clinton Boosts President Obama - So
George W. Bush for Mitt Romney?2 Prior Presidents Take Dramatically Different Approaches Approaches cheap Ralph Lauren Polo Approaches to 2012 CampaignBy JOEL SIEGELMay 4, 2012 — He was once |
|
|
| Back to top |
 
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
