sebboh
/
tilde.club
forked from team/tilde.club
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update ircserver-connections.md

This commit is contained in:
Jason Levine 2014-12-19 20:01:12 -05:00
parent d39f772bb8
commit 3203acc77d
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/ircserver-connections.md
View File

@ -1,21 +1,21 @@
When we're ready to allow other tilde.club IRC servers to connect to us, these are we'll need bits of information from the remote server admin.
* remote IRC server IP address (if the server is behind NAT, this needs to be the external IP address)
* port the server is listening on (specifically the SSL port; we should only support SSL connections)
* the name of the remote IRC server (if it's a charybdis server, this is `name` in the `serverinfo` section of its `ircd.conf` file)
* two passwords, one we will send to the remote server, and one we will receive from the remote server
1. remote IRC server IP address (this needs to be the externally-reachable IP address)
1. port the server is listening on (specifically the SSL port; we only support SSL connections)
1. the name of the remote IRC server (if it's a charybdis server, this is `name` in the `serverinfo` section of its `ircd.conf` file)
1. two passwords, one we will send to the remote server, and one we will receive from the remote server
The remote server should choose an [SID](http://www.stack.nl/~jilles/irc/charybdis-oper-guide/configlines.htm) (one digit and two characters which can be digits or letters); these need to be unique across the peer network. (See the bottom of this page for the current list in our peer network.) This SID then goes into the `serverinfo` block of the remote server's `ircd.conf` file.
The remote server must choose an [SID](http://www.stack.nl/~jilles/irc/charybdis-oper-guide/configlines.htm) (one digit and two characters which can be digits or letters); these need to be unique across the peer network. (See the bottom of this page for the current list in our peer network.) This SID then goes into the `serverinfo` block of the remote server's `ircd.conf` file.
The remote server must either be running a locally-caching DNS server (a la `dnsmasq`) or be using an authoritative DNS server that maps their tilde hostname (e.g., tilde.club) to whatever IP address their clients use to connect to their IRC server, since charybdis and its ancestors are DNS-bound for their resolution of who they are. (For most of the other tilde boxes, they're running a single server combining both shell and IRC services, and their users are connecting to IRC via localhost -- which means that when they peer with us, their local clients appear to be "whatever@127.0.0.1". We want to know the real host that clients are connected to.) So if the remote server is using `dnsmasq`, they need to map 127.0.0.1 to their tilde hostname (e.g., `127.0.0.1 other.tilde.host localhost` in their `/etc/hosts/` file).
IRC is highly DNS-dependent; the remote IRC server must be using a DNS server which can resolve hostnames for its clients' IP addresses. So that means that if the IRC server is running on the shell server box, and clients will be connecting to `localhost`, then the DNS server needs to be able to resolve `127.0.0.1` to its valid tilde hostname; if it can't, then clients will appear as *username@127.0.0.1* rather than *username@tildehost.tld*. We're running `dnsmasq`, which is super-lightweight and uses `/etc/hosts` for its configuration -- so we were able to just add a line such as `127.0.0.1 tildehost.tld localhost` in our `/etc/hosts` and everything worked as it shoudl.
Finally, the remote server should be running an identd daemon (a la `oidentd`) on whatever host their clients have shell accounts on -- again, it's usually the same host. And again, this is because IRC is the one service out there that really, really tries to use identd to determine the non-spoofed username of the user connecting to it.
Finally, the remote shell server should be running an identd daemon (a la `oidentd`). This is because IRC is the one service out there that really, really tries to use identd to determine the non-spoofed username of the user connecting to it.
Then, these are the configurations changes that we'll need to make at our end to enable the connections.
### Firewall or EC2 security group
The main tilde.club IRC server needs to allow traffic from the remote server; this means that we need to allow traffic from the specific IP address toport `6697` (SSL connections).
The main tilde.club IRC server needs to allow traffic from the remote server; this means that we need to allow traffic from the specific IP address to port `6697` (SSL connections).
### charybdis ircd.conf file