3.10 behind firewall on public IP

I’ve got openfire 3.10 setup and working internally.

I am now testing internally. I have created a port forward on our firewall using an IP that also has port forwards for SSH, HTTP, and HTTPS. Traffic is getting there but the there is a error that says:

*Closing session due to incorrect hostname in stream header. Host: internalhost.internaldomain.local. *The FQDN is used by multiple servers, so I cannot make that the host name of the openfire server.

I have changed my xmpp.fqdn and xmpp.domain both to publicname.internaldomain.com, however It still wants the internal hostname in the connection, which of course won’t route for outside employees.

is there a work around for this?

1 Like

Hi there,

I’m not sure if I can help but:

Have you verified you set the correct xmpp domain?

(Login to your webinterface, go to server-settings and search for “xmpp.domain”… the value should represent your external domain (the one where you point your srv records to in dns)

Also, i haven’t got a setting “xmpp.fqdn”… where did you get that I guess you don’t need it.

Kind regards

I do… i’ve actually changed this around a few times trying to trouble shoot. It is set to the fqdn of the external address.

xmpp.fqdn was in the properties list… i didn’t add it.

This android with xabber on the hand will not connect (using cellular) and I see DNS lookup errors. it seems to be doing some sort of DNS look up on the base domain before authenticating???

yup, u really need the srv records for xmpp to function.

Have a read here:

DNS configuration in Jabber/XMPP - Prosody.im

However, I can assure you that openfire is working with nat and xabber.

(though I would recommend testing conversations on android…)

1 Like

I gave you a “correct” answer as re-checking my dns records I had a typo… so now the linux client (built into gnome) connects perfect. Man is it picky! Oddly all the windows clients I had tested connected just fine.

My original problem is a little embarrassing. it was a basic network/firewall problem. I had set to allow port 5222 when it was the SOURCE and destination. Well most computers just pick a random source port to initiate a connection. Once i cleared it and made the requirement port 5222 for only the destination… it connected. Ooops! LOL.

so if you’re having issues with openfire and linux jabber, ensure the internal dns and external dns have the proper entries for xmpp.