Hi, I’ve installed an Openfire server on CentOS and every workstation in the LAN is able to connect to the server. But not the ones accessing trough VPN. VPN is gateway to gateway. When trying to connect with spark it show the error “Can’t connect to the server: invalid name or server not availible”. If I stop iptables service it works just fine, but don’t want to leave it stopped. I’ve only opened input port 5222 in CentOS. I guess maybe it’s necessary to open some other ports? Thanks in advance.
Have no solution, but this reminded me of my problem. A few years ago we had a simple LAN 192.168.12.x with 255.255.255.0 mask. I was running Openfire on linux box with iptables and everything was fine (5222 opened for all and 9091 only for a few IPs for administration). But then we exteneded our subnet by making mask 255.255.254.0 (so now it is 192.168.12.1-192.168.13.254) and it stopped working with iptables turned on. I tried to search for a solution and tried few things, but nothing worked, so i just left it with iptables turned off… It is an internal LAN, so not much risk and we are using a strong password for connection to Admin Console. Of course, it makes it open for some vulnerability exploits in the future… I don’t think it is related to ports though. This is something about how iptables handles different subnets i think.
Hi, thanks for the answer. In my case it never worked with VPN clients. But I found a solution that could not be the best. I have had opened port 5222 within the LAN (I mean, set -s and -d parameters to 192.168.1.0/24). I guessed it was necessary to open port to accept incoming connections from an external IP, the one used to connect to VPN, so I added a rule for port 5222 without specifying -s or -d params, and now it’s working like a charm. Hope this is useful for someone else.