powered by Jive Software

Chat through Nat/Local Lan

I have a question. I have Jive Messenger running fine on the local LAN. I have setup Nat and opened the correct firewall settings to allow communication to the Jive server. The remote user across the internet can connect and authenticate. However, The local LAN users can not send him/her messages. The remote user however can send messages to the LAN users. The remote user can also join chat rooms. Right now the only way I can get this to work is through VPN is there another solution? Is there a setting to allow the server to send the connection back out the Nated address?

note ive also used diffrent client installs still no luck.

Hey nexhorizon,

It should be working fine. Could you tell us a little more about your server and users configuration? Any error in the log files?


– Gato



it might apply to your situation.

There are no errors in the log files. config as follows

Client(private IP)


Public IP address


Firewall (public IP address with static nat with port 5222 open)

Private address


User configuration is basic client can connect and log in client can connect and communicate with group chats and can send IM’‘s but can not receive IM’'s. Both sides are behind stateful firewalls. Ive used Gaim and exodus as clients.

If client VPN’‘s into Local network everything is fine. It seems like the server does not know how to send the IM back to the client or the client’'s firewall does not see the returning IM as comming from port 5222 and blocks the communication.


I know how to use Nat and how to set it up I do it everyday in firewalls and routers. I don’t need a tutorial on NAT. I don’t think it is a NAT issue. However NAT breaks a lot of rules of TCP/IP that is why I asked if there were issues with NAT. This server has no other issues with Nat related services.

Fixed the issue client side had websence content filtering which disables IM for all known ports.

I see…well it took me a while to figure out why exactly my extern internet ip address was reachable for the rest of the world but not for my internal clients (without a dmz) so the posted link (including the anchor #) was revealing to me.