Definitive Setup Guide incl File Transfer Proxy (port 7777)


Having had numerous problems getting file transfer proxying to work, I thought I’d share some tips and tricks I’ve learned along the way.

1) Multi-homed / Multiple IP addresses
If your openfire server has multiple IP addresses for running different services, I’d strongly recommend you do this:

  • Stop openfire
  • cd /opt/openfire-x.y.z/conf/
  • vi openfire.xml
  • Uncomment the section, and put the openfire server’s IP in there
  • e.g.
  • start openfire back up, and check for the admin console.

I had some strange problems which turned out to be down to the server having multiple IPs. The firewall was NATing an external IP, port 7777 through to 10.66, but the replies appeared to be coming from a different IP, so the firewall was NATing them out to a DIFFERENT external IP!

2) NAT / Port Translation and routing
Let’s say your external IP is
Let’s say your internal IP is

Either add a static NAT, or add “port forwarding” rules to allow traffic hitting on ports 5222 (XMPP), 5223 (XMPPS), 5269 (optional: server2server), and importantly, 7777 (FileTransfer).

Now, click on Server > Server Manager > System Properties in the Openfire admin console, or assuming your IP is as above, click here:

Under the “Add new property” section at the bottom of the page, add one with Property Name: xmpp.proxy.externalip and Property Value:

If you have setup DNS entries correctly, you can put the hostname instead, but the IP removes one level of complication during testing!

3) DNS Entries
Let’s say your openfire server is running on I’m going to call the server “”, but openfire is configured with server name “

Firstly, add an A record pointing to the external IP In BIND9 format this would be: IN A

Now add XMPP SRV Records as follows:
I have put these in BIND9 format as it’s the easiest way to express them.

_xmpp-server._tcp 3600 IN SRV 10 0 5269
_xmpp-server._udp 3600 IN SRV 10 0 5269
_xmpp-client._tcp 3600 IN SRV 10 0 5222
_xmpp-client._udp 3600 IN SRV 10 0 5222
_jabber._tcp 3600 IN SRV 10 0 5269
_jabber._udp 3600 IN SRV 10 0 5269
_jabber-client._tcp 3600 IN SRV 10 0 5222
_jabber-client._udp 3600 IN SRV 10 0 5222

Some posts have recommended adding pointing to the server too. I personally didn’t do this, and have succeeded in getting everything working, including file transfer proxies, without it. If someone wants to post an update or advice here feel free.

4) Outbound firewall rules!?
By default most home / ADSL firewall routers allow all outbound traffic. Some corporate LANs are a bit more restrictive. If someone can’t connect to your openfire server, or file transfers are failing, ensure that they have “outbound access to the external IP ( on TCP ports 5222, 5223 and 7777”.

That pretty much covers all the gotchas we experienced settings things up. We were hosting an openfire server on one LAN, with users connecting in from 2 other external sources, all behind at least one firewall and router. It took a little time to get everything working perfectly, including the file transfer proxy, but if you follow the instructions above, hopefully it will ease the setup process for you.

Hope this helps.