Firewall ports other then 5222?

Gideon_Siner · June 29, 2012, 5:57pm

Hello everyone,

I have a fresh install of Openfire 3.7.1 running on Widnows 2003 SP2. Connected to our AD and the db running our SQL Server 2008 server running on another box. Install goes fine. Internally I can connect without any issues. Externally I have port 5222 open on our firewall and remote clients cannot connect. We’re useing a Fortigate 80C. If I open it to all ports, clients connect fine. If I allow a range of 5222-52500 it works fine. If I go below 52500 clients can’t connect. Trying both Pidgin 2.10.4 and Spark 2.6.3.

Really kind of baffled. Are there any other ports that need to be opened? I even tried 5222 and 52500 on their own with no dice. I’ve tried alooking around at the documentation and the settings in the web admin for openfire. Looking at the logs from Pidgin I don’t see it trying to hit any other ports just the 5222. Any thoughts? Thanks!

Gideon

LG1 · July 1, 2012, 7:25am

5222 should be enought for XMPP. As you have a firewall you may have the option to enable logging for this service to see which other ports seem to be needed. As far as I can tell Openfire does not open ports > 10000 so this may be an issue with your firewall.

David29 · July 1, 2012, 1:06pm

Are you refering to source port or destination port. You need to allow.

any -> tcp/5222

There should be no need to open up other inbound destination ports. Clients will use pseudo-random source ports usually between 1024 and 65535, so you pretty much just need to allow any source port.

Gideon_Siner · July 2, 2012, 10:09am

That did it. Didn’t realize the clients would use other source ports. Changed rule as you said and it works perfectly now. Thank you!