Help with Spark outside firewall

I have read the documents stating that you need to poke a hole through your FW pointing to 5222. Which I have done, yet I am still unable to login from the internet. Internally everything works fine, but when trying to from the internet I get a “invalid username/password” when using the same U/P I do internally.

I am using Spark and authentication via AD. I have a packet capture as well if that helps.

Any idea what the problem is?

Does your openfire server have a public IP address? If not, have you setup the NAT on your firewall to redirect all traffic on 5222 to the private IP of the server? Basic networking, I know, but just trying to get an idea of how you have everything setup. Our server was setup on a private network, and in order to allow all of our outside sales reps to connect, we simply used one of our public IP’s and setup a NAT from that public IP to the openfire server’s internal IP and only allowed traffic on ports 5222 and 5269 (we have a sister company which is also running an openfire server, so we use s2s) to come through from that IP.

I went back and created a custom port for 5222. its working externally now, internally is giving me fits. I changed the IP address of the box as well so not sure what I did to cause a problem. But when I opem Spark internally it is holding onto the old IP.

Now I get an invalid name or server not reachable.

In Spark, before signing on, go to Advanced and “Start Debugger on startup”. It will show the stuff going over the wire. Take a look at the SASL mechanisms being advertised by the server, and used by the client. (Dont copy/paste to here unless its a disposable password). My guess is the name of the server on the outside does not match the name of the server on the inside, and you are using an authentication mechanism that is sensitive to that.

Its working now. But I dont see my groups externally, only internally.