Login issues [NAT]

fventurello · June 12, 2008, 7:38pm

I have open fire working with no issues under winxp sp3 with all default ports.

it works ok using the internal ip scheme. I opened the file transfer[7777] and chat port on my firewall.

when a user tries to log in using same credentials they get a message stating “invalid username or password”

and the lines bellow are loged in in debug mode

008.06.12 15:27:53 ConnectionHandler:

java.io.IOException: An existing connection was forcibly closed by the remote host

at sun.nio.ch.SocketDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(Unknown Source)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

at sun.nio.ch.IOUtil.read(Unknown Source)

at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.j ava:218)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcesso r.java:198)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProce ssor.java:45)

at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProce ssor.java:485)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

any ideas?

NO_MESSAGES_OR_FRIEN · June 12, 2008, 7:47pm

Does your chat server have:

a real world Fully Qualified Domain Name that can be queried inside and outside your network
ports are opend in both directions to the outside
is it set to allow secure connection (need aditional ports if it is)

I have attached a pic of all the ports that the server may need to start.

fventurello · June 12, 2008, 7:52pm

I have ports 5222,7777 open and pointing to my openfire server.

I have all ports (outgoing) from that computer allowed.

I am using an ip address to connect to it.

I do not have a FQDN at this time. I assume using an IP address for the server should help me connect without one.

NO_MESSAGES_OR_FRIEN · June 12, 2008, 7:55pm

the problem is the user’s ID on the server is based on their (johnd@chatserver.domain.com). If you used an ip for the server name this may cause problems as the server has based its certificates and users on this ip address.

fventurello · June 12, 2008, 8:04pm

so… should I create a DNS entry on our domain hosting company like

myimserver.company.com > firewall ipaddress

FW the ports to my internal server.

where do I tell open fire to use this FQDN instead of its “realservername”

or the server needs to be exposed directly to the internet i am little confused. thank you for your time!

NO_MESSAGES_OR_FRIEN · June 12, 2008, 8:18pm

I take it your internal domain is not a subset of your external domain (internal = nat.domain.com, external = domain.com). If that is not the case then you should name it based on your external domain name. To do that follow thses steps:

Stop the openfire server
edit the openfire.xml file to change the setup tag to <setup>false</setup>
start the openfire server
go to the web admin address (localhost:9090)
Step through the config again
Enter the Full external domain name in the filed for Doamin on the second screen
continue the setup with using the rest of your previous settings
Login to the admin page and delete any old certificates referring to the old server name (http://localhost:9090/ssl-certificates.jsp)
restart the server when/if prompted

fventurello · June 12, 2008, 8:24pm

I will follow your instructions. I will report back !

thanks again

fventurello · June 16, 2008, 6:09pm

I have updated the DNS records to point im.domain.com to my server and made sure ports are open and there is no firewall in place.

followed instructions.

I have tested accessing the admin concole using the new im.domain.com and it works on both http(9090) and https(9091)

spark wont authenticate

NO_MESSAGES_OR_FRIEN · June 16, 2008, 6:19pm

Did you open all the ports? Are there any errors in the logs of the server regarding the authentication failure? Are there any errors in spark? The server FQDN was renamed to match the outside DNS name?

fventurello · June 16, 2008, 6:23pm

while going through the logs I noticed the following several times…

2008.06.16 14:14:45 Closing session due to incorrect hostname in stream header. Host: machinename. Connection: org.jivesoftware.openfire.net.SocketConnection@35be06 socket: Socket[http://addr=/x.x.x.24,port=2855,localport=5269|http://addr=/x.x.x.24,port=2855,l ocalport=5269] session: null

2008.06.16 14:14:45 Closing session due to incorrect hostname in stream header. Host: machinename. Connection: org.jivesoftware.openfire.net.SocketConnection@19d0e0b socket: Socket[http://addr=/x.x.x.24,port=2857,localport=5269|http://addr=/x.x.x.24,port=2857,l ocalport=5269] session: null

ip and pcname: changed for security

fventurello · June 16, 2008, 6:30pm

I will rename the computer to name “im” in a moment.

about the FQDN… I am using windowsXP, so should I go to computername > change > more

and put a suffix? the computer is corrently in a work group.