Login issues [NAT]

I have open fire working with no issues under winxp sp3 with all default ports.

it works ok using the internal ip scheme. I opened the file transfer[7777] and chat port on my firewall.

when a user tries to log in using same credentials they get a message stating “invalid username or password”

and the lines bellow are loged in in debug mode

008.06.12 15:27:53 ConnectionHandler:

java.io.IOException: An existing connection was forcibly closed by the remote host

at sun.nio.ch.SocketDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(Unknown Source)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

at sun.nio.ch.IOUtil.read(Unknown Source)

at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.j ava:218)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcesso r.java:198)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProce ssor.java:45)

at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProce ssor.java:485)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

any ideas?

Does your chat server have:

  • a real world Fully Qualified Domain Name that can be queried inside and outside your network

  • ports are opend in both directions to the outside

  • is it set to allow secure connection (need aditional ports if it is)

I have attached a pic of all the ports that the server may need to start.

I have ports 5222,7777 open and pointing to my openfire server.

I have all ports (outgoing) from that computer allowed.

I am using an ip address to connect to it.

I do not have a FQDN at this time. I assume using an IP address for the server should help me connect without one.

the problem is the user’s ID on the server is based on their (johnd@chatserver.domain.com). If you used an ip for the server name this may cause problems as the server has based its certificates and users on this ip address.

so… should I create a DNS entry on our domain hosting company like

myimserver.company.com > firewall ipaddress

FW the ports to my internal server.

where do I tell open fire to use this FQDN instead of its “realservername”

or the server needs to be exposed directly to the internet i am little confused. thank you for your time!

I take it your internal domain is not a subset of your external domain (internal = nat.domain.com, external = domain.com). If that is not the case then you should name it based on your external domain name. To do that follow thses steps:

  1. Stop the openfire server

  2. edit the openfire.xml file to change the setup tag to <setup>false</setup>

  3. start the openfire server

  4. go to the web admin address (localhost:9090)

  5. Step through the config again

  6. Enter the Full external domain name in the filed for Doamin on the second screen

  7. continue the setup with using the rest of your previous settings

  8. Login to the admin page and delete any old certificates referring to the old server name (http://localhost:9090/ssl-certificates.jsp)

  9. restart the server when/if prompted

I will follow your instructions. I will report back !

thanks again

I have updated the DNS records to point im.domain.com to my server and made sure ports are open and there is no firewall in place.

followed instructions.

I have tested accessing the admin concole using the new im.domain.com and it works on both http(9090) and https(9091)

spark wont authenticate

Did you open all the ports? Are there any errors in the logs of the server regarding the authentication failure? Are there any errors in spark? The server FQDN was renamed to match the outside DNS name?

while going through the logs I noticed the following several times…

2008.06.16 14:14:45 Closing session due to incorrect hostname in stream header. Host: machinename. Connection: org.jivesoftware.openfire.net.SocketConnection@35be06 socket: Socket[http://addr=/x.x.x.24,port=2855,localport=5269|http://addr=/x.x.x.24,port=2855,l ocalport=5269] session: null

2008.06.16 14:14:45 Closing session due to incorrect hostname in stream header. Host: machinename. Connection: org.jivesoftware.openfire.net.SocketConnection@19d0e0b socket: Socket[http://addr=/x.x.x.24,port=2857,localport=5269|http://addr=/x.x.x.24,port=2857,l ocalport=5269] session: null

ip and pcname: changed for security

I will rename the computer to name “im” in a moment.

about the FQDN… I am using windowsXP, so should I go to computername > change > more

and put a suffix? the computer is corrently in a work group.