Ok so we have a working Openfire 3.4.1 instance behind a firewall but now we want to turn the server over to the public so we can connect from outside the coporate network. The name of the openfire domain is machinename.domain.local and our public facing domain is lets say US_State.companyname.com so how should we setup the ACL to forward the traffic around on port 5223? Many Thanks!
you need to open port 5222 (or 5223 for old SSL) if you want everybody to be able to connect to your Openfire server.
Openfire will always use the domain name which you did use for setup, so I wonder whether external clients will work without problems as they use a public name like “example.com” and your server returns “machinename.domain.local”. At least all JID’s will contain “machinename.domain.local”, so it may be a little bit confusing for the external users. So you may really want to rename your xmpp.domain (you need to change it in the database manually, changing just the Openfire Property xmpp.domain is a very bad idea).
You could use a connection manager and bind it to your public IP address, this would allow you to shutdown it when not needed or when you suspect the external users to cause trouble for you Openfire server.