Openfire Installation problem in CentOS 5.5

Openfire Openfire Support
1

Hello guys,

I am running CentOS 5.5 on a dedicated server.

I have looked at following tutorials: http://www.tonybhimani.com/2007/12/31/openfire-jabberxmpp-server-on-centos-mini- howto/

I have followed the following steps.

  1. Install Java jre.
  2. java version "1.6.0_23"
    Java™ SE Runtime Environment (build 1.6.0_23-b05)
    Java HotSpot™ Client VM (build 19.0-b09, mixed mode, sharing)
  3. Downloaded openfire-3.6.4-1.i386.rpm
  4. Installed it using** rpm -ivh openfire-3.6.4-1.i386.rpm**
  5. Installation successful
  6. Started openfire using: /etc/init.d/openfire start
  7. [root@server bin]# /etc/init.d/openfire start
    Starting openfire:
  8. [root@server bin]# /etc/init.d/openfire status
    openfire is running
  9. Opened all the required the ports using iptables
  10. RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 5222 --state NEW -j ACCEPT
    RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 7777 --state NEW -j ACCEPT
    RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 9090 --state NEW -j ACCEPT
    RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 9091 --state NEW -j ACCEPT
  11. ran command:** iptables-restore < /etc/sysconfig/iptables**
  12. I even did: service iptables restart
  13. Restarted openfire, and I can verify that it’s running.
  14. daemon 6197 1.6 1.6 213852 34056 ? Sl 11:12 0:05 /opt/openfire/jre/bin/java -server -DopenfireHome=/opt/openfire -Dopenfire.lib.dir=/opt/openfire/lib -classpath /opt/openfire/lib/startup.jar
  15. Check http://:9090… fails, does not load.
  16. Check open ports using nmap
  17. 9090/tcp open zeus-admin
  18. Check http://:9090 again… fails
  19. Open /opt/openfire/conf/openfire.xml
  20. server ip
  21. Restart openfire…
  22. Check http://:9090… fails

Have I missed a step? What’s wrong here? I’ve been looking at this for hours…

Please help, thank you in advance.

2

zeus-admin on port 9090? Can this be some other program already using this port?

3

I thought zeus-admin was openfire admin? I am not sure… how do I check/get rid of it

4

One interesting thing to note, is that it seems I can access http://localhost:9090/index.jsp through ssh… I can tell the server is running, but I can’t access it outside. I guess it’s a firewall issue.

5

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT icmp – anywhere anywhere icmp any
ACCEPT esp – anywhere anywhere
ACCEPT ah – anywhere anywhere
ACCEPT udp – anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp – anywhere anywhere udp dpt:ipp
ACCEPT tcp – anywhere anywhere tcp dpt:ipp
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:smtps
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:20081
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:20082
ACCEPT udp – anywhere anywhere state NEW udp dpt:domain
REJECT all – anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:xmpp-client
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:cbt
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:websm
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:xmltec-xmlmail

6

After commenting out REJECT all – anywhere anywhere reject-with icmp-host-prohibited, I can now successfully connect.

7

Hello,

by doing that, you probably have no firewall. The issue is the ordering I think. Move that reject to the bottom of your ipchains.