Openfire setup on windows, port forwarding

Openfire Openfire Support
1

I followed the installation guide for installing Openfire on windows, but it seems too simple. Aren’t there any setup/config things I need to do to make my installation more secure? It seems ok for LAN, but I feel like there must be *something *more I need to do to have it on the internet.

Also the guide doesn’t address the issue of which ports to foward on your router. Apparently I could forward ports for chat and Not forward the ports for remote administration (since I don’t need or want remote administration)?

I couldn’t find a complete guide for windows about these issues; a complete guide on how to install, do initial setup, and get it working online with port forwarding. If there is one, sorry for this post and please link me

Thanks

PS: I’ll be using openfire on my pc just for chatting to a couple people via pidgin.

Update: Here’s some of the things I’ve figured out need to be done so far:

  1. in admin panel > server > Server Information, click on Edit Properties and change the ports to something else to protect against really basic attacks that look for openfire only on the default ports. Disable the SSL port. If you want to change the file transfer port, do it in Server Settings > File Transfer Settings.

  2. On your router, port forward the only the port you need for basic chat, which is “Client Port”. If you also want file transfers enabled, then you need to forward that port too.

  3. under server settings > server to server, Disable it (I forget if I disabled it or if it was already disabled). Also change “Allowed to Connect” to White List (perhaps this is unecesary after you have disabled it, but what they hey)

  4. under Registration & Login, disable Inband Account Registration (since you will be manually adding only your friends and don’t want to let strangers access the server). Disable the change password thing too (I guess?). Also, Disable Anonymous Login.

Also, Restrict Login to only your friend’s IP addresses.

  1. under Search Service Properties, disable client search service

  2. in HTTP Binding, disable it (if you are not intending to support web chat)

  3. under Security Settings for Client Connection Security, choose Custom, Old SSL method Not Available, TLS method Required. I assume we can leave Server Connection Security as Optional since servers shouldn’t even be able to connect.

  4. um, double check Server to Server settings and disable it (looks like mine re-enabled itself by itself? possibly because of some other setting I changed like the white-list)

I could not figure out how to change the Flash Cross Domain port though.

2

Anyone?

Anyhow, I’m trying to properly secure my server here, and in the Admin Panel under Server, Server Settings, HTTP Binding, it says Enabled - Clients can connect to this server using HTTP binding.

What does that mean? If I disable it, what can my users no longer do? Is this feature only for enabling some kind of web based chat client?

thanks

3

For normal xmpp you need only port 5222. HTTP binding is used for web based access, so you will likely not need it.