I followed the installation guide for installing Openfire on windows, but it seems too simple. Aren’t there any setup/config things I need to do to make my installation more secure? It seems ok for LAN, but I feel like there must be *something *more I need to do to have it on the internet.
Also the guide doesn’t address the issue of which ports to foward on your router. Apparently I could forward ports for chat and Not forward the ports for remote administration (since I don’t need or want remote administration)?
I couldn’t find a complete guide for windows about these issues; a complete guide on how to install, do initial setup, and get it working online with port forwarding. If there is one, sorry for this post and please link me
PS: I’ll be using openfire on my pc just for chatting to a couple people via pidgin.
Update: Here’s some of the things I’ve figured out need to be done so far:
in admin panel > server > Server Information, click on Edit Properties and change the ports to something else to protect against really basic attacks that look for openfire only on the default ports. Disable the SSL port. If you want to change the file transfer port, do it in Server Settings > File Transfer Settings.
On your router, port forward the only the port you need for basic chat, which is “Client Port”. If you also want file transfers enabled, then you need to forward that port too.
under server settings > server to server, Disable it (I forget if I disabled it or if it was already disabled). Also change “Allowed to Connect” to White List (perhaps this is unecesary after you have disabled it, but what they hey)
under Registration & Login, disable Inband Account Registration (since you will be manually adding only your friends and don’t want to let strangers access the server). Disable the change password thing too (I guess?). Also, Disable Anonymous Login.
Also, Restrict Login to only your friend’s IP addresses.
under Search Service Properties, disable client search service
in HTTP Binding, disable it (if you are not intending to support web chat)
under Security Settings for Client Connection Security, choose Custom, Old SSL method Not Available, TLS method Required. I assume we can leave Server Connection Security as Optional since servers shouldn’t even be able to connect.
um, double check Server to Server settings and disable it (looks like mine re-enabled itself by itself? possibly because of some other setting I changed like the white-list)
I could not figure out how to change the Flash Cross Domain port though.