powered by Jive Software

Port forwarding question, only works when in dmz

I am trying to get Openfire running at home and I have had success with it on my lan at home. I want to make it open to the outside world but I have a port forwarding problem. I have an ActionTec MI424-WR from Verizon on my Fios circuit. I have 5222 and 5223 (TCP and UDP) forwarded to the system with Openfire on it but it will not connect. If I put the ip of the server in the dmz it does work but that is not ideal. I do not want to manage the server when I am not home so 9090 or 9091 are not needed. The router does not allow me to call out XMPP as a protocol. When I have the server in the dmz port 5222 does not show up when I use nmap, it does not show up when I scan on the local network either. That leads me to beleive it does not answer an nmap scan. Is this a protocol issue or am I missing another port I need to open? I have looked at the FAQ for ports and that did give me some info but not the answer.

Thanks,

Guy

Hi,

I have a similar senario.

Have openfire behind actiontec at home…

Trying to connect from work…

I know ports 5222 and 5223 are blocked from work…I did a portforward of port 82 to 9090 on my router and was able to login to admin

console from work. port 83 and 84 worked too. Then I tried the same with 5222 and could not get thru.

So I thought I could do the following port forward 82->5222 and 83->5223.

I then tell Spark to connect on 82 instead of 5222. But it does not conect…What else is needed?

Thanks

Erik

Erik, I found my solution about 2 weeks ago. On the Verizon Actiontech router I found out that when you specify the inbound port it does now work. The policy for true port forwarding instead of using the dmz was to forward ANY to 5222, not 5222 to 5222. It does not make sense to me why forwarding 5222 to 5222 does not work and is not intuitive to me. A comercial based product like the Juniper 5GT I use to use at work allows for 5222 to 5222. I found the manual for the Actiontech router online. I thought I book marked it but I can not find the bookmark. Google was my friend. You have to create the protocol before you can forward the ports. It is in the manual but the steps are a bit off but close enough.

One the port forwarding rule, use what ever name for the rule you want. Use TCP for the protocol and have ANY forward to 5222 and 5223 if you need it to. I did specify the ip address instead of the name of the server. I manually assigned the IP address on the server.

I do not know if you are aware that you can change the port Openfire uses for XMPP or not. If you are, you can ignore this next paragraph.

On your Openfire server, go to Server Manager, Server Information and scroll down to the edit button. Click on it and you can change the port that Openfire has setup for clients. Set it to 83 or 84 and try that from work. Spark will let you change the port number under the advanced tab.

Guy

Hi Guy,

yeahm it does not make sense why 5222->5222 does not work. I did any->82 going to inside ip on port 5222.

And the same for 5223

Because it looks like 5222 and 5223 is blocked at my work.

And I changed in Spark advance options to use 82. But it don’t want to connect.

I started looking into SparkWeb, first the webserver based, I installed tomcat but was not able to deploy sparkweb

properly. Then I did the SparkWeb.war pluging but then I did not have a license. Then I found the enterprise.jar.

It starts but never show up in admin console. I had a hard time finding the enterprise.jar

I’ll keep on troubleshooting.

Thanks for the response.

Later

Erik

What about UDP, does it have to be port

forwarded too?

Erik

Nope, I did not forward UDP.

Guy

On the web page access, I did not download a plugin. I downloaded the tarball for SparkWeb.

http://www.igniterealtime.org/downloads/download-landing.jsp?file=sparkweb/spark web_0_9_0.tar.gz

I untarred it to /var/www and made it the default page. I do not intend to host other pages from that server. I am under the impression that this is the way to go with web page access, not a plugin. I could be wrong on that but have not had issues. Make sure to install the services plugin.

You will want to modify SparkWeb.html. There are two lines that you are interested in and they are at the top, they are server and port.

I have not tried to modify the default port so that I can not help you with. Maybe restarting openfire will get it squared away but that is a guess.

Guy

Hi again,

I’m on windows. I forwarded any->85 to internal 7070 and from work I’m able to reach the http on my openfire server.

when I specify 72.64.120.48:85/sparkweb/sparkweb.html it can’t find the fille but it gets there.

Does openfire have it’s own webserver. If yes, where do i unzipp the sparkweb stuff.

I tried to deploy the sparkweb stuff on my tomcat webserver but I did not get it to work.

I’ll get there one day.

Thanks

Erik