Ports and network policies: pros and cons

Nicolas_Verite · October 7, 2008, 11:59am

What if I have many ports constraints in my company?

Globally, ports 80 for HTTP and 443 for HTTPS are open everywhere. Others, especially exotic ones, are just closed/rejected.

If I “officially” run an XMPP service, I assume that 5222 for C2S and 5269 for S2S will also be open.

But what with my other services, like file transfer proxy and HTTP-Binding/BOSH, since they have their own ports?

What is the best solution?

Make the network admins open all my needed ports? Politically difficult, but no conf from me.
Create a virtual IP and DNS name for each service, which will listen to port 80? Is my Openfire able to do that?
Another solution? What are the pros and cons?

What are your practices and advices ?

Thanks,

Nÿco

Nicolas_Verite · October 8, 2008, 7:48am

It seems in the console, one can only change the default ports, but not the interface or IP address…

I don’t find anything usefull in the openfire.xml file, since seems to have weird effects: the console can’t be reached.

One trick is to use virtual IP addresses and port redirections with iptables. I think I will use this one. Bad idea ?