Ports and network policies: pros and cons

What if I have many ports constraints in my company?

Globally, ports 80 for HTTP and 443 for HTTPS are open everywhere. Others, especially exotic ones, are just closed/rejected.

If I “officially” run an XMPP service, I assume that 5222 for C2S and 5269 for S2S will also be open.

But what with my other services, like file transfer proxy and HTTP-Binding/BOSH, since they have their own ports?

What is the best solution?

  • Make the network admins open all my needed ports? Politically difficult, but no conf from me.

  • Create a virtual IP and DNS name for each service, which will listen to port 80? Is my Openfire able to do that?

  • Another solution? What are the pros and cons?

What are your practices and advices ?



It seems in the console, one can only change the default ports, but not the interface or IP address…

I don’t find anything usefull in the openfire.xml file, since seems to have weird effects: the console can’t be reached.

One trick is to use virtual IP addresses and port redirections with iptables. I think I will use this one. Bad idea ?