Ubuntu 14.04 VPS running Openfire possibly not allowing incoming connections?

Hello all,

I am at my wits end. We have a server here in our office running CentOS 6.5 running our PBX/XMPP servers. They work fine. We are in the process of migrating to the cloud and currently running Ubuntu 14.04.

Our PBX is up and running great, and our Openfire server is running as well. For whatever reason when we connect to the Openfire server, the client hangs and then connects. All users are displayed in the group as well so we know it is making a connection since it is yielding the user group info. Then the client (Spark) freezes up and disconnects. It then attempts to reconnect and once it does, it displays the group again (repeats each user twice) but it is unable to function at all. We rolled back the server image and did a fresh install to rule out the possibility of a bad install. The behavior is the same on a new fresh install.

Checking the back-end of the Openfire server also shows that no one is online, despite being connected on Spark (but without functionality). None of the functions of Spark work. To rule out Spark we also tried other clients, Pidgin, Trillian, Bria 4. Same issue but the result was they do not connect due to ‘internal server error’. We thought it may have been due to a self-signed certificate so we allowed for no SSL required, and only registered users could connect. Same issue, could not make a connection.

I’m not an expert but searching around on the internet reading different forums, I felt I may need to edit the IPtables. The client behavior is the same. Even after when I edited the IPTables under etc/iptables/rules.v4. When I run the command iptables -L it does show the following:

Chain INPUT (policy DROP)

target prot opt source destination

ACCEPT tcp – anywhere anywhere tcp dpt:xmpp-client

ACCEPT tcp – anywhere anywhere tcp dpt:5223

ACCEPT tcp – anywhere anywhere tcp dpt:7070

ACCEPT tcp – anywhere anywhere tcp dpt:7443

ACCEPT tcp – anywhere anywhere tcp dpt:xmpp-server

ACCEPT tcp – anywhere anywhere tcp dpt:5275

ACCEPT tcp – anywhere anywhere tcp dpt:5276

ACCEPT tcp – anywhere anywhere tcp dpt:5262

ACCEPT tcp – anywhere anywhere tcp dpt:5263

ACCEPT tcp – anywhere anywhere tcp dpt:9090

ACCEPT tcp – anywhere anywhere tcp dpt:9091

ACCEPT tcp – anywhere anywhere tcp dpt:7777

ACCEPT tcp – anywhere anywhere tcp dpt:5229

ACCEPT tcp – anywhere anywhere tcp dpt:3478

ACCEPT tcp – anywhere anywhere tcp dpt:3479

[… of course there is more but I think this is the relevant part]

My assumption is that what I did is allow any IP address to connect to the XMPP server under the appropriate ports and I should experience 100% functionality. However the (policy DROP) is throwing me off making me believe it is actually dropping that sort of connection. Just to clarify, the issue has remained before and after I edited the IPtables. I made sure to do a complete reset of the server and also ran the command iptables-restart. Our IP address is whitelisted, I am able to connect to the VPS from Putty.

If anyone has some thoughts, I’d really appreciate any time you can afford me. Thank you.

Unless that dpt:xmpp-client means 5222, you are missing this port in the rules. Drop policy will drop anything that do not match the rule. You can try stopping iptables and check if that helps (to rule out or confirm the firewall issue). I think output policy can be important too (it should allow Openfire to talk freely to the Internet on any port).

I disabled IPtables entirely and it still would not work. I then thought maybe just a bad install so I removed openfire and reinstalled a fresh copy. Same issue.

Maybe it’s a Java issue? I checked and I’m running the default-jre.

I’m going to install an older version and see how it goes.

Oh, that might be a java issue. You need to use java 8 with 4.0.2. 4.0.1 will work with java 7.

Just saw this. I just installed 4.0.1 and it’s working fine. Based on your response, I’m thinking the same. Must have been a java issue. I read some comments on the release blog and similar issues were found but they were not clear on instructions to get it working right. In the future I’ll update it when appropriate and more feedback. I’m happy to just have a working build at this point.

4.0.3 will work fine with java 7 again, so you can just skip 4.0.2. Or upgrade to java 8 anyway.