Use Spark from outside of network

khays · May 10, 2006, 6:17pm

Hi, new to spark and wildfire. What I would like to know is I can use spark to connect to the wildfire server that is located behind the firewall on our network from home.

Wildfire server has a private IP of say 10.1.1.20

Firwall has a public IP attatched to 1 nic and a private IP for the lan.

Right now I have a firewall rule that port forwards any source IP with the dest port of 5222, 5223 to a dest IP and port of 10.1.1.20 port 5222 and 5223.

Example -> Anything that comes to the public IP from the outside world with that port number should get redirected to the internal wildfire server and port number.

I have tried many combinations using spark. Here are some examples.

I am using LDAP btw.

username: john.doe, john.doe@mydomain.com, mydomain\john.doe

password: just my AD password

server: public IP, servername.mydomain.com

Nothing works.

I can login while i’‘m on the network here in the office no problem. I just use “john.doe” and servername and i’'m in.

I have only 1 person that should ever need to communicate using a messenger that is outside of our network. I know I can have them connect using a vpn, but I would like to see if connecting with spark only is possible first.

Thanks,

ksh

LG1 · May 10, 2006, 7:20pm

Hi,

it is possible and seems to be more a network than a Spark or Wifi issue.

What is your Wifi server name? domain.com or jabber.domain.com

The Wifi server name should resolve to 10.1.1.20 in your LAN and in the internet to your public firewall IP.

The client should use these settings:

username: john.doe

password: just my AD password

server: “Wifi server name”

If this is not the case, maybe you can’'t change domain.com as you are using it for a webserver you should consider using SRV records.

LG

khays · May 10, 2006, 7:41pm

Thanks.

That is what I was thinking it would be.

Wifi servername is called dev01 which is dev01.mydomain.com

The IP 10.1.1.20 resolves to dev01 as well.

Currently we have jabber1 or 2 I believe setup on a linux box with pandion used as the client. That box is located in the DMZ and is also the www server. I am testing a windows version out on a dev system and so far it’‘s much better than what we have in production. Only thing is I can’'t get it to authenticate or find the 10.1.1.20(dev01) server from outside the network. The dev01 station which has wifi running right now is of course in the lan behind the firewall.

On the issue of srv records. Would srv records allow the connection and resolving to be made? Which service would I use. I only see http, finger, whois, telnet, ftp, ldap, kerberos. The protocol would be 5222 or 5223 and port number as well I assume?

The host offering this service would be dev01.mydomain.com ?

Thanks,

ksh

LG1 · May 10, 2006, 8:02pm

Hi,

so your internal clients should also use dev01.mydomain.com and you should change the Wifi domain to dev01.mydomain.com. But it could be a bad idea, I assume that you want to use the same address for email and xmpp. So user@mydomain.com is what I recommend to setup. So your internal and external clients should use mydomain.com as server name while the internal DNS should return the 10.x address and the external DNS the public IP.

As it is also the www server you don’'t need SRV records yet, you may find some threads about in the forum. If you want to setup s2s you may need SRV records.

Port 5222 should be fine, there is no need to open both ports. You could even disable 5223 (old SSL) if all clients support TLS.

LG

khays · May 10, 2006, 8:19pm

Thanks, all is working now

ksh