[jadmin] Jabber via a DMZ proxy - SOLVED

KWermann at misti.com KWermann at misti.com
Wed Oct 19 09:51:52 CDT 2005


Hi Jeff,

I am curious why you used the proxy instead of just setting up firewall 
rules to allow redirection of traffic over port 5223/SSL or 5222/Unsecure 
to the Jabber server within the DMZ? You then have the FQDN registered on 
both internal DNS and External DNS servers. You would then configure 
routing and firewall rules from your LAN and the Internet to the DMZ.

It seems that adding the proxy server would require extra steps. Is this 
just so you are not showing port 5223 available on the net through the 
firewall? Are you having internal users access the server via 5223/5222 
without the proxy server?

Now, everything I said may not be applicable if you are doing this because 
you do not have a DMZ or Firewall to begin with. If that is the case just 
let me know.

I only write this because I find firewall/DMZ/proxy items very 
interesting.

Instead of building a Linux firewall, does anyone know if SmoothWall's 
default install can do this easier?

Best Regards,

Ken Wermann

jadmin-bounces at jabber.org wrote on 10/18/2005 05:32:18 PM:

> For anyone interested in setting up a DMZ-based proxy server to 
> enable Jabber usage, I've posted instructions in my blog, located here: 
> http://openrent.blogspot.com/
> 
> In a nutshell, you build an Apache forward proxy that enables Jabber
> over HTTP. The benefit is the ability to securely use an internal 
> Jabber server from anywhere in the world (assuming your Jabber 
> client supports HTTP proxy, like Gaim does).
> 
> Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20051019/538f5ce6/attachment-0005.htm>


More information about the JAdmin mailing list