[jadmin] iptables and Jabber

[Markus Meyer]

Hi folks,

please don't kill me at first sight of the Subject ;)
I can't get the setup for my firewall right so that it allows
connections to and from jabber servers. Here some information.

From jabberd's error.log:
(amessage.de): bouncing a packet to butterbluemchen at amessage.de from markus at bemeyert.de/tkabber: Server Connect Timeout

The connections related to Jabber when a user is logged in:
bemeyert:~# lsof -i
COMMAND   PID   USER   FD   TYPE    DEVICE SIZE NODE NAME
jabberd 13365 jabber    7u  IPv4 816312593       TCP *:xmpp-client (LISTEN)
jabberd 13365 jabber   10u  IPv4 816312652       TCP *:xmpp-server (LISTEN)
jabberd 13365 jabber   13u  IPv4 821439888       TCP bemeyert.de:xmpp-client->xdsl-127-0-0-1.de:47738 (ESTABLISHED)
jabberd 13365 jabber   14u  IPv4 821443242       TCP bemeyert.de:47119->aare.amessage.eu:5268 (SYN_SENT)
jabberd 13367 jabber    7u  IPv4 816312593       TCP *:xmpp-client (LISTEN)

My firewall is setup like below and all are stateful rules and bound to
the network card:
OUTPUT:
from		to
1024:65535	5269

INPUT:
from		to
5269		1024:65535

The server works fine without the bloody firewall but as soon as I
switch it on the connection to other servers fails. Now what I'm
wondering about is that the remote server is not using port 5269. But I
guess that the remote server tells my server to use a different port.
But this should be catched by the stateful filtering.
So any help would be much appreciated.

Cheers,
-- 
Markus Meyer 
encrypted email preferred -> GPG: B87120ED - JAB: butterbluemchen at amessage.de
--- Statt einen Scheffel Salz(es) mit einem Freund zu essen, braucht man
nur 6 Meilen mit ihm zu reisen.
		-- Jean Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20070312/b3542c64/attachment.pgp