[jadmin] Re: iptables and Jabber
Magnus Henoch
mange at freemail.hu
Mon Mar 12 01:16:49 CDT 2007
Markus Meyer <markus.meyer at koeln.de> writes:
[...]
> jabberd 13365 jabber 14u IPv4 821443242 TCP bemeyert.de:47119->aare.amessage.eu:5268 (SYN_SENT)
[...]
> OUTPUT:
> from to
> 1024:65535 5269
>
> INPUT:
> from to
> 5269 1024:65535
>
> The server works fine without the bloody firewall but as soon as I
> switch it on the connection to other servers fails. Now what I'm
> wondering about is that the remote server is not using port 5269. But I
> guess that the remote server tells my server to use a different port.
> But this should be catched by the stateful filtering.
> So any help would be much appreciated.
I don't know much about iptables, but I don't see how stateful
filtering would help you in this case. Your server looks up the
hostname and port through DNS, attempts to connect to port 5268, and
gets blocked. Basically, there is no way to tell in advance what
ports you will need for s2s.
The amessage server listens for s2s on several different ports, but
doesn't advertise port 5269 in the SRV records. Run "dig srv
_xmpp-server._tcp.amessage.info" to see.
--
Magnus
JID: legoscia at jabber.cd.chalmers.se
More information about the JAdmin
mailing list