[jadmin] iptables and Jabber

Zbyszek Żółkiewski zbyszek at toliman.pl
Tue Mar 13 02:32:34 CDT 2007 

btw topic: do you use module state? i think it can resolve some of your
problems ;)

On 3/12/07, Markus Meyer <markus.meyer at koeln.de> wrote:
>
> Hi folks,
>
> please don't kill me at first sight of the Subject ;)
> I can't get the setup for my firewall right so that it allows
> connections to and from jabber servers. Here some information.
>
> From jabberd's error.log:
> (amessage.de): bouncing a packet to butterbluemchen at amessage.de from
> markus at bemeyert.de/tkabber: Server Connect Timeout
>
> The connections related to Jabber when a user is logged in:
> bemeyert:~# lsof -i
> COMMAND   PID   USER   FD   TYPE    DEVICE SIZE NODE NAME
> jabberd 13365 jabber    7u  IPv4 816312593       TCP *:xmpp-client
> (LISTEN)
> jabberd 13365 jabber   10u  IPv4 816312652       TCP *:xmpp-server
> (LISTEN)
> jabberd 13365 jabber   13u  IPv4 821439888       TCP
> bemeyert.de:xmpp-client->xdsl-127-0-0-1.de:47738 (ESTABLISHED)
> jabberd 13365 jabber   14u  IPv4 821443242       TCP bemeyert.de:47119->
> aare.amessage.eu:5268 (SYN_SENT)
> jabberd 13367 jabber    7u  IPv4 816312593       TCP *:xmpp-client
> (LISTEN)
>
> My firewall is setup like below and all are stateful rules and bound to
> the network card:
> OUTPUT:
> from            to
> 1024:65535      5269
>
> INPUT:
> from            to
> 5269            1024:65535
>
> The server works fine without the bloody firewall but as soon as I
> switch it on the connection to other servers fails. Now what I'm
> wondering about is that the remote server is not using port 5269. But I
> guess that the remote server tells my server to use a different port.
> But this should be catched by the stateful filtering.
> So any help would be much appreciated.
>
> Cheers,
> --
> Markus Meyer
> encrypted email preferred -> GPG: B87120ED - JAB:
> butterbluemchen at amessage.de
> --- Statt einen Scheffel Salz(es) mit einem Freund zu essen, braucht man
> nur 6 Meilen mit ihm zu reisen.
>                 -- Jean Paul
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFF9M1BFH1rMbhxIO0RArooAJ9MuJzzl3Ndq+DMzjNhVtDJ34AngACfV1/y
> +79AyOM4+LnGrXnr2un2tY4=
> =tu/o
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________
>
>


-- 
pozdrawiam,
Zbyszek Żółkiewski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20070313/7160e650/attachment.html

More information about the JAdmin mailing list