[JDEV] firewall config for ssl

Wayne Fiori wayne at fiori.cncdsl.com
Fri Oct 12 00:22:14 CDT 2001

At 09:49 PM 10/11/2001 -0700, bruce duncan wrote:
>I've setup jabber 1.4.1 on an internal box on
>our network and have opened 5223 on our firewall
>and dnat'd it to the machine running jabber.
>However, i can't seem to connect from outside
>through the firewall to jabber's ssl port...the
>jim client just gives its standard error message.
>i tried opening 5222 as well as a test and it didn't
>help (still trying to connect via ssl).
>does this have something to do with the fact that
>the ip of the machine running jabber and the ip
>of the firewall are different?  meaning, does
>the ssl protocol require that the server machine's
>ip match what the client THINKs the server's ip is?

This needs to be a static NAT (i.e. a one-to-one relationship external to 
internal).  Your NAT rules need to translate the external address request 
to the internal address.  You also need to associate the firewall's 
external interface MAC with the jabber server's NAT'd address.  This is the 
only way the firewall will respond to an arp request.  There also needs to 
be a /32 route from the external jabber server address to the internal 
jabber server address.

More information about the JDev mailing list