[JDEV] firewall config for ssl
Wayne Fiori
wayne at fiori.cncdsl.com
Fri Oct 12 00:22:14 CDT 2001
At 09:49 PM 10/11/2001 -0700, bruce duncan wrote:
>I've setup jabber 1.4.1 on an internal box on
>our network and have opened 5223 on our firewall
>and dnat'd it to the machine running jabber.
>However, i can't seem to connect from outside
>through the firewall to jabber's ssl port...the
>jim client just gives its standard error message.
>i tried opening 5222 as well as a test and it didn't
>help (still trying to connect via ssl).
>does this have something to do with the fact that
>the ip of the machine running jabber and the ip
>of the firewall are different? meaning, does
>the ssl protocol require that the server machine's
>ip match what the client THINKs the server's ip is?
This needs to be a static NAT (i.e. a one-to-one relationship external to
internal). Your NAT rules need to translate the external address request
to the internal address. You also need to associate the firewall's
external interface MAC with the jabber server's NAT'd address. This is the
only way the firewall will respond to an arp request. There also needs to
be a /32 route from the external jabber server address to the internal
jabber server address.
--
=Wayne
More information about the JDev
mailing list