[Server-devel] What are the minimum requirements to use ejabberd with the XO's

Martin Langhoff martin.langhoff at gmail.com
Sun Aug 3 17:09:26 EDT 2008


On Sun, Aug 3, 2008 at 11:56 PM, Bryan Berry <bryan at olenepal.org> wrote:
> We are trying to lock down the firewall on the XS to only allow the
> services which are needed.
>
> For whatever reason we can no long access ejabberd from the XO's
>
> 1. the fully-qualified ejabberd name is correct on the XO's
> 2. the network services are working correctly
> 3. Pidgin (GAIM) on __my laptop__ can connect to the ejabberd server no
> problem
>
> Can anyone tell us which particular ports and services the XO's need to
> connect to the ejabberd server?
> We are allowing 5222

The XS has 2 interfaces, WAN and LAN. My advise would be to block
incoming connections on the WAN side completely and leave the LAN
open, or mostly open. IF you want to lock down the LAN interface,
you'll want at least 5222, 5223, 5280, dns, ssh, http, https, rsync,
dhcp, 8080... and the list will grow as we add services. Try `netstat
--inet --listen -pe` as root to see what is listening where. If you do
lock down the LAN, and have trouble log the denied connections on the
fw to see what's happening.

> Do the XO's require IPv6? particular routing rules? pls advise. thanks

No IPv6, no special routing. The XS is pre-configured to act as as
NAT'ting router.

HTH! cheers,



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Server-devel mailing list