At 09:49 PM 10/11/2001 -0700, bruce duncan wrote: >I've setup jabber 1.4.1 on an internal box on >our network and have opened 5223 on our firewall >and dnat'd it to the machine running jabber. >However, i can't seem to connect from outside >through the firewall to jabber's ssl port...the >jim client just gives its standard error message. >i tried opening 5222 as well as a test and it didn't >help (still trying to connect via ssl). >does this have something to do with the fact that >the ip of the machine running jabber and the ip >of the firewall are different? meaning, does >the ssl protocol require that the server machine's >ip match what the client THINKs the server's ip is?
This needs to be a static NAT (i.e. a one-to-one relationship external to internal). Your NAT rules need to translate the external address request to the internal address. You also need to associate the firewall's external interface MAC with the jabber server's NAT'd address. This is the only way the firewall will respond to an arp request. There also needs to be a /32 route from the external jabber server address to the internal jabber server address. -- =Wayne _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev