On Sun, Aug 3, 2008 at 11:56 PM, Bryan Berry <[EMAIL PROTECTED]> wrote: > We are trying to lock down the firewall on the XS to only allow the > services which are needed. > > For whatever reason we can no long access ejabberd from the XO's > > 1. the fully-qualified ejabberd name is correct on the XO's > 2. the network services are working correctly > 3. Pidgin (GAIM) on __my laptop__ can connect to the ejabberd server no > problem > > Can anyone tell us which particular ports and services the XO's need to > connect to the ejabberd server? > We are allowing 5222
The XS has 2 interfaces, WAN and LAN. My advise would be to block incoming connections on the WAN side completely and leave the LAN open, or mostly open. IF you want to lock down the LAN interface, you'll want at least 5222, 5223, 5280, dns, ssh, http, https, rsync, dhcp, 8080... and the list will grow as we add services. Try `netstat --inet --listen -pe` as root to see what is listening where. If you do lock down the LAN, and have trouble log the denied connections on the fw to see what's happening. > Do the XO's require IPv6? particular routing rules? pls advise. thanks No IPv6, no special routing. The XS is pre-configured to act as as NAT'ting router. HTH! cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar