Assistance with ejabberd using port 5223

**NethServer Version:7.9.2009
Module - ejabberd

Hello @support_team ,

I have a fully patched Nethserver which is up to date.

I’ve installed ejabberd on Nethserver and have been using it within our office through Pidgin. I can connect to our ejabberd over port 5222 without any issues.

What I want to do is extend using our ejabberd over WAN so I did a test from our internal Pidgin client and connected over port 5223 and Pidgin does not work over port 5223 internally.

What needs to be done on ejabberd on Nethserver to allow port 5223 to work? I have a valid cert on my Nethserver for SSL installed.

Any advice you can provide would be greatly appreciated.

Thank you.

Ejabberd allows STARTTLS on port 5222 and TLS (“old SSL”) on port 5223 so I think pidgin doesn’t connect to TLS.
Why don’t you want to use port 5222 on WAN side?

Hello @mrmarkuz ,

I thought port 5223 would send text unencrypted from my phone app to our Nethserver ejabberd?

Plus I thought on Wan it was safer to use 5223?

Let me know your thoughts. Thank you!

Port 5223 is for old clients that want to use the old ssl protocol, see also ejabberd manual

In NethServer on port 5222 STARTTLS is required, plain text shouldn’t be allowed.

I recommend to use port 5222.

Thanks very much for your input @mrmarkuz ! Seeing as port 5222 uses STARTTLS I think I should be safe then. Much appreciative of your advice!

Thank you.

Also @mrmarkuz ,

I have Fail2Ban on my Nethserver. Is there anything I can add or update to ensure that when I open my ejabberd to the world people can’t try and hack into my ejabberd server over port 5222?

Or has Fail2Ban have defaults that will protect me already.

Thank you.

Yes, it’s preconfigured.

Thanks very much for confirming!

Cheers!

A post was split to a new topic: Client cannot connect to ejabberd (SSL Certificate verification failed)