[ejabberd] ejabberd opening unperdictable high number ports

Konstantin Khomoutov flatworm at users.sourceforge.net
Sat Nov 27 05:48:06 MSK 2010


On Fri, Nov 26, 2010 at 08:02:48PM -0500, zhong ming wu wrote:
> Apart from c2s and s2s ports, ejabberd seems to be listening on one
> high numbered tcp port.
> That port number seem to be different from one start/stop cycle to another.  Can
> someone explain the implications for this?  My current firewall rule
> automatically blocks these
> ports.   These port numbers are not listed in /etc/services.
> 
> Unrelated to the above issue, what is the implication of blocking 4369
> (erlang port mapper) which
> seems to be opened with ejabberd usage.
> 
> I am using centos 5.4

Most probably this is a port opened by the Erlang emulator process for
the communication with the epmd daemon.
Yoou can run `epmd -names` to see whether the port listed for the
name "ejabberd" matches that of listed in `netstat -nltp|grep beam`.

This happens because ejabberd processes can form a cluster which is
maintained using the means inherent to Erlang. Sending messages between
Erlang processes running on nodes located on physically different boxes
require TCP connectivity; hence the port open to talk with epmd.

I beleive stock ejabberd features the FIREWALL_WINDOW setting in its
startup script which allows to restring the port (or port range) used
for this sort of communication.

Also you can probably force the Erlang emulator running ejabberd
to start in a "standalone" mode, but I have no immediate idea about
how to achieve this except by removing the -name or -sname command-line
parameter used to start the erl binary. I fear though that doing this
will also prevent ejabberdctl from working even on localhost so I would
rather not do this.



More information about the ejabberd mailing list