Hipchat Server is not listening on ports 5222 and 5223
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.
This is for an outdated version of Hipchat Server
This article applies to a version of Hipchat Server which will be deprecated soon. After that period the version will no longer be supported.
You should upgrade to a more recent version of Hipchat Server as soon as you can to take advantage of new features, and security and bug fixes.
Problem
XMPP ports 5222 and 5223 are not listening on Hipchat Server 1.3.1 or later, contrary to the documented inbound port requirements. This can be observed using the netstat command, as in the following example output in Hipchat Server 2.2.4:
admin@hipchat:~$ netstat -an |grep -i 52 |grep -i listen
tcp 0 0 0.0.0.0:5221 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5232 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5233 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5242 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5243 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5211 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 18452 public/showqCause
No processes on Hipchat Server v1.3.1 or later listen on XMPP ports 5222 and 5223. Instead, these ports are open at the kernel level and are routed via internal NAT rules to their appropriate processes.
The internal routing rules can be found using the iptables command as follows:
iptables -t nat -L -n -v
Below is a sample output of the above command showing destination ports 5222 and 5223 routed to tetra-proxy processes listening on ports 5232 and 5233 on Hipchat Server 2.2.4:
root@hipchat-server:/home/admin# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 6947 packets, 474K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 2 /* tetra-proxy-0-chat-port */ to::5232
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 2 /* tetra-proxy-0-chat-port-ssl */ to::5233
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 1 /* tetra-proxy-1-chat-port */ to::5242
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 1 /* tetra-proxy-1-chat-port-ssl */ to::5243
Chain INPUT (policy ACCEPT 6939 packets, 468K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 138K packets, 9009K bytes)
pkts bytes target prot opt in out source destination
8 480 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 2 /* tetra-proxy-0-chat-port */ to::5232
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 2 /* tetra-proxy-0-chat-port-ssl */ to::5233
7 420 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW statistic mode nth every 1 /* tetra-proxy-1-chat-port */ to::5242
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 state NEW statistic mode nth every 1 /* tetra-proxy-1-chat-port-ssl */ to::5243
Chain POSTROUTING (policy ACCEPT 138K packets, 9010K bytes)
pkts bytes target prot opt in out source destinationWorkaround/Resolution
This is the intended behavior of Hipchat Server v1.3.1 or later and no resolution or workaround is required.