Cant punch EJABBERD through FIREHOL, I'm lost!

NOTE: Oops, when I put this up my session expired, and I accedentally copy-pasted this post into the wrong forum… this was supposed to be in Linux Networking… If somebody wanted to move it… :D

I installed ejabberd on my linode; I wanted a personal server that supported TLS between client and server and server and server… secure from end to end, if you trust the servers, of course :D

So, I installed ejabbered by putting these into /etc/apt/sources.list:

deb http://sgolovan.nes.ru/debian sarge main
deb-src http://sgolovan.nes.ru/debian sarge main

Then apt-get install ejabberd. YAY!

Then I edited /etc/ejabberd/ejabberd.cfg:

%override_acls.

% Users that have admin access.  Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "autodmc"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.

% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
{welcome_message,
 {"Welcome!",
  "Welcome to AutoDMC Labs Jabber Service.  "
  "For information about Jabber visit http://jabber.org"}}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
%                         "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
               {allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
                      {normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, local}]}.

% Authentication method.  If you want to use internal user base, then use
% this line:
{auth_method, internal}.

% Host(s) name: (replace for your hostname(s))
% Old {host, "localhost"}. option is equivalent to {hosts, ["localhost"]}.
{hosts, ["autodmclabs.com"]}.

% Default language for server messages
{language, "en"}.

% Listen for unencrypted traffic (untrusted)
{listen,
  {5222, ejabberd_c2s,     [{access, c2s},
                                {shaper, c2s_shaper}]},

% SSL-enabled client-2-server service (trusted)
  {5223, ejabberd_c2s,     [{access, c2s},
                            tls, {certfile, "/home/ejabberd/server.pem"},
                            {shaper, c2s_shaper}]},

% Server-2-server service
  {5269, ejabberd_s2s_in,  [{s2s_use_starttls, true},
                            {domain_certfile, "/home/ejabberd/server.pem"},
                            {shaper, s2s_shaper}]},

% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
  {5280, ejabberd_http,    [http_poll, web_admin]}
 ]}.

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

% Used modules:
{modules,
 [
  {mod_announce,   [{access, announce}]},
  {mod_register,   [{access, register}]},
  {mod_roster,     []},
  {mod_shared_roster, []},
  {mod_privacy,    []},
  {mod_configure,  []},
  {mod_configure2, []},
  {mod_disco,      [{extra_domains, ["users.jabber.org"]}]},
  {mod_stats,      []},
  {mod_vcard,      []},
  {mod_offline,    []},
  {mod_echo,       []},
  {mod_private,    []},
  {mod_irc,        []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
  {mod_muc,        [{access, muc},
                    {access_create, muc},
                    {access_admin, muc_admin}]},
  {mod_pubsub,     []},
  {mod_time,       []},
  {mod_last,       []},
  {mod_version,    []}
 ]}.

Starting ejabberd, it gave me a "host name not resolved" error, or soemthing like that.

Took me a bit to figure out my problem; it was my firewall. So I opened a CLIENT for DNS (client DNS accept) in Firehol, and everyone was happy.

However, I can't connect with my jabber client to ejabberd, or through the web interface.

Here's my Firehol Rules:

version 5

server_ejabberd_ports="tcp/5222 tcp/5223 tcp/5269 tcp/5280"
client_ejabberd_ports="default 5222 5223 5269 5280"

interface eth0 linode
        policy reject

        server ping accept
        server ejabberd accept

        client dns accept

I wanted to use Jabber as a request protocol between some servers (request a file, etc), and I wanted it to be encrypted and authinticated, so if client SetTopBox requests a file from FileCabinet, FileCabinet gets the request without anybody else knowing what the request is (encrypted, etc), then setup a different type of communication to actually transfer the encrypted file, etc, etc, etc.

But before I can dump time into this project and see if it makes any sense I need a working jabber server that I can play with, that's the point of installing ejabberd… but it's not working!

Any help would be much much appreciated.