4.0.2 anonymous ports
rgrantitt Oct 4, 2005 3:37 PMI have set every anonymous port I can find in my jboss-service.xml and cluster-service.xml files and I still keep getting a random port assigned to my clients. I'm running behind a firewall and I've opened all of the following ports
1102/upd
1161/udp
1162/udp
1098/tcp
1099/tcp
1100/tcp
3528/tcp
4442/tcp
4443/tcp
4444/tcp
4445/tcp
4446/tcp
4447/tcp
4448/tcp
5400/tcp
8009/tcp
8080/tcp
8083/tcp
8093/tcp
4450/tcp
I still can't get in. So I took the following steps
1. Start Jboss without firewall.
2. Pipe netstats into a file without any clients connected to my EJB: filename = withoutFirewallwithoutClient
3. Connect a client.
4. Pipe netstats into a different file filename: filename = withoutFirewallWithClient
5. Compare the differences between the two files: diff withoutFirewallwithoutClient withoutFirewallwithClient
6. find all unrecognized ports.
tcp 0 0 MyServer.:40620 MyClient:3211 ESTABLISHED "Client 1"
tcp 0 0 MyServer.:40620 MyClient:3215 ESTABLISHED "Client 2"
tcp 0 0 MyServer.:40620 MyClient:3212 ESTABLISHED "Client 3"
If I reboot my server the prot 40620 changes, but the same one is used for each client. I cannot find anywhere in the documentation where it indicates that there are any other anonymous ports used. here are my two service.xml files
jboss-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: jboss-service.xml,v 1.1 2005/09/26 08:18:02 grantr Exp $ -->
<!-- ===================================================================== -->
<!-- JBoss Server Configuration -->
<!-- ===================================================================== -->
<!-- Load all jars from the JBOSS_DIST/server//lib directory. This
can be restricted to specific jars by specifying them in the archives
attribute.
-->
<!-- ==================================================================== -->
<!-- JSR-77 Single JBoss Server Management Domain -->
<!-- ==================================================================== -->
jboss.system:service=MainDeployer
jboss.system:service=ServiceDeployer
jboss.j2ee:service=EARDeployer
jboss.ejb:service=EJBDeployer
jboss.jca:service=RARDeployer
jboss.jca:service=ConnectionFactoryDeployer
jboss.web:service=WebServer
jboss:service=Mail
jboss.mq:service=DestinationManager
jboss:service=Naming
jboss:service=TransactionManager
jboss:service=ClientUserTransaction
<!-- jboss:service=CorbaORB -->
<!-- ==================================================================== -->
<!-- XMBean Persistence -->
<!-- ==================================================================== -->
<mbean code="org.jboss.system.pm.AttributePersistenceService"
name="jboss:service=AttributePersistenceService"
xmbean-dd="resource:xmdesc/AttributePersistenceService-xmbean.xml">
<!-- the AttributePersistenceService is persistent, itself -->
<!--
org.jboss.system.pm.XMLAttributePersistenceManager
<data-directory>data/xmbean-attrs</data-directory>
false
-->
<!-- A Thread pool service -->
JBoss System Threads
System Threads
<!-- How long a thread will live without any tasks in MS -->
60000
<!-- The max number of threads in the pool -->
10
<!-- The max number of tasks before the queue is full -->
1000
<!-- The behavior of the pool when a task is added and the queue is full.
abort - a RuntimeException is thrown
run - the calling thread executes the task
wait - the calling thread blocks until the queue has room
discard - the task is silently discarded without being run
discardOldest - check to see if a task is about to complete and enque
the new task if possible, else run the task in the calling thread
-->
run
<!-- Preload all custom editors for VMs that don't use the thread
context class loader when searching for PropertyEditors. Uncomment
if your JDK 1.3.0 VM fails to find JBoss PropertyEditors.
java.math.BigDecimal=org.jboss.util.propertyeditor.BigDecimalEditor
java.lang.Boolean=org.jboss.util.propertyeditor.BooleanEditor
java.lang.Class=org.jboss.util.propertyeditor.ClassEditor
java.util.Date=org.jboss.util.propertyeditor.DateEditor
java.io.File=org.jboss.util.propertyeditor.FileEditor
java.net.InetAddress=org.jboss.util.propertyeditor.InetAddressEditor
java.lang.Integer=org.jboss.util.propertyeditor.IntegerEditor
javax.management.ObjectName=org.jboss.mx.util.propertyeditor.ObjectNameEditor
java.util.Properties=org.jboss.util.propertyeditor.PropertiesEditor
[Ljava.lang.String;=org.jboss.util.propertyeditor.StringArrayEditor
java.net.URL=org.jboss.util.propertyeditor.URLEditor
-->
<!-- ==================================================================== -->
<!-- Log4j Initialization -->
<!-- ==================================================================== -->
<mbean code="org.jboss.logging.Log4jService"
name="jboss.system:type=Log4jService,service=Logging"
xmbean-dd="resource:xmdesc/Log4jService-xmbean.xml">
resource:log4j.xml
<!-- Set the org.apache.log4j.helpers.LogLog.setQuiteMode. As of log4j1.2.8
this needs to be set to avoid a possible deadlock on exception at the
appender level. See bug#696819.
-->
true
<!-- How frequently in seconds the ConfigurationURL is checked for changes -->
60
<!-- ==================================================================== -->
<!-- JBoss RMI Classloader - only install when available -->
<!-- ==================================================================== -->
java.rmi.server.RMIClassLoaderSpi
org.jboss.system.JBossRMIClassLoader
<!-- ==================================================================== -->
<!-- Service Binding -->
<!-- ==================================================================== -->
<!-- Automatically activated when generatting the clustering environment -->
<!-- @TESTSUITE_CLUSTER_CONFIG@ -->
<!--
| Binding service manager for port/host mapping. This is a sample
| config that demonstrates a JBoss instances with a server name 'ports-01'
| loading its bindings from an XML file using the ServicesStoreFactory
| implementation returned by the XMLServicesStoreFactory.
|
| ServerName: The unique name assigned to a JBoss server instance for
| lookup purposes. This allows a single ServicesStore to handle mulitiple
| JBoss servers.
|
| StoreURL: The URL string passed to org.jboss.services.binding.ServicesStore
| during initialization that specifies how to connect to the bindings store.
| StoreFactory: The org.jboss.services.binding.ServicesStoreFactory interface
| implementation to create to obtain the ServicesStore instance.
ports-01
${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml
org.jboss.services.binding.XMLServicesStoreFactory
-->
<!-- ==================================================================== -->
<!-- Class Loading -->
<!-- ==================================================================== -->
8083
<!-- Should resources and non-EJB classes be downloadable -->
true
${jboss.bind.address}
${jboss.bind.address}
<!-- ==================================================================== -->
<!-- JNDI -->
<!-- ==================================================================== -->
<mbean code="org.jboss.naming.NamingService"
name="jboss:service=Naming"
xmbean-dd="resource:xmdesc/NamingService-xmbean.xml">
<!-- The call by value mode. true if all lookups are unmarshalled using
the caller's TCL, false if in VM lookups return the value by reference.
-->
false
<!-- The listening port for the bootstrap JNP service. Set this to -1
to run the NamingService without the JNP invoker listening port.
-->
1099
<!-- The bootstrap JNP server bind address. This also sets the default
RMI service bind address. Empty == all addresses
-->
${jboss.bind.address}
<!-- The port of the RMI naming service, 0 == anonymous -->
1098
<!-- The RMI service bind address. Empty == all addresses
-->
${jboss.bind.address}
<!-- The thread pool service used to control the bootstrap lookups -->
<depends optional-attribute-name="LookupPool"
proxy-type="attribute">jboss.system:service=ThreadPool
<mbean code="org.jboss.naming.JNDIView"
name="jboss:service=JNDIView"
xmbean-dd="resource:xmdesc/JNDIView-xmbean.xml">
<!-- ==================================================================== -->
<!-- Security -->
<!-- ==================================================================== -->
jboss.security:service=XMLLoginConfig
login-config.xml
<!-- JAAS security manager and realm mapping -->
org.jboss.security.plugins.JaasSecurityManager
anonymous
<!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
in seconds.
If you want to disable caching of security credentials, set this to 0 to
force authentication to occur every time. This has no affect if the
AuthenticationCacheJndiName has been changed from the default value.
-->
1800
<!-- DefaultCacheResolution: Specifies the default timed cache policy
resolution in seconds. This controls the interval at which the cache
current timestamp is updated and should be less than the DefaultCacheTimeout
in order for the timeout to be meaningful. This has no affect if the
AuthenticationCacheJndiName has been changed from the default value.
-->
60
<!-- ==================================================================== -->
<!-- Transactions -->
<!-- ==================================================================== -->
<!-- The configurable Xid factory. For use with Oracle, set pad to true -->
<!--attribute name="Pad">true</attribute-->
<!--
| The fast in-memory transaction manager.
-->
<mbean code="org.jboss.tm.TransactionManagerService"
name="jboss:service=TransactionManager"
xmbean-dd="resource:xmdesc/TransactionManagerService-xmbean.xml">
300
<!-- set to false to disable transaction demarcation over IIOP -->
true
<depends optional-attribute-name="XidFactory">jboss:service=XidFactory
<!--
| UserTransaction support.
-->
<mbean code="org.jboss.tm.usertx.server.ClientUserTransactionService"
name="jboss:service=ClientUserTransaction"
xmbean-dd="resource:xmdesc/ClientUserTransaction-xmbean.xml">
jboss:service=invoker,type=jrmp
jboss:service=ClientUserTransaction
UserTransactionSessionFactory
org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory
org.jboss.proxy.ClientMethodInterceptor
org.jboss.invocation.InvokerInterceptor
jboss:service=invoker,type=jrmp
<depends optional-attribute-name="TxProxyName">
jboss:service=invoker,type=jrmp
jboss:service=ClientUserTransaction
org.jboss.tm.usertx.interfaces.UserTransactionSession
org.jboss.proxy.ClientMethodInterceptor
org.jboss.invocation.InvokerInterceptor
jboss:service=invoker,type=jrmp
<!-- ==================================================================== -->
<!-- Invokers to the JMX node -->
<!-- ==================================================================== -->
<!-- RMI/JRMP invoker -->
4442
${jboss.bind.address}
<!--
custom
custom
custom
ssl-domain-name
-->
jboss:service=TransactionManager
jboss:service=TransactionManager
1
300
300
60000
${jboss.bind.address}
4445
${jboss.bind.address}
0
false
<depends optional-attribute-name="TransactionManagerService">jboss:service=TransactionManager
<!-- ==================================================================== -->
<!-- Monitoring and Management -->
<!-- ==================================================================== -->
<!-- Uncomment to enable JMX monitoring of the bean cache
-->
<!-- Uncomment to enable JMX monitoring of the entity bean locking
-->
<!-- ==================================================================== -->
<!-- An MBean that is a registry for JDBC type-mapping metadata -->
<!-- ==================================================================== -->
<!-- ==================================================================== -->
<!-- Deployment Scanning -->
<!-- ==================================================================== -->
<!-- An mbean for hot deployment/undeployment of archives.
-->
<!-- Uncomment (and comment/remove version below) to enable usage of the
DeploymentCache
<depends optional-attribute-name="Deployer">jboss.deployment:type=DeploymentCache
-->
<depends optional-attribute-name="Deployer">jboss.system:service=MainDeployer
<!-- The URLComparator can be used to specify a deployment ordering
for deployments found in a scanned directory. The class specified
must be an implementation of java.util.Comparator, it must be able
to compare two URL objects, and it must have a no-arg constructor.
Two deployment comparators are shipped with JBoss:
- org.jboss.deployment.DeploymentSorter
Sorts by file extension, as follows:
"sar", "service.xml", "rar", "jar", "war", "wsr", "ear", "zip",
"*"
- org.jboss.deployment.scanner.PrefixDeploymentSorter
If the name portion of the url begins with 1 or more digits, those
digits are converted to an int (ignoring leading zeroes), and
files are deployed in that order. Files that do not start with
any digits will be deployed first, and they will be sorted by
extension as above with DeploymentSorter.
-->
org.jboss.deployment.DeploymentSorter
<!--
org.jboss.deployment.scanner.PrefixDeploymentSorter
-->
<!-- The FilterInstance specifies a URLLister.URLFilter for scanned
directories. This DeploymentFilter is initialized with the given
prefixes, suffixes and matches that define which URLs should be
ignored.
-->
<!-- Files starting with theses strings are ignored -->
#,%,\,,.,_$
<!-- Files ending with theses strings are ignored -->
#,$,%,~,\,v,.BAK,.bak,.old,.orig,.tmp,.rej,.sh
<!-- Files matching with theses strings are ignored -->
.make.state,.nse_depinfo,CVS,CVS.admin,RCS,RCSLOG,SCCS,TAGS,core,tags
<!-- Frequency in milliseconds to rescan the URLs for changes -->
5000
<!-- A flag to disable the scans -->
true
<!-- URLs are comma separated and resolve relative to the server home URL
unless the given path is absolute. If the URL ends in "/" it is
considered a collection and scanned, otherwise it is simply deployed;
this follows RFC2518 convention and allows discrimination between
collections and directories that are simply unpacked archives.
URLs may be local (file:) or remote (http:). Scanning is supported
for remote URLs but unpacked deployment units are not.
Example URLs:
deploy/
scans ${jboss.server.url}/deploy/, which is local or remote
depending on the URL used to boot the server
${jboss.server.home}/deploy/
scans ${jboss.server.home)/deploy, which is always local
file:/var/opt/myapp.ear
deploy myapp.ear from a local location
file:/var/opt/apps/
scans the specified directory
http://www.test.com/netboot/myapp.ear
deploys myapp.ear from a remote location
http://www.test.com/netboot/apps/
scans the specified WebDAV location
-->
deploy/
<!-- Indicates if the scanner should recursively scan directories that
contain no "." in their names. This can be used to group applications
and services that must be deployed and that have the same
logical function in the same directory i.e.
deploy/JMX/
deploy/JMS/
...
-->
True
cluster-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- ===================================================================== -->
<!-- -->
<!-- Sample Clustering Service Configuration -->
<!-- -->
<!-- ===================================================================== -->
<!-- ==================================================================== -->
<!-- Cluster Partition: defines cluster -->
<!-- ==================================================================== -->
<!-- Name of the partition being built -->
${jboss.partition.name:DefaultPartition}
<!-- The address used to determine the node name -->
${jboss.bind.address}
<!-- Determine if deadlock detection is enabled -->
true
<!-- Max time (in ms) to wait for state transfer to complete. Increase for large states -->
30000
<!-- The JGroups protocol configuration -->
<!--
The default UDP stack:
- If you have a multihomed machine, set the UDP protocol's bind_addr attribute to the
appropriate NIC IP address, e.g bind_addr="192.168.0.2".
- On Windows machines, because of the media sense feature being broken with multicast
(even after disabling media sense) set the UDP protocol's loopback attribute to true
-->
<!--DO NOT MOVE OR REMOVE THIS COMMENT USED FOR CONFIG-->
<UDP mcast_addr="228.1.2.3" mcast_port="45566"
ip_ttl="8" ip_mcast="true" bind_addr="127.0.0.1"
mcast_send_buf_size="800000" mcast_recv_buf_size="150000"
ucast_send_buf_size="800000" ucast_recv_buf_size="150000"
loopback="true"/>
<!--DO NOT MOVE OR REMOVE THIS COMMENT USED FOR CONFIG-->
<PING timeout="2000" num_initial_members="3"
up_thread="true" down_thread="true"/>
<MERGE2 min_interval="10000" max_interval="20000"/>
<FD shun="true" up_thread="true" down_thread="true"
timeout="2500" max_tries="5"/>
<VERIFY_SUSPECT timeout="3000" num_msgs="3"
up_thread="true" down_thread="true"/>
<pbcast.NAKACK gc_lag="50" retransmit_timeout="300,600,1200,2400,4800"
max_xmit_size="8192"
up_thread="true" down_thread="true"/>
<UNICAST timeout="300,600,1200,2400,4800" window_size="100" min_threshold="10"
down_thread="true"/>
<pbcast.STABLE desired_avg_gossip="20000"
up_thread="true" down_thread="true"/>
<FRAG frag_size="8192"
down_thread="true" up_thread="true"/>
<pbcast.GMS join_timeout="5000" join_retry_timeout="2000"
shun="true" print_local_addr="true"/>
<pbcast.STATE_TRANSFER up_thread="true" down_thread="true"/>
<!-- Alternate TCP stack: customize it for your environment, change bind_addr and initial_hosts -->
<!--
<TCP bind_addr="thishost" start_port="7800" loopback="true"/>
<TCPPING initial_hosts="thishost[7800],otherhost[7800]" port_range="3" timeout="3500"
num_initial_members="3" up_thread="true" down_thread="true"/>
<MERGE2 min_interval="5000" max_interval="10000"/>
<FD shun="true" timeout="2500" max_tries="5" up_thread="true" down_thread="true" />
<VERIFY_SUSPECT timeout="1500" down_thread="false" up_thread="false" />
<pbcast.NAKACK down_thread="true" up_thread="true" gc_lag="100"
retransmit_timeout="3000"/>
<pbcast.STABLE desired_avg_gossip="20000" down_thread="false" up_thread="false" />
<pbcast.GMS join_timeout="5000" join_retry_timeout="2000" shun="false"
print_local_addr="true" down_thread="true" up_thread="true"/>
<pbcast.STATE_TRANSFER up_thread="true" down_thread="true"/>
-->
<!-- ==================================================================== -->
<!-- HA Session State Service for SFSB -->
<!-- ==================================================================== -->
jboss:service=${jboss.partition.name:DefaultPartition}
<!-- Name of the partition to which the service is linked -->
${jboss.partition.name:DefaultPartition}
<!-- JNDI name under which the service is bound -->
/HASessionState/Default
<!-- Max delay before cleaning unreclaimed state.
Defaults to 30*60*1000 => 30 minutes -->
0
<!-- ==================================================================== -->
<!-- HA JNDI -->
<!-- ==================================================================== -->
jboss:service=${jboss.partition.name:DefaultPartition}
<!-- Name of the partition to which the service is linked -->
${jboss.partition.name:DefaultPartition}
<!-- Bind address of bootstrap and HA-JNDI RMI endpoints -->
${jboss.bind.address}
<!-- Port on which the HA-JNDI stub is made available -->
1100
<!-- Accept backlog of the bootstrap socket -->
50
<!-- The thread pool service used to control the bootstrap and
auto discovery lookups -->
<depends optional-attribute-name="LookupPool"
proxy-type="attribute">jboss.system:service=ThreadPool
<!-- A flag to disable the auto discovery via multicast -->
true
<!-- Set the auto-discovery bootstrap multicast bind address. If not
specified and a BindAddress is specified, the BindAddress will be used. -->
${jboss.bind.address}
<!-- Multicast Address and group port used for auto-discovery -->
230.0.0.4
1102
<!-- The TTL (time-to-live) for autodiscovery IP multicast packets -->
16
<!-- RmiPort to be used by the HA-JNDI service once bound. 0 => auto. -->
4447
<!-- Client socket factory to be used for client-server
RMI invocations during JNDI queries
custom
-->
<!-- Server socket factory to be used for client-server
RMI invocations during JNDI queries
custom
-->
${jboss.bind.address}
<!--
0
custom
custom
-->
<!-- the JRMPInvokerHA creates a thread per request. This implementation uses a pool of threads -->
1
300
300
60000
${jboss.bind.address}
4446
${jboss.bind.address}
0
false
<depends optional-attribute-name="TransactionManagerService">jboss:service=TransactionManager
<!-- ==================================================================== -->
<!-- ==================================================================== -->
<!-- Distributed cache invalidation -->
<!-- ==================================================================== -->
jboss:service=${jboss.partition.name:DefaultPartition}
jboss.cache:service=InvalidationManager
jboss.cache:service=InvalidationManager
${jboss.partition.name:DefaultPartition}
DefaultJGBridge