11 Replies Latest reply on Jan 27, 2005 8:20 AM by henkie

    RMI ports and firewall


      Hello there,

      we'd like to firewall the app server from the web server and experienced some problems defining the firewall rules. As far as I know, JBoss 3.2.3 uses some static ports, such as 1099 (JNDI) but also dynamic ports like for the RMI Object ports.

      I still couldn't figure out how to set the range of dynamic RMI ports used by JBoss or to restrict RMI communication to a single port. Is it possible to change those ports in a config file? I couldn't find anything...

      Or to put my question another way: is there a way to set up a firewall between the app server and the web server?

      Any help would be appreciated!


        • 1. Re: RMI ports and firewall

          It's on the WIKI.
          Click Wikis on the left hand menu bar then click "Secure JBoss"

          • 2. Re: RMI ports and firewall

            Thanks, Adrian. But I don't really feel satisfied yet.

            I would like to be more precise: We have a stand-alone app server (JBoss 3.2.3) and a stand-alone servlet engine (Tomcat 5.0.19). These two components should be separated by a firewall.

            From what I found on the Wiki (the one you suggested) there is no way to configure the dynamic ports JBoss uses to communicate with the servlet engine and vice versa. Is this true?

            Kind regards,


            • 3. Re: RMI ports and firewall
              • 4. Re: RMI ports and firewall

                there was a "jnp.properties" file in JBoss 2.2.2 where you could configure the listening port for jnp.
                With a content like


                the "random" ports above 30000 would stick to 1100. It worked for 2.4 and as far as I see the code is still in 3.2. Maybe there is another way to configure it in the newer versions. I hope there is no performance reduction with this, anyone knows?

                • 5. Re: RMI ports and firewall

                  jnp.properties is no longer used. See the referenced wiki page.

                  • 6. Re: RMI ports and firewall

                    I don't see the answer on the wiki page - maybe the question was not clear enough:
                    The ejb client is on the "servlet/web server" machine and makes a ejb lookup and connection to a separate machine running JBoss. This causes the "high random" listening ports to appear at run/invokation time. In fact the jnp.properties fix does not seem to work with JBoss 3, any further ideas ...?

                    • 7. Re: RMI ports and firewall

                      Hello again,

                      I finally figured out what it takes to restrict rmi communication between jboss app server and servlet engine to one specific port, in this case to 4444. I had to uncomment the following line in the jboss-service.xml file, section "rmi/jrmp invoker":

                      <attribute name="RMIObjectPort">4444</attribute>

                      I must admit, I overlooked the fact that it was commented out. Shame on me... only typos are worse!

                      Thanks anyway, have a nice day,


                      • 8. Re: RMI ports and firewall


                        I have exactly the same problem when trying to connect to jboss through a firewall. I configured my jboss 3.2.6 server as mentioned on the Wiki.
                        Here is my client code:

                        Hashtable env = new Hashtable();
                        env.put(Context.PROVIDER_URL, "myServer:1099");
                        env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
                        env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
                        Context ctx = new InitialContext(env);
                        Object obj = ctx.lookup("myObject");

                        Getting the InitialContext works fine but during the lookup it always tries to connect to a high random port.
                        I hope someone can help me.


                        • 9. Re: RMI ports and firewall

                          it's me again.

                          I am still stuck in that problem.

                          I also searched several other forums for that issue and whever I found it I couldn't get a satisfying answer. I even read somewhere that it is a general Java RMI issue that one cannot get around. Is that true?

                          It would be really helpful if I could get a clear statement.


                          • 10. Re: RMI ports and firewall

                            We have a working RMI firewall configuration with the following enabled

                            TCP:1099 (JNDI Naming)
                            TCP:1100 (Cluster JNDI Naming)

                            TCP:1098 (RMI-Port)
                            TCP:4444 (RMI-Object-Port)


                            • 11. Re: RMI ports and firewall

                              3 short steps to make jboss accessible from outside firewall,
                              presuming on windows ( for step 3 ):

                              1. Make sure you have a name resolving to the external IP address of the FW eg.: externalip.example.org

                              2. Startup the JBoss server with an extra parameter: -b externalip.example.org

                              3. Supposing your internal IP address is eg., in your windows
                              hosts file ( c:\windows\drivers\etc\hosts ) add: