-
1. Re: RMI ports and firewall
adrian.brock May 21, 2004 8:09 AM (in response to firebirth)It's on the WIKI.
Click Wikis on the left hand menu bar then click "Secure JBoss" -
2. Re: RMI ports and firewall
firebirth May 21, 2004 8:47 AM (in response to firebirth)Thanks, Adrian. But I don't really feel satisfied yet.
I would like to be more precise: We have a stand-alone app server (JBoss 3.2.3) and a stand-alone servlet engine (Tomcat 5.0.19). These two components should be separated by a firewall.
From what I found on the Wiki (the one you suggested) there is no way to configure the dynamic ports JBoss uses to communicate with the servlet engine and vice versa. Is this true?
Kind regards,
Daniel -
-
4. Re: RMI ports and firewall
vombi May 24, 2004 4:33 AM (in response to firebirth)there was a "jnp.properties" file in JBoss 2.2.2 where you could configure the listening port for jnp.
With a content like
jnp.port=1099
jnp.rmiPort=1100
the "random" ports above 30000 would stick to 1100. It worked for 2.4 and as far as I see the code is still in 3.2. Maybe there is another way to configure it in the newer versions. I hope there is no performance reduction with this, anyone knows? -
5. Re: RMI ports and firewall
starksm64 May 24, 2004 10:30 AM (in response to firebirth)jnp.properties is no longer used. See the referenced wiki page.
-
6. Re: RMI ports and firewall
vombi May 26, 2004 9:48 AM (in response to firebirth)I don't see the answer on the wiki page - maybe the question was not clear enough:
The ejb client is on the "servlet/web server" machine and makes a ejb lookup and connection to a separate machine running JBoss. This causes the "high random" listening ports to appear at run/invokation time. In fact the jnp.properties fix does not seem to work with JBoss 3, any further ideas ...? -
7. Re: RMI ports and firewall
firebirth Jun 2, 2004 11:24 AM (in response to firebirth)Hello again,
I finally figured out what it takes to restrict rmi communication between jboss app server and servlet engine to one specific port, in this case to 4444. I had to uncomment the following line in the jboss-service.xml file, section "rmi/jrmp invoker":<attribute name="RMIObjectPort">4444</attribute>
I must admit, I overlooked the fact that it was commented out. Shame on me... only typos are worse!
Thanks anyway, have a nice day,
Dan -
8. Re: RMI ports and firewall
sebastiang Dec 28, 2004 6:21 AM (in response to firebirth)Hi,
I have exactly the same problem when trying to connect to jboss through a firewall. I configured my jboss 3.2.6 server as mentioned on the Wiki.
Here is my client code:
Hashtable env = new Hashtable();
env.put(Context.PROVIDER_URL, "myServer:1099");
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
Context ctx = new InitialContext(env);
Object obj = ctx.lookup("myObject");
Getting the InitialContext works fine but during the lookup it always tries to connect to a high random port.
I hope someone can help me.
Sebastian -
9. Re: RMI ports and firewall
sebastiang Jan 19, 2005 5:45 AM (in response to firebirth)Hi,
it's me again.
I am still stuck in that problem.
I also searched several other forums for that issue and whever I found it I couldn't get a satisfying answer. I even read somewhere that it is a general Java RMI issue that one cannot get around. Is that true?
It would be really helpful if I could get a clear statement.
Bye,
Sebastian -
10. Re: RMI ports and firewall
schrouf Jan 19, 2005 6:36 AM (in response to firebirth)We have a working RMI firewall configuration with the following enabled
ports
TCP:1099 (JNDI Naming)
TCP:1100 (Cluster JNDI Naming)
TCP:1098 (RMI-Port)
TCP:4444 (RMI-Object-Port)
Regards
Ulf -
11. Re: RMI ports and firewall
henkie Jan 27, 2005 8:20 AM (in response to firebirth)3 short steps to make jboss accessible from outside firewall,
presuming on windows ( for step 3 ):
1. Make sure you have a name resolving to the external IP address of the FW eg.: externalip.example.org
2. Startup the JBoss server with an extra parameter: -b externalip.example.org
3. Supposing your internal IP address is eg. 192.168.1.1, in your windows
hosts file ( c:\windows\drivers\etc\hosts ) add:
192.168.1.1 externalip.example.org
regards,
henkie.