-
1. Re: UIL2/HTTP NAT configuration
leathurman Jun 26, 2003 7:14 PM (in response to gxe)Hi Glen,
I dont know if you have been following the JBossMQ and NAT discussions in the past but older versions certainly 3.0.6 and UIL did not support it.
I spent most of a day trying to get 3.2.1 and UIL2 to work with NAT and came upon problem after problem.
I came to the conclusion that UIL2 does not support NAT.
I ended up sticking with the version I have 3.0.6 with some nasty fixes offered to me by a friend.
When I have some serious free time we need to all sort this out and nail UIL and UIL2 and NAT.
Regard
Lea. -
2. Re: UIL2/HTTP NAT configuration
sagamartha Oct 30, 2003 4:10 PM (in response to gxe)I am also attempting to use UIL2 over a firewall/NAT configuration. Has anyone been able to get this to work?
Thanks,
Chip -
3. Re: UIL2/HTTP NAT configuration
ioparra Oct 31, 2003 6:18 PM (in response to gxe)Wanna hear it... okay....
In UILServerIL.java add this line right before it creates a socket in createConnection method.
String hostName = addr.getHostName();
addr = InetAddress.getByName(hostName);
This little fix works for us at AR. If it works for you, I may post a patch. PLEASE post your progress. Just because it works for us doesn't mean it works for all.
-Ivan
BTW. This code fix existed at my company before I got here. If I did it, I would've posted at SF. -
4. Re: UIL2/HTTP NAT configuration
npdavis Mar 18, 2004 8:48 AM (in response to gxe)With Firewall:
Figure out the ip you are connecting to. This is your "mapped ip"
Set up box on your internal network to connect to mapped IP
With NAT'd DMZ box:
Set up box as normal with dmz network in NAT'd network.
Verify you can connect to this box from the internal box using telnet.
With internal box:
make sure you can connect to all necessary ports-
ex. telnet someip 1099
Should return a prompt with ^] to get out of it, or possibly some garbage.
This means your firewall is allowing you to connect on a given port with a given IP. If you can't connect, you need to open the port. You need 3 of these ports, depending on how JBoss is configured. All 3 need to work.
With dmz box:
Add the mapped ip to hosts by replacing the 127.0.0.1 localhost with-
mappedip localhost localhost.localdomain etc..
You should now be able to connect up to the remote queue using Adrians already published configuration examples.
This difficulty is not JBoss' fault. I think the Sun spec doesn't cover messaging over firewalls at all. UIL2 works fine when it isn't NAT'd but the reverse lookup required by Sun fails because the IP you are talking to, isn't the same IP the NAT'd box thinks it is. Therefore messaging can't perform it's required checks to verify the connection.
My hosts hack makes the box think it's ip is the mapped ip, so it returns the addy the internal box is expecting.
Through a non NAT firewall, the ip the source server is talking to gets returned in the reverse lookup, therefore there is no problem when not NAT'ing.
JBoss is going above and beyond the call of duty by working with firewalls at all so don't complain too much.
WARNING: I have not tested this solution in production or with a clustered JBoss situation so don't know if it is suitable. Use at your own risk.
The hack posted earlier in this post is probably the better solution. I just don't want to have to patch JBoss every time I upgrade it, so am trying something else. I will keep this board posted on my progress.
thx,
Neil -
5. Re: UIL2/HTTP NAT configuration
npdavis Mar 18, 2004 8:54 AM (in response to gxe)OOPS
You also need to add the mapped IP to the DMZ box's network config. Forgot this detail