Aparently there is no configuration parameter to specify bind IP for TM to listen (as far as I now) and TM allways binds to all interfaces on machine.
In JBoss App Srv ver. 4.2 configuration, TM creates 3 efemeric ports with bindings as stated above and it ignores JBoss run cmd address binding option (-b).
test-xen:/usr/local/jboss-4.2.1.GA/bin# netstat -lntp | grep java
tcp 0 0 127.0.0.1:3873 0.0.0.0:* LISTEN 8133/java
tcp 0 0 0.0.0.0:34689 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:8009 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:1098 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:1099 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 8133/java
tcp 0 0 0.0.0.0:52723 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:4444 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:4445 0.0.0.0:* LISTEN 8133/java
tcp 0 0 127.0.0.1:4446 0.0.0.0:* LISTEN 8133/java
tcp 0 0 0.0.0.0:43710 0.0.0.0:* LISTEN 8133/java
Quick look in App Srv sources shows that the problem is not about integration service for App Srv, but lack of such feature in TM Core which use ServerSocket ctor with only port argument.
From security point of view it should be possible to bind TM to specific address using some config parameters.
Regards
Janusz Grabowski