13 Replies Latest reply on Mar 17, 2006 3:57 PM by tom.elrod

(BIG) Problems with bean-lookup in NAT enviroment, EJB3RC5,

nickthegreat Mar 16, 2006 7:18 AM

Enviroment: JAS 4.0.4RC1, EJB3RC5

The error I get is:

javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: <external-ip>; nested exception is:
 java.net.ConnectException: Connection timed out: connect]
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:722)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
 at javax.naming.InitialContext.lookup(Unknown Source)
 at GetBeans.lookup(GetBeans.java:72)
 at TestLookup.main(TestLookup.java:17)
Caused by: java.rmi.ConnectException: Connection refused to host: <external-ip>; nested exception is:
 java.net.ConnectException: Connection timed out: connect
 at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
 at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
 at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
 at sun.rmi.server.UnicastRef.invoke(Unknown Source)
 at org.jnp.server.NamingServer_Stub.lookup(Unknown Source)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:625)
 ... 4 more
Caused by: java.net.ConnectException: Connection timed out: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(Unknown Source)
 at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
 at java.net.PlainSocketImpl.connect(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)
 at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)
 ... 10 more

Lookup Code is vanialla/standard:

private static Properties JNDINameFactory(String host)
 {
 Properties properties = new Properties();
 properties.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
 properties.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
 properties.put("java.naming.provider.url", "jnp://"+host );
 properties.put("jnp.disableDiscovery", "true");

 return properties;
 }

 public BeanContainer lookup() throws NamingException {

 BeanContainer bc = new BeanContainer();

 getEJBPropertiesFromFile(); // getting JBOSS server IP+port from file
 Properties p = JNDINameFactory(asIP+":"+asPort);

 System.out.println("HOST: "+asIP+" IP: "+asPort);

 Context context=null;
 try {

 System.out.println("inital context lookup");
 context = new InitialContext(p);
 System.out.println("done");

 } catch ( Exception ex ) { ex.printStackTrace(); return bc; }

 try {
 System.out.println("bean lookup");
 bc.CoreBean = (CoreServiceInterface) context.lookup("CoreServiceBean/remote");
 bc.ExoticBean = (ExoticInterface) context.lookup("ExoticBean/remote");
 System.out.println("done");
 } catch ( Exception ex ) { ex.printStackTrace(); return bc;}

 return bc;
 }

Well, basicly a well known problem, JNDI/JBOSS in NAT enviroment

The standard workaround:

Adding

-Djava.rmi.server.hostname="exptrernal-ip" \
-Djava.rmi.server.uselocalHostname=false \

to the jboss run-script / jboss JVM paramters.

of course I've forwared all RMI/JNDI ports correctly.
(1098/1099/4444/4445)

starting without(!) java.rmi.server.hostname ->

lookup works in intranet .. but not remotely
lookup from remote clients -> error msg:

javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: <internal-ip>; nested exception is:

this is ok/expected ...

but when starting with java.rmi.server.hostname="external-ip"
I ALWAYS get
javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: <external-ip>; nested exception is: ...

no matter if lookup is done from inernal-net or remotely.

real strange thing: if I try netcat external-ip 1099 it gives back same data.
if I look at the traffic via ethereal where are a couple a tcp/ip packets send from server to client and vice-verce on port 1099.
but it still gives the connection refused error !!!???

I've tried it in various(!) NAT enviroments, always the same behaviour.

I know the java.rmi.server.hostname= workaround worked when I worked on a NON-EJB3 projekt with JBOSS 4.0.3
(In the same(!) network / enviroment I want to get this EJB3 stuff working)

Please heeeeeeeeeeeeelp :)
Desparetly trying to get this working since days :-((((((

Anyone got JBOSS 4.0.4RC1+EJB3 (lookup) working in a NAT enviroment ????

thx i.a, ntg

1. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 11:34 AM (in response to nickthegreat)

Update:

http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3877360

could't try out yet, but opening port 3873 plus changing client-connect adressress to external ip .... at least I can see I my logged packets that "it" wants to connect to the servers intenral ip on 3873 :)

Important question:

@RemoteBinding(clientBindUrl="socket://66.56.72.34:3873")
....
where the external address for my server is 66.56.72.34.
...

In a future release of ejb3, this should not be required and should pick up the proper locator url as specified in the server (via the jboss-service.xml). However, overriding the bind information for the client will always be allowed via the RemoteBinding annotation (if have a particular need for this).

Well, in a future release of ejb3, this should not be required and should pick up the proper locator url as specified in the server (via the jboss-service.xml).

ok, now we have a future verison of ejb3 :)
alsoready possible ?
if so ?
how ?

Annotating server ip's in source code is *really* bad :/
in particular if the ip changes frequently :((((

best regards, ntg
Actions
2. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

bill.burke Mar 16, 2006 12:13 PM (in response to nickthegreat)

@RemoteBinding(clientBindUrl="socket://66.56.72.34:3873")

You got it to work with this? I'll work on getting this available in a default form.
Actions
3. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 1:09 PM (in response to nickthegreat)

thx for the reply/help :)

yes, looks *very* good so far :)
a comlete test takes some time, but I'm very optistic.

so there currently is no way to define/override the
@RemoteBinding(clientBindUrl="socket://IP:PORT") annotation somewhere in jboss-xml's ?
not much fun to recompile everytime IP changes / new server deployment :)

btw: ports 4444 and 4445 (default jrmp/pooled) aint used for ejb3 anymore ?

just RemoteBinding's port+ 1098/1099 ???
Actions
4. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

bill.burke Mar 16, 2006 3:46 PM (in response to nickthegreat)

i'm adding it to the next release.
Actions
5. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 4:02 PM (in response to nickthegreat)

unfortunately, it doesn't seem to work :-(

test scenario:

server inside nat'ed network
jboss started via -java.rmi.server.hostname=external-ip
ports 1098,1099,4444,4445,3783 forwarded ...

locking at the captured packets while lookup is done iclearly shows why it dopesnt work ->

communication on port 1098/1099 works ok ...
but looking at the packets on port 3783 -> still wants to talk to servers internal ip :-(
thout it's annotated as
@RemoteBinding(clientBindUrl="socket://**EXTERNAL-IP**:3873")

*sigh*

anyone any idea ????

regards, ntg
Actions
6. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 4:10 PM (in response to nickthegreat)

perhaps it's relevant/interesting that the ejbs are
annoted both local and remote

@RemoteBinding(clientBindUrl="socket://external-ip:3873")
@Remote
@Local

... interface ...
Actions
7. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 6:33 PM (in response to nickthegreat)

last one for today ;)

this http://www.jboss.com/index.html?module=bb&op=viewtopic&t=69484

looks like it might be of interesst ...

in particular the "clientConnectAddress" property of the ejb3-deployer.

but format seems to have changed in meantime ???
mine looks quite different, did it change ?
cant see clientConnectAddress ... gone ?

confusing/confused :/
Actions
8. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

bill.burke Mar 16, 2006 7:26 PM (in response to nickthegreat)

the @RemoteBinding(clientBindUrl) should work. I don't have the ability to do NAT (or knowledge), but I tried setting the clientBindUrl to a bad ip address and it failed miserably.

this http://www.jboss.com/index.html?module=bb&op=viewtopic&t=69484

Is a usable configuration mechanism. Try it. I'll see if I can get the remoting guy to help.
Actions
9. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 16, 2006 8:00 PM (in response to nickthegreat)

tried it ..

unfortunately no change :(

just remotebinding annotation, remotebinding annotation plus clientConnectAddress=external ip in ejb3-deployer/metainf ...
no remotebinding annotion and clientconnectadress=external ip in ejb3-deployer xml ...

in all cases client always wants to connect to internal ip of server on port 3873 regarding my packet logs ;-(
Actions

10. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 17, 2006 2:39 AM (in response to nickthegreat)

details of the ejb3 deployer xml:

before modification (out of the box):

 <mbean code="org.jboss.remoting.transport.Connector"
 xmbean-dd="org/jboss/remoting/transport/Connector.xml"
 name="jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3">
 <depends>jboss.aop:service=AspectDeployer</depends>
 <attribute name="InvokerLocator">socket://${jboss.bind.address}:3873</attribute>
 <attribute name="Configuration">
 <handlers>
 <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
 </handlers>
 </attribute>
 </mbean>

after modification

 <mbean code="org.jboss.remoting.transport.Connector"
 xmbean-dd="org/jboss/remoting/transport/Connector.xml"
 name="jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3">
 <depends>jboss.aop:service=AspectDeployer</depends>
 <attribute name="InvokerLocator">socket://${jboss.bind.address}:3873</attribute>

 <attribute name="Configuration">
 <config>
 <invoker transport="socket">
 <attribute name="numAcceptThreads">1</attribute>
 <attribute name="maxPoolSize">303</attribute>
 <attribute name="clientMaxPoolSize">304</attribute>
 <attribute name="socketTimeout">10000</attribute>
 <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
 <attribute name="serverBindPort">3873</attribute>
 <attribute name="clientConnectAddress">external-ip</attribute>
 <attribute name="clientConnectPort">3873</attribute>
 <attribute name="enableTcpNoDelay" isParam="true">false</attribute>
 <attribute name="backlog">200</attribute>
 </invoker>
 <handlers>
 <!--handler subsystem="mock">org.jboss.remoting.transport.mock.MockServerInvocationHandler</handler-->
 <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
 </handlers>
 </config>
 </attribute>

 </mbean>

new error msg:

vax.naming.NamingException: Could not dereference object [Root exception is org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection.]
 at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1150)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:705)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
 at javax.naming.InitialContext.lookup(Unknown Source)
 at GetBeans.lookup(GetBeans.java:72)
 at TestLookup.main(TestLookup.java:17)
Caused by: org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection.
 at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:253)
 at org.jboss.remoting.RemoteClientInvoker.invoke(RemoteClientInvoker.java:136)
 at org.jboss.remoting.Client.invoke(Client.java:444)
 at org.jboss.remoting.Client.invoke(Client.java:407)
 at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:41)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:88)
 at org.jboss.aspects.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:34)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:88)
 at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:46)
 at $Proxy0.createProxy(Unknown Source)
 at org.jboss.ejb3.JndiProxyFactory.getObjectInstance(JndiProxyFactory.java:47)
 at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
 at org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1125)
 at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1142)
 ... 5 more
Caused by: java.net.ConnectException: Connection timed out: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(Unknown Source)
 at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
 at java.net.PlainSocketImpl.connect(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at org.jboss.remoting.transport.socket.SocketClientInvoker.createSocket(SocketClientInvoker.java:517)
 at org.jboss.remoting.transport.socket.SocketClientInvoker.getConnection(SocketClientInvoker.java:457)
 at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:249)
 ... 18 more

Connection refused because it tries to talk to internal server ip on port 3873 :/

big question is why is "it" ignoring external ip in clientconnectadress still tries to connect via serverbindadress ?

also seems to ignore @remotebinding annotation ... but this one needs retesting on my side ...

regards, ntg

11. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

tom.elrod Mar 17, 2006 12:28 PM (in response to nickthegreat)

I just did a simple test using jboss-4.0.4RC1 (with ejb3 install via gui installer) and a very simple ejb3 deployment. I changed the jboss-service.xml (within server/default/deploy/ejb3.deployer/META-INF) to look like:

 <mbean code="org.jboss.remoting.transport.Connector"
 xmbean-dd="org/jboss/remoting/transport/Connector.xml"
 name="jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3">
 <depends>jboss.aop:service=AspectDeployer</depends>
<!-- <attribute name="InvokerLocator">socket://${jboss.bind.address}:3873</attribute> -->
<!-- <attribute name="Configuration">
 <handlers>
 <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
 </handlers>
 </attribute> -->
 <attribute name="Configuration">
 <!-- Using the following <invoker> element instead of the InvokerLocator above because specific attributes needed. -->
 <!-- If wanted to use any of the parameters below, can just add them as parameters to the url above if wanted use the InvokerLocator attribute. -->
 <config>
 <!-- Other than transport type and handler, none of these configurations are required (will just use defaults). -->
 <invoker transport="socket">
 <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
 <attribute name="serverBindPort">3873</attribute>
 <attribute name="clientConnectAddress">24.99.54.78</attribute>
 <attribute name="clientConnectPort">3873</attribute>
 </invoker>
 <handlers>
 <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
 </handlers>
 </config>
 </attribute>

 </mbean>

192.168.1.102 is the internal address (which is what jboss.bind.address will get set to) and 24.99.54.78 is my external address.

This worked fine. Even had Bill run the test client from his machine at home and hit my server at home and it worked fine.

I have opened a jira issue (http://jira.jboss.com/jira/browse/JBREM-345), which I will post the same app and full config for reference.

12. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

nickthegreat Mar 17, 2006 1:53 PM (in response to nickthegreat)

Bingo ! Success :)

With the version of server/default/deploy/ejb3.deployer/META-INF/jboss-standard.xml you've posted it (finally) works great :)

Thx a lot for the quick help :-)))
Actions
13. Re: (BIG) Problems with bean-lookup in NAT enviroment, EJB3R

tom.elrod Mar 17, 2006 3:57 PM (in response to nickthegreat)

Sure. I think your previous config would have worked if you would have commented out the InvokerLocator attribute (can't have InvokerLocator attribute and element configuration).
Actions

Go to original post