Thanks Clebert,

I want to configure 2 acceptors both on the same port but with different ip addresses. I don't know if this is possible. I'm guessing that because the server has no access to that address this can't be done. No NIC is ever attached to this address. The network infrastructure guys configured it this way because it makes their life easy. All they need to do is configure 1 rule on their firewall to forward all traffic coming from the external client destined for the <publicAddress> to the <privateAddress>

Can you advise me. This is not strictly multi homed is it? Could it work?

The trouble is that the server resolves it's own address first before it publishes the service in JNDI and as such the client is able to connect.

Plan b. Create a different connector for each client. The publisher would have the <privateAddress> and the consumer would have the <publicAddress>. The server would have an acceptor to the <privateAddress>

Is this the right approach? Should this work?

Hugh

JMS message consumer client has normal access to any public address using its <consumerIP>

JMS message producer client has no public access using its NAT <producerIP>

MOM message broker has no public access using its NAT <momIP> (JBoss must bind to <momIP>)

Firewall

     1.accepts all traffic routed to a public address range which includes a specific <publicIP>

     2. forwards all traffic arriving from <consumerIP> addressed to <publicIP> to <momIP>

---

JMS message consumer client connects to the JMS service via <publicIP>

JMS message producer client connects to the JMS service via <momIP>

It's not about configuring a firewall. The firewall is already configured. I can't do anything about it.

I'm asking how to make HornetQ work through this firewall.

The acceptors don't seem to be helpful as the public address is not accessible by the HornetQ machine. There is no way for it to bind to this address.

The address is translated by the firewall before it's seen there. The difficulty is with the JNDI connect address. This is published to the JNDI used by HornetQ or JBoss with its NAT address which is unreachable by the JMS message consumer client. The firewall can't translate this so messaging fails.

I'm not a firewall specialist either nor a JBoss specialist or even a HornetQ specialist. I'm just a java developer who's thrown in the deep end.

Please, if anyone can help I'd be eternally grateful.

Hugh

This works for jbossmq.

Are you saying that HornetQ isn't able to do this?

I think my problem is that I'm just a newbie and I haven't figured out how to configure this properly.

Are connectors declared on the client or the host?

Perhaps I just need to declare 1 acceptor and 2 different connectors, 1 for each incoming interface.

I've been reading this article http://community.jboss.org/thread/48925 amongst others.

The org.jboss.mq.il.uil.serverAddress allowed me to connect to the server through the firewall.

Another solution I tried was from  http://community.jboss.org/wiki/ConfigUIL2 but once I used the  ConnectAddress the internal message producer wasn't able to connect any  longer.

I can't test if my original solution will work for  hornetq right now, but I suspect that because it's a jbossmq specific  parameter, it won't work.

I'm working on the assumption that hornetq is at least as configurable as jbossmq.

Thanks for the blog article. It still isn't clear to  me (maybe becuse I'm a newbie) how to configure the system to do the  same or a similar thing here.

Specifically, do I put a hornetq-configuration.xml  file on the client with connectors to tell it to try to connect to the  jms using it's public ip or do i put a hornetq-configuration.xml file on  the server with connectors to tell the client to use the public  address?

Generally, is there any way to tell the client to use a specific ip to connect to the jms server?

Right now I'm trying this on my server:

default-with-hornetq/deploy/hornetq.sar/hornetq-jms.xml:

<connection-factory name="NettyConnectionFactory">
      <connectors>
         <connector-ref connector-name="netty"/>
      </connectors>
      <entries>
         <entry name="/ConnectionFactory"/>
         <entry name="/XAConnectionFactory"/>
      </entries>
   </connection-factory>
  
   <connection-factory name="NettyPublicConnectionFactory">
      <connectors>
         <connector-ref connector-name="netty-public"/>
      </connectors>
      <entries>
         <entry name="/PublicConnectionFactory"/>
         <entry name="/XAPublicConnectionFactory"/>
      </entries>
   </connection-factory>

default-with-hornetq/deploy/hornetq.sar/hornetq-configuration.xml:

<connectors>
      <connector name="netty">
         <factory-class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>
         <param key="host"  value="${jboss.bind.address:localhost}"/>
         <param key="port"  value="${hornetq.remoting.netty.port:5445}"/>
      </connector>
     
      <connector name="netty-public">
         <factory-class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>
         <param key="host"  value="${public.firewall.address:localhost}"/>
         <param key="port"  value="${hornetq.remoting.netty.port:5445}"/>
      </connector>

</connectors>

   <acceptors>  
      <acceptor name="netty">
         <factory-class>org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>
         <param key="host"  value="${jboss.bind.address:localhost}"/>
         <param key="port"  value="${hornetq.remoting.netty.port:5445}"/>
      </acceptor>
     
      <acceptor name="netty-public">
         <factory-class>org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>
         <param key="host"  value="${public.firewall.address:localhost}"/>
         <param key="port"  value="${hornetq.remoting.netty.port:5445}"/>
      </acceptor>

I start the JBoss with -Djboss.bind.address=  parameter

Does this look right?

So I finally sorted this out if anyone's interested.

I already tried Andreas' suggestion but the bind failed.

HornetQ documentation doesn't mention where to keep configuration files. I thought perhaps the client used the connectors configuration files. It might be obvious to anyone with experience setting it up, but not to a newbie.

The trouble turned out to be with the way the machine was setup. JBoss wasn't able to bind to the public address because it didn't exist. This wasn't a problem for the JBossMQ because you could tell the client to ignore the JNDI address published by the server.

The solution was to add the public address to the servers NIC so JBoss could bind to it. Being in promiscuous mode enabled the tcp/ip stack to sort out the internal routing. Retrying the original configuration with 2 connectors and 2 acceptors worked.