NAT, as in network address translation?

Do you mean virtual hosts?

This is operating system level functionality and has little to do with your application server.

Are you trying to expose an application server that is hosted on an internal network to the outside world? What operating system are you using?

HTTP clients only?

You will need some kind of port forwarding solution for this. It's outside of JBoss scope.

If you already have this working for AS5, then a similar solution will work with AS7.

How did you get on? Our application needs remote EJB clients and remote JMS. Poor support for JBoss behind NAT caused us real issues trying to use AS 5.1 on EC2

Why is this a JBoss problem and not a network infrastructure problem?

What do you think can be done in JBoss that will make this easier?

Will hi,

what exactly is your problem with AS7 in relation to NAT configuration?

In all versions before 7 configuration NAT/Firewall was pain as there ware so many ports so many different configuration files etc...

Now you have a section of configuration interfaces & especialy socket-binding-group where you have all socket bindings defined in single place.

We reduced number of ports needed to run AS and we are working to further reduce this to better work in cloud enviroments where having many ports can be an issue.

example of default configuration:

<interfaces>

        <interface name="management">

            <inet-address value="127.0.0.1"/>

        </interface>

        <interface name="public">

            <inet-address value="${jboss.bind.address:127.0.0.1}"/>

        </interface>

        <!-- TODO - only show this if the jacorb subsystem is added  -->

        <interface name="unsecure">

            <!--

              ~  Used for IIOP sockets in the standard configuration.

              ~                  To secure JacORB you need to setup SSL

              -->

            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

        </interface>

    </interfaces>

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

        <socket-binding name="ajp" port="8009"/>

        <socket-binding name="http" port="8080"/>

        <socket-binding name="https" port="8443"/>

        <socket-binding name="remoting" port="4447"/>

        <socket-binding name="txn-recovery-environment" port="4712"/>

        <socket-binding name="txn-status-manager" port="4713"/>

        <outbound-socket-binding name="mail-smtp">

            <remote-destination host="127.0.0.1" port="25"/>

        </outbound-socket-binding>

    </socket-binding-group>

From my point of view if you look at this configuration, you can easily see what ports you should or should not NAT to. it cannot be much easier

--

tomaz

The key bit about nat is what ip/address jboss actually binds to vs what ip/address should be used for remote items to connect.

For example, in the past when trying to call a remote EJB over RMI, you would need to say use -b 192.168.1.123 -Djava.rmi.server.hostname=1.2.3.4 -Djava.rmi.server.useLocalHostname=false as otherwise the rmi proxy stub obtained over jndi would set the ip for the proxy to connect to 192.168.1.123 (or the machine's hostname, e.g myserver.local). For JMS there were similar issues requirig manual configuration of the transport

Will Tatam wrote:

 

The key bit about nat is what ip/address jboss actually binds to vs what ip/address should be used for remote items to connect.

 

For example, in the past when trying to call a remote EJB over RMI, you would need to say use -b 192.168.1.123 -Djava.rmi.server.hostname=1.2.3.4 -Djava.rmi.server.useLocalHostname=false as otherwise the rmi proxy stub obtained over jndi would set the ip for the proxy to connect to 192.168.1.123

We have specifically designed to improve this in AS7 EJB clients. Actually, that requires a bit of documentation since it deserves more than a couple of sentences of explanation. I'll try and get that up soon.

I am looking for a same kind of configurations or work arounds for remote look up to a Jboss behind the NAT.