3 Replies Latest reply on Dec 22, 2010 9:40 AM by misel

    JBoss ESB/Messaging and firewalls

    massios
    massios Dec 14, 2010 5:08 AM

      Dear all,

       

      We are trying to use jboss messaging in a secure environment. In our configuration we have

      1) A JBoss 5.1 GA application server that acts as a client

      2) A JBoss 5.1 GA application server that runs JBoss ESB 4.6 that acts as a server

      3) A firewall that separates the two.

       

      We  want to configure the firewall to only allow the necessary ports  through. So far we have noted down the following ports related to JBoss  messaging

      1099 JNI

      1098 RMI

      4457 JMS - bisocket transport


      However  we are missing one. Each time the server jboss (2) is restarted it  starts using a forth port. This port is each time different and the  range is very wide (I do not think it has a range). I have seen values  from as low as 1XXX to as high as 5XXXX. We want to set this port in  jboss configuration to something fixed, so that we can declare it to the  firewall. Has anyone done this?

       

      Thanks in advance,

       

      Nikos

        • 1. Re: JBoss ESB/Messaging and firewalls
          misel
          misel Dec 14, 2010 6:52 AM (in response to massios)

          Hi,

          sounds like you haven't configured the secondary server socket, which uses random ports by default, for remoting?

           

          Set secondaryBindPort explicitly in deploy/messaging/remoting-bisocket-service.xml

           

          Regards,

          ml

            • Actions
          • 2. Re: JBoss ESB/Messaging and firewalls
            massios
            massios Dec 17, 2010 3:45 AM (in response to misel)

            Hello misel,

             

            I tried it out yesterday and your suggestion worked just fine,  thanks. It also worked for remoting-sslbisocket-service.xml. The only  problem I found was that in our configuration we are using clustering  and we set the ports for each node in the cluster using  -Djboss.service.binding.set=ports-default etc. It seems that the  secondaryBindPort is not included in the ports that this port setting  system of jboss can handle. So I had to manually edit the  secondaryBindPort for each node in the cluster.

             

            I was wondering if you have also seen this and have found a better solution.

             

             

            Thanks again,

             

            Nikos

              • Actions
            • 3. Re: JBoss ESB/Messaging and firewalls
              misel
              misel Dec 22, 2010 9:40 AM (in response to massios)

              Hi Nikos,

               

              glad it helped. I don't know why this isn't configurable by using the binding service (maybe the messaging team can answer that). I can't see any reasons why you couldn't substitute it with ${property.name} and then e.g chuck it into the binding service, or in run.conf with -Dproperty.name.

               

              Cheers

                • Actions