Usually you allow the web server to connect to port 8009 on the node(s) that is enough.
hai Jean, thanks for the answer
my mod_cluster located at DMZ, so when the web server try to check the node using cping/cpong the web server will send a request using random port to 8009 (CPING) and my jboss node will answer the request to that port ( the random port ) on web server (CPONG), i only open 8009,80 port not open lots of port for web server at the firewall, i try sniff the packet using wireshark, in your case,are you allowed your jboss node to access all port at your web server? couse if i do that then i should open more than 30000 ports, the webserver always using higher random ports.
note: sory for my bad english
1 of 1 people found this helpful
You must be doing something wrong with the firewall configuration usually you have to open 8009 from httpd to jboss nodes and allow the MCP messages from the nodes to httpd. It is tcp connections.
Hai Jean, you absolutely right. After your reply we cek to our DMZ firewall, and we're found some mistake rules in there. Thank you very much Jean you very helpful. Problem solved.
what we do is, open the 8009 port at jboss nodes, then accept source port 8009 at web server, so the jboss nodes can communicate.