> What am I missing? does RMI uses random port? is
> there a way to restrict it to use only a fixed set of
# The port the RMI NamingServer is exported on,
# 0 = bind any available port
Use the RmiPort mbean attribute rather than jnp.properties.
<mbean code="org.jboss.naming.NamingService" name="DefaultDomain:service=Naming"> <attribute name="Port">1099</attribute> <attribute name="RmiPort">10990</attribute> </mbean>
Thanks for the answers.
Is one port enough for all the communication? can I declare more than one?
It seems to me what you really want for security, is that only the webserver port(s) are accessible from other machines. So,
- either you can specify in JBoss that connections to its naming service etc. are only allowed from a specific IP address (in your case, localhost)
- or you have a firewall which allows only calls to port 80 & 443 to your machine
I have no idea whether in JBoss you can restrict from which IP address calls are allowed. But it would nice if you could, you can do this in many Internet services like ftp, postgresql database, ...
My question is regarding both security and performance. If I want to close all unneccesary ports, I want to know what ports need to be open. So I restricted the RMI Port to be 10990. Now I get to the other side, which is performance. If I open only one port, and use around 30 beans, will this affect the performance of the system, e.g. will the single port become a bottleneck in the system.
If so, can I declared more than one RMI Port ?
I'm unable to get a final answer to the question of fixing the RMI port in order to be able to get through a firewall:
a. Does JBOSS use transient ports for every RMI object or is it on a per client basis? What kind of multiplexing is done, if any? If it does use transient ports, what is the limit on the number of objects that can exist in a single VM?
b. How do I fix this? I dont see a file called jnp.properties. Should I fix one port for the JNDI service and one for the rest of the objects?
c. What are the performance implications of fixing the RMI port?