It's on the WIKI.
Click Wikis on the left hand menu bar then click "Secure JBoss"
Thanks, Adrian. But I don't really feel satisfied yet.
I would like to be more precise: We have a stand-alone app server (JBoss 3.2.3) and a stand-alone servlet engine (Tomcat 5.0.19). These two components should be separated by a firewall.
From what I found on the Wiki (the one you suggested) there is no way to configure the dynamic ports JBoss uses to communicate with the servlet engine and vice versa. Is this true?
there was a "jnp.properties" file in JBoss 2.2.2 where you could configure the listening port for jnp.
With a content like
the "random" ports above 30000 would stick to 1100. It worked for 2.4 and as far as I see the code is still in 3.2. Maybe there is another way to configure it in the newer versions. I hope there is no performance reduction with this, anyone knows?
jnp.properties is no longer used. See the referenced wiki page.
I don't see the answer on the wiki page - maybe the question was not clear enough:
The ejb client is on the "servlet/web server" machine and makes a ejb lookup and connection to a separate machine running JBoss. This causes the "high random" listening ports to appear at run/invokation time. In fact the jnp.properties fix does not seem to work with JBoss 3, any further ideas ...?
I finally figured out what it takes to restrict rmi communication between jboss app server and servlet engine to one specific port, in this case to 4444. I had to uncomment the following line in the jboss-service.xml file, section "rmi/jrmp invoker":
I must admit, I overlooked the fact that it was commented out. Shame on me... only typos are worse!
Thanks anyway, have a nice day,
I have exactly the same problem when trying to connect to jboss through a firewall. I configured my jboss 3.2.6 server as mentioned on the Wiki.
Here is my client code:
Hashtable env = new Hashtable();
Context ctx = new InitialContext(env);
Object obj = ctx.lookup("myObject");
Getting the InitialContext works fine but during the lookup it always tries to connect to a high random port.
I hope someone can help me.
it's me again.
I am still stuck in that problem.
I also searched several other forums for that issue and whever I found it I couldn't get a satisfying answer. I even read somewhere that it is a general Java RMI issue that one cannot get around. Is that true?
It would be really helpful if I could get a clear statement.
We have a working RMI firewall configuration with the following enabled
TCP:1099 (JNDI Naming)
TCP:1100 (Cluster JNDI Naming)
3 short steps to make jboss accessible from outside firewall,
presuming on windows ( for step 3 ):
1. Make sure you have a name resolving to the external IP address of the FW eg.: externalip.example.org
2. Startup the JBoss server with an extra parameter: -b externalip.example.org
3. Supposing your internal IP address is eg. 192.168.1.1, in your windows
hosts file ( c:\windows\drivers\etc\hosts ) add: