3 Replies Latest reply on Dec 18, 2002 9:48 AM by andrew_maye

JMS Firewall problem using UIL

andrew_maye Dec 18, 2002 5:48 AM

Hi,

I'm trying to get JMS working across the internet. I've got JBoss 3.03 running behind a DSL-504 firewall on a WinXP box, using Java 1.3.1_04.

I've followed the suggestions that I've found in this and other forums, namely:

1. Opened port 1099 for JNDI on the firewall.
2. Fixed the RMI port on the naming service in jboss-service.xml (I've used port 8121).
3. Opened the RMI port on the firewall.
4. Switched to using UIL rather than OIL.
5. Opened up port 8091 for UIL
6. Set the following properties:
java.rmi.server.hostname=<my external IP address>
java.rmi.server.useLocalHostname=false
The suggestion to set these said to do it in jboss.properties, but since that no londer exists, I've set them in run.bat.
7. Put an entry in my hosts file for mapping my external domain name back to the local IP address (127.0.0.1). This is the step I was least sure about when I was looking through old posts for information.

When I ran my client, I was able to connect to the naming service correctly. I saw connections coming in on both ports 1099 and 8121. So far so good. I've also tried a JNDI browser and that works fine.

However, when I tried to connect to the messaging service, the client was trying to connect to port 8091 on IP address 192.168.0.2, i.e. a local IP address. This causes a SocketException (code 10051) to be thrown on the client.

I thought setting the "java.rmi.server.hostname" property solved that, or is that for RMI only? Obviously, JBoss is sending out the local IP address and not switching in it's place my external IP address.

Since this was the part I was least sure of, I've tried various settings in the hosts file mentioned above - external IP address + local IP address from DHCP, but to no avail.

Have a missed anything out? Any help would be gratefully received. This has had me stumped for almost 2 weeks now.

Cheers,

Andrew.

1. Re: JMS Firewall problem using UIL

cmgharris Dec 18, 2002 9:27 AM (in response to andrew_maye)

The thread "Re: JMS and firewalls - Is it possible?" on this forum speaks about the mapping in the hosts file, and as I read it, says you definitely shouldn't map the host name to 127.0.0.1. You might try it with the 'real' ip address instead.

Incidentally your post helped me sort out a problem I was having with this issue. Thanks.

Chris
Actions
2. Re: JMS Firewall problem using UIL

andrew_maye Dec 18, 2002 9:44 AM (in response to andrew_maye)

I've just been looking through the code for UILServerILService and other classes around it.

It appears to me that the local IP address of the machine is just passed through to the client (it does an InetAddress.getLocalHost).

In my server.log file I see the following:

2002-12-18 14:13:53,467 INFO [org.jboss.mq.il.oil.OILServerILService] Started
2002-12-18 14:13:53,467 INFO [org.jboss.mq.il.uil.UILServerILService] Starting
2002-12-18 14:13:53,467 INFO [org.jboss.mq.il.uil.UILServerILService] JBossMQ UIL service available at : 0.0.0.0/0.0.0.0:8091

Therefore I'm safe to assume that the following code gets executed in the startService method of UILServerILService.java:

if( socketAddress.toString().equals("0.0.0.0/0.0.0.0") )
socketAddress = InetAddress.getLocalHost();

serverIL = new UILServerIL(socketAddress, serverSocket.getLocalPort(), enableTcpNoDelay);

i.e. it will just get my local IP address. Looking through the other classes around here (SpyConnectionFactory, SpyConnection, GenericConnectionFactory, etc) I think that the "serverIL" object above just gets passed straight through to the client.

Does this mean that UIL does not work with NAT? My ADSL firewall/router unit is doing NAT.

Could someone please confirm if this is the case?

Thanks,

Andrew.
Actions
3. Re: JMS Firewall problem using UIL

andrew_maye Dec 18, 2002 9:48 AM (in response to andrew_maye)

> The thread "Re: JMS and firewalls - Is it possible?"
> on this forum speaks about the mapping in the hosts
> file, and as I read it, says you definitely shouldn't
> map the host name to 127.0.0.1. You might try it with
> the 'real' ip address instead.

I've tried all combinations I can think of:

1. 127.0.0.1
2. Nothing at all
3. 192.168.0.2 (by local IP address)
4. My external IP address

Any other suggestions most welcome!

I'm beginning to think it is to do with NAT not being dealt with by UIL. See my earlier follow-up in this thread.

> Incidentally your post helped me sort out a problem I
> was having with this issue. Thanks.

No problem. I thought I'd do a lengthy post with all the information I'd gathered from other places, since there seemed to be a lack of one post that contained everything you need to know.

> Chris

Cheers,

Andrew.
Actions

Go to original post