5 Replies Latest reply on Mar 18, 2004 8:54 AM by Neil Davis

    UIL2/HTTP NAT configuration

    gxe Newbie

      I was wondering if anyone could clarify the use of UIL2 in my situation. I have been trying to connect to my server which is inside a firewall. The machine has an internal network name and address in addition to the external name and address exposed by the firewall. My problem has been that when I try to connect from a dialup machine it is having problems with the address that the server gives the TopicConnection which is given to the client. I switched debug on the client by changing the properties file (is there a switch for this?) and it shows the socket connection has the correct domain name, but my internal IP address. The connection times out. Am i doing something wrong? Have I missed a configuration file? I used the following thread to help me configure the url for the server.

      http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t= did get the HTTP to work after the debug told me I also had to configure the HTTPILServlet address.

      Thanks Glen
      PS I have purchased the documentation, and looked in the source code - just incase that is the only suggestion :)

        • 1. Re: UIL2/HTTP NAT configuration
          Lea Thurman Newbie

          Hi Glen,

          I dont know if you have been following the JBossMQ and NAT discussions in the past but older versions certainly 3.0.6 and UIL did not support it.

          I spent most of a day trying to get 3.2.1 and UIL2 to work with NAT and came upon problem after problem.

          I came to the conclusion that UIL2 does not support NAT.

          I ended up sticking with the version I have 3.0.6 with some nasty fixes offered to me by a friend.

          When I have some serious free time we need to all sort this out and nail UIL and UIL2 and NAT.


          • 2. Re: UIL2/HTTP NAT configuration
            sagamartha Newbie

            I am also attempting to use UIL2 over a firewall/NAT configuration. Has anyone been able to get this to work?


            • 3. Re: UIL2/HTTP NAT configuration
              Ivan O. Parra Novice

              Wanna hear it... okay....

              In UILServerIL.java add this line right before it creates a socket in createConnection method.

              String hostName = addr.getHostName();
              addr = InetAddress.getByName(hostName);

              This little fix works for us at AR. If it works for you, I may post a patch. PLEASE post your progress. Just because it works for us doesn't mean it works for all.


              BTW. This code fix existed at my company before I got here. If I did it, I would've posted at SF.

              • 4. Re: UIL2/HTTP NAT configuration
                Neil Davis Newbie

                With Firewall:
                Figure out the ip you are connecting to. This is your "mapped ip"
                Set up box on your internal network to connect to mapped IP

                With NAT'd DMZ box:
                Set up box as normal with dmz network in NAT'd network.
                Verify you can connect to this box from the internal box using telnet.

                With internal box:
                make sure you can connect to all necessary ports-
                ex. telnet someip 1099

                Should return a prompt with ^] to get out of it, or possibly some garbage.

                This means your firewall is allowing you to connect on a given port with a given IP. If you can't connect, you need to open the port. You need 3 of these ports, depending on how JBoss is configured. All 3 need to work.

                With dmz box:
                Add the mapped ip to hosts by replacing the localhost with-
                mappedip localhost localhost.localdomain etc..

                You should now be able to connect up to the remote queue using Adrians already published configuration examples.

                This difficulty is not JBoss' fault. I think the Sun spec doesn't cover messaging over firewalls at all. UIL2 works fine when it isn't NAT'd but the reverse lookup required by Sun fails because the IP you are talking to, isn't the same IP the NAT'd box thinks it is. Therefore messaging can't perform it's required checks to verify the connection.

                My hosts hack makes the box think it's ip is the mapped ip, so it returns the addy the internal box is expecting.

                Through a non NAT firewall, the ip the source server is talking to gets returned in the reverse lookup, therefore there is no problem when not NAT'ing.

                JBoss is going above and beyond the call of duty by working with firewalls at all so don't complain too much.

                WARNING: I have not tested this solution in production or with a clustered JBoss situation so don't know if it is suitable. Use at your own risk.

                The hack posted earlier in this post is probably the better solution. I just don't want to have to patch JBoss every time I upgrade it, so am trying something else. I will keep this board posted on my progress.


                • 5. Re: UIL2/HTTP NAT configuration
                  Neil Davis Newbie


                  You also need to add the mapped IP to the DMZ box's network config. Forgot this detail