Solved

RMI over internet thru firewall

Posted on 2001-07-16
19
447 Views
Last Modified: 2013-12-29
hi all,
my RMI program is working fine in the LAN, but if i implement the RMI program with some additional codings like below in the client RMI.

Properties systemProperties =  System.getProperties();
systemProperties.put("proxySet","true");
systemProperties.put("proxyHost","ntserver1");
systemProperties.put("proxyPort","80");
System.setProperties(systemProperties);

but my RMI server is residing behind the firewall and it is blocking the request from the RMI client.
I get as "NoRouteToHostException" while i try to run the RMI client.
so looking for the help from u all. any guidance, sample codings will be highly appreciated. kindly help
0
Comment
Question by:ShafeeqA
19 Comments
 
LVL 4

Expert Comment

by:Neutron
ID: 6286054
rmiregistry by default uses port 1099.

I do not know much about net administration, but it is reasonable to suggest two things:
- talk to your admin to let you pass through this port, or
- run rmiregistry on some other port which you do have access to (rmiregistry has a parameter to set port number)

If you choose to use different port for rmi, specify the same port when doing a rmi server lookup on client.

This is not some big help, but it's a start :-)

Good luck,
    Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286120
Thanks for ur suggestion friend, but i think RMI uses arbitary ports on random, so RMI application chooses more than one port i suppose. if i'm asking permission to open the ports so how many ports should be opened ? pls let me know, ur suggestion, help will b highly appreciated
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286176
No matter what, it's a fact that default rmi port is 1099.
(look at java.rmi.registry.Registry class)

So if you run rmiregistry without parameters, it uses that default port.

Also - it makes sense, how do you imagine this random port access? In that case rmi client would have to scan all ports and see where it gets rmi response.

If you do a rmi server lookup without specifying a port un URL, java.rmi.Naming class during parsing rmi object URL adds default port.

So, it's worth trying to ask admin to let your rmi go:)

Greetings,
   Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286213
if i have to ask permission to the network admin to free the port in the firewall for my RMI, do i have to free single port for rmiregistry? or else do i have to free more than 1 port for other communication for RMI?
pls clear my doubt. it'll b very helpful
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286264
You only have to ask that your admin allows requests through port 1099 and to allow responses to be generated th these requests.

Greetings,
    Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286307
do i have to specify port no through which the RMI server sends the data back to the clientRMI ? if so then i should ask for 2 ports for RMI application, right ?
RMIregistry is using by default 1099, do i have to ask any other port to free for which the RMI server sends the data back to the clientRMI ? pls clarify
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286343
No, you don't have to specify on firewall which ports will server on 1099 use for redirection.

So, you only ask for clients to be able to pass through firewall port 1099 and to enable responses to these requests.

If responses are allowed, when server accepts connection it can redirect conversation with client to any free port above port 1024.

So you don't have to spectify any port number other than port you ask for (1099).

Greetings,
    Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286441
actually i had a post in the java.sun.forum as below:
-----------------------------------------
Re: regarding port for RMI in firewall
Author: stevejhunter  Jul 16, 2001 7:41 PM      
RMI uses two ports. An initial connection port and a communication port. The standards for these are 11900 and 11901 respectively, but you can specify others.
You set these up when you strt the rmiregistry on the server before you bind the server application.
SET REGISTRY=11900
SET COMMUNICATE=11901
Steve
-----------------------------------------
do i have to code as above ? do u have any suggestion regarding this
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286514
--------8<------------------------------------------
/*
 * @(#)Registry.java     1.13 00/02/02
 *
 * Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
 *
 * This software is the proprietary information of Sun Microsystems, Inc.  
 * Use is subject to license terms.
 *
 */
package java.rmi.registry;

import java.rmi.*;

public interface Registry extends Remote {
    /** Well known port for registry. */
    public static final int REGISTRY_PORT = 1099;
--------8<------------------------------------------

So, rmiregistry default initial port is 1099.

If you wish, you can change that port into whatever when you run the registry, ex.    rmiregistry 1771     if that port is free and correctly configured (since you have a problem with firewall)

I am talking about rmiregistry provided by Sun JDK.

Greetings,
    Ntr:)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 4

Expert Comment

by:Neutron
ID: 6286533
...and what are these SET supposed to mean?
DOS environment variables or... ??

Greetings,
    Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286555
i think it is java code, actually i don't know more about this, jus now i'm exploring RMI
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286722
Check this jGuru rmi tutorial, especially "Firewall Issues" part about HTTP tunneling for RMI in environment with firewall.

http://developer.java.sun.com/developer/onlineTraining/rmi/RMI.html

Greetings,
    Ntr:)
0
 

Author Comment

by:ShafeeqA
ID: 6286772
i have gone thru that link u provided
actually what this code is for ?
where i have to give this ? pls tell me
http://hostname:80/cgi-bin/java-rmi?forward=<port>
0
 
LVL 4

Expert Comment

by:Neutron
ID: 6286829
In that article it says that you can put/configure this java-rmi.cgi in server cgi directory (cgi is supported by jdk) to encapsulate all rmi calls which bump into firewall, sending them over HTTP, so they can be decoded at destination and forwarded to the port that wasn't allowed in the firewall.

Only flow is that it can be a possible security hole, bc this cgi will forward anything (not only rmi) through HTTP to any port - which you don't want.

BTW, at which point you get NoRouteToHost?
Is it when you are looking up exported RMI object or later?

You also said that in lan everything works fine. Can you post part of code where you retrieve stub and part of the code that invokes remote calls on it.

Also, can you post your stack trace which is dumped when you get the exceprion.

Greetings,
    Ntr:)
0
 
LVL 3

Expert Comment

by:falter
ID: 6287748
On server side someone has to open the firewall at specific ports (RMI registry, RMI server).
Write your own RMISocketFactory to ensure only ServerSockets will be used at a specific port.
If you do not you cannot predict which port will be used by your RMI server.
(My experience is based on JDK 1.1.8 never done it with JAVA 2)
May be there is a property you can set in JAVA 2, to force the use of a specific port for your RMI server.
Another approach as others mentioned  is to use RMI over HTTP, you need a HTTP server with a cgi-script (included in Java distribution) sending the RMI requests to your RMI server. Using HTTP version results in low performance and you will not be able to use callbacks (kind of RMI server at client side).
0
 

Author Comment

by:ShafeeqA
ID: 6288417
Here is my code i have cut some lines to make it small to accomodate here. pls look at this code
----client-----
import java.rmi.*;import java.rmi.Naming;import java.rmi.RemoteException;import java.io.*;
import java.io.IOException;import java.io.LineNumberReader;import java.util.Properties;
import java.net.MalformedURLException;import java.rmi.NotBoundException;

public class client
 {
String vcno;
String vpin;  // Variables declaration

public client() { }

 public static void main(String args[])
  {
  try
  {
client obj = new client();
Properties systemProperties =  System.getProperties();
systemProperties.put("http.proxySet","true");
systemProperties.put("http.proxyHost","ntserver1");
systemProperties.put("http.proxyPort","80");
System.setProperties(systemProperties);
ServerIntf serverintf=(ServerIntf)Naming.lookup("rmi://xxx.xxx.com/mofiserver");
// rest of the class
    }
String t;
t=serverintf.add(obj.vcno,obj.vpin);
 }
  catch(Exception e)
   {
    System.out.println("Error " +e);
        }
  }
}
--------------------------
--------server------
import java.net.*;import java.rmi.*;import java.rmi.Naming;
public class server {
public server() {
try
   {
    ServerIntf serverintf = new ServerImpl();
    Naming.rebind("rmi://xxx.xxx.com:1099/mofiserver", serverintf);
    }
catch(Exception e)
 {
  System.out.println("Exception : "+e);
  }
 }
public static void main(String args[])
  {
    new server();
   }
}
----------------------------------
--------Implementation-----------
import java.rmi.*;import java.rmi.server.*;import java.rmi.Naming;
import java.rmi.RemoteException;import java.rmi.RMISecurityManager;
import java.rmi.server.UnicastRemoteObject;import java.sql.*;import java.sql.ResultSet.*;
import java.lang.*;import java.util.Vector;import java.lang.String;import java.io.*;
import java.io.IOException;import java.io.LineNumberReader;

public class ServerImpl extends UnicastRemoteObject implements ServerIntf {
String temp;
public ServerImpl() throws RemoteException
     {
super();
         }
public static void main(String args[]) {

          // Create and install a security manager
          if (System.getSecurityManager() == null) {
              System.setSecurityManager(new RMISecurityManager());
          }
try
{
ServerImpl a = new ServerImpl();
}
catch(Exception e)
 {
  System.out.println("exception  "+e);
  }
}

public String add(String vcno,String vpin) throws RemoteException
 {

//variable declaration and rest of the codings
try
{ }
catch (Exception e)
{e.printStackTrace(); }
  return temp;
 }
}
----------------------------------

---------Interface--------------
import java.rmi.RemoteException;import java.rmi.*;

public interface ServerIntf extends Remote
 {
String add(String vcno,String vpin) throws RemoteException;
 }
------------------------------------
0
 

Author Comment

by:ShafeeqA
ID: 6288485
where to write RMISocketFactory in the client or in the server ? actually i'm new to RMI technology could u pls furnish the sample RMISocketFactory codings. it'll b very helpful. looking ur reply
0
 
LVL 5

Expert Comment

by:vemul
ID: 7669765
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- To be PAQ'ed and points refunded
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

vemul
Cleanup Volunteer
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 7714898
Per recommendation, points refunded and question closed.

Netminder
EE Admin
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This video teaches viewers about errors in exception handling.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now