Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

RMI over internet thru firewall

hi all,
my RMI program is working fine in the LAN, but if i implement the RMI program with some additional codings like below in the client RMI.

Properties systemProperties =  System.getProperties();
systemProperties.put("proxySet","true");
systemProperties.put("proxyHost","ntserver1");
systemProperties.put("proxyPort","80");
System.setProperties(systemProperties);

but my RMI server is residing behind the firewall and it is blocking the request from the RMI client.
I get as "NoRouteToHostException" while i try to run the RMI client.
so looking for the help from u all. any guidance, sample codings will be highly appreciated. kindly help
0
ShafeeqA
Asked:
ShafeeqA
1 Solution
 
NeutronCommented:
rmiregistry by default uses port 1099.

I do not know much about net administration, but it is reasonable to suggest two things:
- talk to your admin to let you pass through this port, or
- run rmiregistry on some other port which you do have access to (rmiregistry has a parameter to set port number)

If you choose to use different port for rmi, specify the same port when doing a rmi server lookup on client.

This is not some big help, but it's a start :-)

Good luck,
    Ntr:)
0
 
ShafeeqAAuthor Commented:
Thanks for ur suggestion friend, but i think RMI uses arbitary ports on random, so RMI application chooses more than one port i suppose. if i'm asking permission to open the ports so how many ports should be opened ? pls let me know, ur suggestion, help will b highly appreciated
0
 
NeutronCommented:
No matter what, it's a fact that default rmi port is 1099.
(look at java.rmi.registry.Registry class)

So if you run rmiregistry without parameters, it uses that default port.

Also - it makes sense, how do you imagine this random port access? In that case rmi client would have to scan all ports and see where it gets rmi response.

If you do a rmi server lookup without specifying a port un URL, java.rmi.Naming class during parsing rmi object URL adds default port.

So, it's worth trying to ask admin to let your rmi go:)

Greetings,
   Ntr:)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
ShafeeqAAuthor Commented:
if i have to ask permission to the network admin to free the port in the firewall for my RMI, do i have to free single port for rmiregistry? or else do i have to free more than 1 port for other communication for RMI?
pls clear my doubt. it'll b very helpful
0
 
NeutronCommented:
You only have to ask that your admin allows requests through port 1099 and to allow responses to be generated th these requests.

Greetings,
    Ntr:)
0
 
ShafeeqAAuthor Commented:
do i have to specify port no through which the RMI server sends the data back to the clientRMI ? if so then i should ask for 2 ports for RMI application, right ?
RMIregistry is using by default 1099, do i have to ask any other port to free for which the RMI server sends the data back to the clientRMI ? pls clarify
0
 
NeutronCommented:
No, you don't have to specify on firewall which ports will server on 1099 use for redirection.

So, you only ask for clients to be able to pass through firewall port 1099 and to enable responses to these requests.

If responses are allowed, when server accepts connection it can redirect conversation with client to any free port above port 1024.

So you don't have to spectify any port number other than port you ask for (1099).

Greetings,
    Ntr:)
0
 
ShafeeqAAuthor Commented:
actually i had a post in the java.sun.forum as below:
-----------------------------------------
Re: regarding port for RMI in firewall
Author: stevejhunter  Jul 16, 2001 7:41 PM      
RMI uses two ports. An initial connection port and a communication port. The standards for these are 11900 and 11901 respectively, but you can specify others.
You set these up when you strt the rmiregistry on the server before you bind the server application.
SET REGISTRY=11900
SET COMMUNICATE=11901
Steve
-----------------------------------------
do i have to code as above ? do u have any suggestion regarding this
0
 
NeutronCommented:
--------8<------------------------------------------
/*
 * @(#)Registry.java     1.13 00/02/02
 *
 * Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
 *
 * This software is the proprietary information of Sun Microsystems, Inc.  
 * Use is subject to license terms.
 *
 */
package java.rmi.registry;

import java.rmi.*;

public interface Registry extends Remote {
    /** Well known port for registry. */
    public static final int REGISTRY_PORT = 1099;
--------8<------------------------------------------

So, rmiregistry default initial port is 1099.

If you wish, you can change that port into whatever when you run the registry, ex.    rmiregistry 1771     if that port is free and correctly configured (since you have a problem with firewall)

I am talking about rmiregistry provided by Sun JDK.

Greetings,
    Ntr:)
0
 
NeutronCommented:
...and what are these SET supposed to mean?
DOS environment variables or... ??

Greetings,
    Ntr:)
0
 
ShafeeqAAuthor Commented:
i think it is java code, actually i don't know more about this, jus now i'm exploring RMI
0
 
NeutronCommented:
Check this jGuru rmi tutorial, especially "Firewall Issues" part about HTTP tunneling for RMI in environment with firewall.

http://developer.java.sun.com/developer/onlineTraining/rmi/RMI.html

Greetings,
    Ntr:)
0
 
ShafeeqAAuthor Commented:
i have gone thru that link u provided
actually what this code is for ?
where i have to give this ? pls tell me
http://hostname:80/cgi-bin/java-rmi?forward=<port>
0
 
NeutronCommented:
In that article it says that you can put/configure this java-rmi.cgi in server cgi directory (cgi is supported by jdk) to encapsulate all rmi calls which bump into firewall, sending them over HTTP, so they can be decoded at destination and forwarded to the port that wasn't allowed in the firewall.

Only flow is that it can be a possible security hole, bc this cgi will forward anything (not only rmi) through HTTP to any port - which you don't want.

BTW, at which point you get NoRouteToHost?
Is it when you are looking up exported RMI object or later?

You also said that in lan everything works fine. Can you post part of code where you retrieve stub and part of the code that invokes remote calls on it.

Also, can you post your stack trace which is dumped when you get the exceprion.

Greetings,
    Ntr:)
0
 
falterCommented:
On server side someone has to open the firewall at specific ports (RMI registry, RMI server).
Write your own RMISocketFactory to ensure only ServerSockets will be used at a specific port.
If you do not you cannot predict which port will be used by your RMI server.
(My experience is based on JDK 1.1.8 never done it with JAVA 2)
May be there is a property you can set in JAVA 2, to force the use of a specific port for your RMI server.
Another approach as others mentioned  is to use RMI over HTTP, you need a HTTP server with a cgi-script (included in Java distribution) sending the RMI requests to your RMI server. Using HTTP version results in low performance and you will not be able to use callbacks (kind of RMI server at client side).
0
 
ShafeeqAAuthor Commented:
Here is my code i have cut some lines to make it small to accomodate here. pls look at this code
----client-----
import java.rmi.*;import java.rmi.Naming;import java.rmi.RemoteException;import java.io.*;
import java.io.IOException;import java.io.LineNumberReader;import java.util.Properties;
import java.net.MalformedURLException;import java.rmi.NotBoundException;

public class client
 {
String vcno;
String vpin;  // Variables declaration

public client() { }

 public static void main(String args[])
  {
  try
  {
client obj = new client();
Properties systemProperties =  System.getProperties();
systemProperties.put("http.proxySet","true");
systemProperties.put("http.proxyHost","ntserver1");
systemProperties.put("http.proxyPort","80");
System.setProperties(systemProperties);
ServerIntf serverintf=(ServerIntf)Naming.lookup("rmi://xxx.xxx.com/mofiserver");
// rest of the class
    }
String t;
t=serverintf.add(obj.vcno,obj.vpin);
 }
  catch(Exception e)
   {
    System.out.println("Error " +e);
        }
  }
}
--------------------------
--------server------
import java.net.*;import java.rmi.*;import java.rmi.Naming;
public class server {
public server() {
try
   {
    ServerIntf serverintf = new ServerImpl();
    Naming.rebind("rmi://xxx.xxx.com:1099/mofiserver", serverintf);
    }
catch(Exception e)
 {
  System.out.println("Exception : "+e);
  }
 }
public static void main(String args[])
  {
    new server();
   }
}
----------------------------------
--------Implementation-----------
import java.rmi.*;import java.rmi.server.*;import java.rmi.Naming;
import java.rmi.RemoteException;import java.rmi.RMISecurityManager;
import java.rmi.server.UnicastRemoteObject;import java.sql.*;import java.sql.ResultSet.*;
import java.lang.*;import java.util.Vector;import java.lang.String;import java.io.*;
import java.io.IOException;import java.io.LineNumberReader;

public class ServerImpl extends UnicastRemoteObject implements ServerIntf {
String temp;
public ServerImpl() throws RemoteException
     {
super();
         }
public static void main(String args[]) {

          // Create and install a security manager
          if (System.getSecurityManager() == null) {
              System.setSecurityManager(new RMISecurityManager());
          }
try
{
ServerImpl a = new ServerImpl();
}
catch(Exception e)
 {
  System.out.println("exception  "+e);
  }
}

public String add(String vcno,String vpin) throws RemoteException
 {

//variable declaration and rest of the codings
try
{ }
catch (Exception e)
{e.printStackTrace(); }
  return temp;
 }
}
----------------------------------

---------Interface--------------
import java.rmi.RemoteException;import java.rmi.*;

public interface ServerIntf extends Remote
 {
String add(String vcno,String vpin) throws RemoteException;
 }
------------------------------------
0
 
ShafeeqAAuthor Commented:
where to write RMISocketFactory in the client or in the server ? actually i'm new to RMI technology could u pls furnish the sample RMISocketFactory codings. it'll b very helpful. looking ur reply
0
 
vemulCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- To be PAQ'ed and points refunded
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

vemul
Cleanup Volunteer
0
 
NetminderCommented:
Per recommendation, points refunded and question closed.

Netminder
EE Admin
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now