Solved

What are the ports to be opened for JBOSS when running behind firewall

Posted on 2008-10-14
4
533 Views
Last Modified: 2013-12-02
Hi,
What are the ports to be opened for JBOSS when running behind firewall ?
Also, when multiple instances are running behind loadbalancer only for stateless session beans, do we need to configure for session affinity? Does RMI/JRMP requires session affinity for isolated stateless session bean invocations?

Thanks
0
Comment
Question by:ponnen
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:visorx
ID: 22715500
Hi,
Although there are lot of ports Jboss uses, only three are sufficient for RMI invocation.
You should open three ports through your firewall, which are:
naming service, which is 1099
naming service RmiPort, which is 1098
and jrmp RMIObjectPort, which is 4444.
{I'm assuming the default config for Jboss, replace the ports with actual values}
Also make sure that the jboss-service.xml file in your server configuration is using these fixed ports.
You should have this in jboss-service.xml:
<mbean code="org.jboss.naming.NamingService"
name="jboss:service=Naming">
<attribute name="Port">1099</attribute>
<attribute name="RmiPort">1098</attribute>
</mbean>

and

<!-- RMI/JRMP invoker -->
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
name="jboss:service=invoker,type=jrmp">
<attribute name="RMIObjectPort">4444</attribute>
<depends>jboss:service=TransactionManager</depends>
</mbean>

Now on jboss in run script pass these parameters in run.sh or run.bat.

-Djava.rmi.server.hostname=<external-hostname>
-Djava.rmi.server.useLocalHostname=false

external-hostname is the host name of jboss server by which the clients will connect to this jboss instance.
Also the last lines ensure that "localhost" is not pass back to clients OUTSIDE the firewall.
{ if you still get "localhost" on client machine then try setting the useLocalHostname param to true. This is weird but on old jboss I had to use true!!! }

If you still are not able to connect then make sure that external-hostname gets resolved on JBOSS server to localhost.



For your second question: you'll not need to session affinity / state preservation for stateless bean.

Cheers!
0
 

Author Comment

by:ponnen
ID: 22716900
Thanks a lot for the reply. It is very informative.
I have three jboss instances running on seperate machines behind a firewall and load balancer. if I have service1, service2, service3 jboss instances, what should be the -Djava.rmi.server.hostname=<> value? Is it the corresponding service<n> ip address or the load balancer address? My client web app runs in another zone so it needs to go through firewall and load balancer to reach jboss instances.

Thanks in advance.
0
 
LVL 1

Accepted Solution

by:
visorx earned 250 total points
ID: 22718618
Ideally it should be the load-balancer "hostname". Please note that we want the hostname and not IP address here. Hope this helps..
Cheers!
0
 

Author Comment

by:ponnen
ID: 22727426
Thanks. that was helpful.
Could you please enlighten how the lookup works? Is it JNP lookup on port 1099 and then the client side stub communicate with server on JRMP 4444 for remote invocation marshalling/unmarshalling? Does the stub contain info (ip/port) about the server home interface? Would appreciate if anybody could describe the full communication process from lookup to method invocation.

Thanks a lot.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now