Solved

What are the ports to be opened for JBOSS when running behind firewall

Posted on 2008-10-14
4
534 Views
Last Modified: 2013-12-02
Hi,
What are the ports to be opened for JBOSS when running behind firewall ?
Also, when multiple instances are running behind loadbalancer only for stateless session beans, do we need to configure for session affinity? Does RMI/JRMP requires session affinity for isolated stateless session bean invocations?

Thanks
0
Comment
Question by:ponnen
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:visorx
ID: 22715500
Hi,
Although there are lot of ports Jboss uses, only three are sufficient for RMI invocation.
You should open three ports through your firewall, which are:
naming service, which is 1099
naming service RmiPort, which is 1098
and jrmp RMIObjectPort, which is 4444.
{I'm assuming the default config for Jboss, replace the ports with actual values}
Also make sure that the jboss-service.xml file in your server configuration is using these fixed ports.
You should have this in jboss-service.xml:
<mbean code="org.jboss.naming.NamingService"
name="jboss:service=Naming">
<attribute name="Port">1099</attribute>
<attribute name="RmiPort">1098</attribute>
</mbean>

and

<!-- RMI/JRMP invoker -->
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
name="jboss:service=invoker,type=jrmp">
<attribute name="RMIObjectPort">4444</attribute>
<depends>jboss:service=TransactionManager</depends>
</mbean>

Now on jboss in run script pass these parameters in run.sh or run.bat.

-Djava.rmi.server.hostname=<external-hostname>
-Djava.rmi.server.useLocalHostname=false

external-hostname is the host name of jboss server by which the clients will connect to this jboss instance.
Also the last lines ensure that "localhost" is not pass back to clients OUTSIDE the firewall.
{ if you still get "localhost" on client machine then try setting the useLocalHostname param to true. This is weird but on old jboss I had to use true!!! }

If you still are not able to connect then make sure that external-hostname gets resolved on JBOSS server to localhost.



For your second question: you'll not need to session affinity / state preservation for stateless bean.

Cheers!
0
 

Author Comment

by:ponnen
ID: 22716900
Thanks a lot for the reply. It is very informative.
I have three jboss instances running on seperate machines behind a firewall and load balancer. if I have service1, service2, service3 jboss instances, what should be the -Djava.rmi.server.hostname=<> value? Is it the corresponding service<n> ip address or the load balancer address? My client web app runs in another zone so it needs to go through firewall and load balancer to reach jboss instances.

Thanks in advance.
0
 
LVL 1

Accepted Solution

by:
visorx earned 250 total points
ID: 22718618
Ideally it should be the load-balancer "hostname". Please note that we want the hostname and not IP address here. Hope this helps..
Cheers!
0
 

Author Comment

by:ponnen
ID: 22727426
Thanks. that was helpful.
Could you please enlighten how the lookup works? Is it JNP lookup on port 1099 and then the client side stub communicate with server on JRMP 4444 for remote invocation marshalling/unmarshalling? Does the stub contain info (ip/port) about the server home interface? Would appreciate if anybody could describe the full communication process from lookup to method invocation.

Thanks a lot.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question