RMI thorugh FIREWALL

Similar Messages

• RMI and Firewall

  Dear All
  My Problem is
  I have an RMI Server on an NT machine, and I have an RMI Client on another machine, I have placed a firewall in between,
  RMI Registry on the NT machine is listening at 1099 ( whiah is the default ),
  I made my own implementation of the RMISocketFactory, in which I made the createServerSocket, to create sockets at a port of mine, let us say 30000.
  now, when setting up the configuration on the firewall to accespt communications over 1099 and 30000, client rquests don't happen successfully,
  it terminates, with a connection error,
  when using the netstat ustility at the RMI Server side, during the client rquests, there seems to be 1099, 30000, and other randomly dynamically changing potrs used.
  I need to know how to fix those ports, in order to configure the Firewall to allow communications to happen over those ports.
  Any Help Highly appreciated.

  I'm not going through a firewall on my application, but I have noticed that
  my RMI server program does bind to a port number between 1300 and 1450.
  This port number is different everytime I run the application. Does anyone
  know what the purpose of this port is? Is it the server connecting to the
  rmiRegistry, or just listening for a client connection or what?

• Urgent RMI Over Firewall

  Hi
  I am trying to customize the port to over come firewall issue .My server is listensing to port 1234 and the is registry is also bound .The clients locates the server when the client tries to bind to server Connect expection is thrown.Please see the error
  Server message
  Locating Server at rmi://augusta:1234 for CRSSERVERRUE29
  THE SERVERICE rmi://augusta:1234/CRSSERVERRUE29
  Server located CRSSERVERRUE29 class custspprofile.server.CustProfileServerImpl_Stub
  Attempting to connect to server 1 times CRSSERVERRUE29
  <<< Fri Apr 05 15:49:18 CST 2002>>> APPLICATION MESSAGE: Unable to Connect to CRSSERVERRUE29
  EXCEPTIONS : 1 of 1
  Exception Class: class java.rmi.ConnectException
  Exception: Connection refused to host: 10.84.58.78; nested exception is:
       java.net.ConnectException: A remote host refused an attempted connect operation.
  Attempting to connect to server 2 times CRSSERVERRUE29
  <<< Fri Apr 05 15:49:19 CST 2002>>> APPLICATION MESSAGE: Unable to Connect to CRSSERVERRUE29
  EXCEPTIONS : 1 of 1
  Exception Class: class java.rmi.ConnectException
  Exception: Connection refused to host: 10.84.58.78; nested exception is:
       java.net.ConnectException: A remote host refused an attempted connect operation.
  <<< Fri Apr 05 15:49:19 CST 2002>>> APPLICATION MESSAGE: Unable to Connect to CRSSERVERRUE29
  EXCEPTIONS : 1 of 1
  Exception Class: class java.rmi.ConnectException
  Exception: Connection refused to host: 10.84.58.78; nested exception is:
       java.net.ConnectException: A remote host refused an attempted connect operation.
  class custspprofile.client.CommClientImpl<<< Fri Apr 05 15:49:19 CST 2002>>> APPLICATION MESSAGE: Unable to Connect to CRSSERVERRUE29
  EXCEPTIONS : 1 of 1
  Exception Class: class java.rmi.ConnectException
  Exception: Connection refused to host: 10.84.58.78; nested exception is:
       java.net.ConnectException: A remote host refused an attempted connect operation.
  The ports for the client is generated randomly.how can i customise the ports for the client and how can i over come this issue.
  Thanks
  Aswin

  This question has already been addressed several times in this forum.

• RMI, NAT firewall, and callbacks

  Hi,
  My problem is similar to many other problems that have been posted over the span of nearly a decade on this forum. However, I'm starting this thread because my search through the forum didn't make me happy, and because I hope that with new versions of Java new things might be possible.
  My setting: the server has a public IP, a client is behind a NAT firewall. The client passes a Remote object to the server so that the server can call back the client some time later. This setting is nowadays very common in Internet: clients are run on ubiquitous home routers with NAT, and servers are available on public IP addresses.
  One way to solve this problem is to instruct the server to use the TCP connection already established by the client when the server wants to call back the client. This way the NAT firewall will not block the server communication, because it will be part of the connection initiated by the client. So it looks like using a socket factory might be a solution.
  Is the solution with socket factories possible?
  Thanks,
  Irek
  Edited by: 893951 on 2011-10-31 04:44
  Edited by: 893951 on 2011-10-31 04:52

  EJP wrote:
  the seconds one fails.Fails how?Well, the server can´t connect to client. That is, i have a server in 193.136.205.20 a a client in 193.136.205.20 (same host). The client connects to server and the server callback the client. I have another client in 193.136.205.128 and it connects do server too, but when the server callback this client, i have the exception "No connection to route host".
  Is it because of firewall?Impossible to say until you tell us how it fails.
  If i kill the firewall in both server and clients, does it work?I don't know, it's your firewall. Does it?
  Or is there any solution, making the client as a server?A callback is a server.Yes, i understood that. I have expressed myself in a bad way. A callback is a server indeed. When i create the client callback object, i export it, creating the object and in the login method (existent in server) i send this object so the server adds it to a hashtable to callback later.
  >
  It sounds like a strange design. How come the client has the datase?, not the server? and why can't the client just push the database updates to the server? How can the server know when to callback the client to get more updates?Well, i have a local database for each client and a large database in server. I said the clients fetch database just as a example. The real deal is that a client fetches values from devices that measure energy values (electricity, gas, water, temperature, etc...). It fetches all connected devices in 5 minutes interval and saves values in the local database. 3 minutes after that synchronize, the server fetches all connected clients for all values from all proxys (clients). This is done using callback. It´s why i have this design. I thought on pushing values to the server. And it´s an idea that could be implemented. But this is how my company wants this testing project implemented...
  However i have managed to correct this error. I have tried with another host 193.136.205.106 and it connected to server and the server could callback it. I then assumed that the host 193.136.205.128 had firewall permission problems. I solved this, creating the server registry in port 1099 and fixed the object port to 2000. Then, everytime i create a client, i fixed the export callback object in port 2004. I have set the permissions in both firewalls (server and clients) to accept connections in por 1099, 2000 and 2004 and it functions all correctly!! =)
  Thanks for the help.

• RMI through firewall

  I want to know if RMI http tunniling works fine, or if it is hard to do.
  Before I start to testing, I need to clarify some doubts.
  Why JDK windows distribution doesn't have java-rmi.cgi file for http tunneling?
  The bin directory has a file java-rmi.exe that I don't know what it does. I couldn't find many information about this.

  Because you should use the RMI servlet that comes in the samples.

• Second VPN possible ?

  Hi,
  I have attached the diagram of the network we are trying to achive. We have a existing VPN tunnel between Cisco ASA firewall - 172.22.30.6 (A End) and Juniper Firewall - 172.22.50.6 (B End). The router is just to forward the packets.
  Basically this vpn is between the 10subnet of A End and 192 subnet of B end. Since its on a privaate cloud our routers and asa are on 172.x.x.x range. We have NAT EXEMPT on the CIsco ASA (between 10.10.x.x and 192.x.x.x subnet). we have static routes on our core (A end) pointing to 192.x.x.x subnet to go through firewall (172.22.30.1)  and similary for B End pointing to 10.x.x.x thorugh firewall 172.22.30.1.  So at the A end, when a packet from 10 subnet reaches the core and see its a 192. subnet and goes through the firewall and there is NO NAT so it reaches the other end at the 10 address. Similary the other end sees its a 10 address and points it back to 172.22.50.1 firewall.  no problem with this. This works great
  Now there is a need for a vpn between the second Juniper firewall at A End and Juniper firewall at B end wiht the exisitng tunnel? how we have approached is, we have a 1:1 NAT (172.22.30.73 NATs back to 10.10.19.73) on the cisco asa. So the juniper firewall at B end is using a peer addres of 172.22.30.73 which NATs back to 10.10.19.73 - but the tunnel doesnt seem to come up on the juniper firewall - is this setup possible or are we missing on something?
  I am thinking of since we have a NAT exempt (between 10.10.x.x subnet and 192.168.x.x subnet), this is causing the problem. As we are using the peer address as 172.22.30.73 but since this gets NATed to 10.10.19.73 (and there is a NAT exemption between 10.10.x.x range and 192.x.x.x range) would this cause the issue ?
  any thoughts pls ? if i am unclear on anything pls let me know
  Thanks

  Can you narrow down the NAT 10.10.19.73 -> 172.22.30.73 to a specific port instead of just IP to IP?
  Because you cannot have both ways, meaning IP to IP NAT is being done 10.10.19.73 -> 172.22.30.73 and pass-through IP traffic going via (without port speficiation) through the ASA-at-172.22.30.6 at same time. 
  Either you can have the cake or eat the cake, while being on IP-to-IP, unless you change the NAT 10.10.19.73-> 172.22.30.73 specific port.
  I hope it make sense to you.

• NAPT Firewall, RMI Callbacks and JRMP MultiplexProtocol

  Hi All,
  I am looking at having an RMI client behind a Network Address Port Translation firewall receive RMI calls back from an RMI server. NAPT makes it impossible for the client to listen for connection coming from the server through the NAPT firewall.
  This is discussed at http://www.rmiproxy.com and http://cssassociates.com/rmifirewall.html but the proposed solutions do not appear to use the MultiplexProtocol protocol defined by JRMP (http://java.sun.com/j2se/1.4.2/docs/guide/rmi/spec/rmi-protocol3.html).
  The RMI FAQ
  "How can I receive incoming RMI calls through a local firewall"?
  (http://java.sun.com/j2se/1.3/docs/guide/rmi/faq.html#firewallIn) had a section for JSSE 1.3 that explained how to use the multiplex protocol (option 4). It sounds like this option referred to the JRMP MultiplexProtocol protocol.
  The multiplex protocol option has been removed from the 1.4 FAQ
  (http://java.sun.com/j2se/1.4.2/docs/guide/rmi/faq.html#firewallIn).
  Tried the "checkListen" and "socket factory" techniques mentioned in the 1.3 FAQ without success with 1.4.2. The RMI client behind the NAPT firewall runs in a signed Applet.
  Is the ability of using the JRMP MultiplexProtocol protocol available in the JRE in order to receive incoming RMI calls through a local firewall? If yes, what do you do in order to use it?
  What is the best way to have RMI callbacks work behind NAPT?
  Thanks a lot in advance!
  Cheers
  Bertrand

  As of about JDK 1.2.2, the ability of RMI clients to negotiate the multiplex protocol was
  removed, but the server-side support remains.
  Your best answer for negotiating NAT filrewalls may be the RMI Proxy http://www.rmiproxy.com, although I could be biased as I wrote it.
  EJP

• RMI through a firewall

  Has anybody been able to do this. I have an RMI server that will attach on a non-firewalled machine but won't on the machine I really need it on. Can anyone tell me what needs to be done admistratively or programmactically?
  Steve

  I looked into RMI over a firewall once.
  The port 80 solution, called Http Tunnelling, at the time ( 2 years ago ) required a custom servlet intercepting all the RMI calls, then it forwarded the call on to the actual RMI server..... messy.
  In the end I recommened writing an RMI Custom Socket Factory.
  Not as hard as it looks, and source is available.
  It meant that you could have your own properties file which dictated the ports the RMI used. So you might have something like
  rmi_ports=1900-2000
  You parse the properties file, and only attempt to open ports in that range.
  The firewall will off course have to open that range of ports too.
  I never implemented this, but did research it a few years back.
  Maybe there's a more up-to-date solution.... maybe not.
  But that's my 2 cents ( in Euro not dollars ! )
  regards,
  Owen
  http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/index.html

• RMI firewall issue - opening port 1099 is not enough

  Hello,
  We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
  We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
  This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
  Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
  Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
  Procedure ...
  (1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
  (2) start another client - it connects to the DB Server, but NOT the RMI server.
  (3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
  From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
  Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
  I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
  After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
  I am sure that this is all completely standard and correct RMI behavior.
  QUESTIONS:
  1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
  2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
  Other comments ...
  The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
  The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
  Any guidance is appreciated.
  Many Thanks,
  -Damian

  1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
  2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
  If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects.

• Configure XP firewall to use RMI

  I have a RMI server and client application.
  They run perfectly when Windows XP's Internet Connection Firewall (ICF) is disabled in Network Connections. However, when the ICF is enabled, client fails to connect to server and obviously I get connection time out exception.
  So my question is how to configure Windows XP Firewall (set up port info ect.) so RMI registry and server can accept connection from client and not get connection time out?
  Basically does anyone know how to (in details) configure XP ICF to open a port so RMI registry and server can listen, accept and execute client's request(s). I did open a port, but it was unsuccessfull even after rebooting.

  As a previous poster said, you need to open for traffic to the rmiregistry (default port 1099), as well as the port for the servise itself. The catch is that the service doesn't by default bind to a specific port, so it's impossible to know which one to keep open in ICF.
  Unless, that is, you may rewrite the application itself. In that case, you should be able to specify a custom socket connection factory (both on the server and the client side), that connects on an agreed-upon port. I believe the RMI tutorial at java.sun.com (or maybe the one that's part of the Java 2 SE documentation) mentions how you write a custom socket connection factory.

• RMI server behind firewall--must use host as name, not IP

  Server is running behind a firewall, which runs such that any machine behind the firewall cannot use the external IP to get back to itself.
  That is:
  - outside IP = 192.171.20.5 (port forwards 1099 to 192.168.1.5:1099)
  - inside IP = 192.168.1.5 (rmi server listens on 1099)
  from the machine inside (192.168.1.5), it is IMPOSSIBLE to create a socket to [outside ip](192.171.20.5), port 1099, and expect it to get back to the machine inside--the firewall prohibits this.
  I -can- use name-based lookups, such that I can edit the hosts file on the inside box to route (myhost.com to 192.168.1.5). So, if everyone's DNS resolves myhost.com -> 192.171.20.5, then clients anywhere can go to myhost.com:1099 and will be redirected to my internal machine (192.168.1.5:1099).
  The problem with this is that the names get translated to IPs and sent back to the client.
  Is there a way to keep the names as names, so that both client (using external real-world DNS entries) and server (using local hosts file) can both resolve to the proper IP addresses?
  I'm starting server, as follows:
  java -Djava.rmi.server.codebase=http://myhost.com/rmi/ -Djava.security.policy=/policypath/policy -Djava.rmi.server.hostname=myhost.com mypkg.myclass
  The client connects and gets this message (from a connection exception):
  java.rmi.ConnectException: Connection refused to host: 192.168.1.5;

  Server is running behind a firewall, which runs such
  that any machine behind the firewall cannot use the
  external IP to get back to itself.I dont really understand this statement.. Machines behind the firewall referring to the external ip would be going to the gateway, not themselves.. Or do you have an internal AND external ip on the machines behind the firewall? Or are we referring to the gateway machine as an internal machine as well as external?
  That is:
  - outside IP = 192.171.20.5 (port forwards 1099 to
  192.168.1.5:1099)
  - inside IP = 192.168.1.5 (rmi server listens on
  1099)looks good, what kinda OS/firewall? If we're talking linux/ipchains (or iptables) with ip masquerading, I may be of some use to you...
  from the machine inside (192.168.1.5), it is
  IMPOSSIBLE to create a socket to [outside
  ip](192.171.20.5), port 1099, and expect it to get
  back to the machine inside--the firewall prohibits
  this.If you're on the internal network, why can't you just go for the internal ip addr? If I'm understanding correctly, you want internal dns requests for myhost.com to resolve to 192.168.1.5, and external dns requests to resolve to 192.171.20.5? That should't be a problem...
  I -can- use name-based lookups, such that I can edit
  the hosts file on the inside box to route (myhost.com
  to 192.168.1.5). So, if everyone's DNS resolves
  myhost.com -> 192.171.20.5, then clients anywhere can
  go to myhost.com:1099 and will be redirected to my
  internal machine (192.168.1.5:1099).the hosts file has nothing to do with routing, it's simply a dns-type thing... If your dns is giving external users a 192.168 address as the ip for myhost.com, they will never get to it. 192.168 is not routable on the internet, i think most inet routes will drop packets from 192.168.x.x or 10.x.x.x.
  Is there a way to keep the names as names, so that
  both client (using external real-world DNS entries)
  and server (using local hosts file) can both resolve
  to the proper IP addresses?As long as your dns is working correctly, java doesn't care if you use ips or host names.. Hostnames are preferable, so when you change your network around, you wont affect your rmi server.
  I'm starting server, as follows:
  java -Djava.rmi.server.codebase=http://myhost.com/rmi/
  -Djava.security.policy=/policypath/policy
  -Djava.rmi.server.hostname=myhost.com mypkg.myclass
  The client connects and gets this message (from a
  connection exception):
  java.rmi.ConnectException: Connection refused to host:
  192.168.1.5;Is your server compiled with the 192.171 ip? That's not gonna work, you have to use the same IP the server is running on. I'm still not clear on your network layout, is 192.171.20.5 and 192.168.1.5 the 2 gateway ip's, or is 192.168.1.5 a physically different machine? I'd be willing to bet that your server is compiled with the external address, and if that's not the same machine, then there's no chance of that working....
  There's more than port forwarding going on.. IIRC, java rmi keeps track of its own ip's.. A client request to an external ip will not connect to a server running on the internal ip, even if you forward the port, rmi itself doesn't recognize the internal as the ip it's trying to get to (even if it is true), so it bombs out.. This can happen if you run the rmi server on a gateway, and compile the server with the external ip, and try to connect to the internal ip.. If you want external machines to connect, you MUST run the server on an external ip.
  Give a little more info, we'll getcha running... I'm also assuming you have full control of your network (ie, firewall/dns)
  doug

• RMI (Internet, LAN, Firewall)

  Hello everybody.
  In the last view days I solved a lot of problems with my RMI based System... There was the registry problem, the IE problem (no RMI support), the access permission problem and so on...
  But now everythiung is working properely. I use the Java Plug-In (JRE), so I don't even mind about Microsoft's Java implementation :-)
  The registry is working, the server is working and the applet is working, too.
  The problem I had is that I couldn't connect to my RMI server from the Internet... the applet could only connect from a LAN-host. The server is running on 192.168.0.1 and I could only connect from hosts like 192.168.*.*.
  So I changed the rmiregistry command line:
  "rmiregistry &"
  to
  "rmiregistry -J-Djava.rmi.server.hostname=myhost.net &"
  and the server command line:
  "java -Djava.rmi.server.codebase=http://myhost.net/msg/ -Djava.security.policy=server.policy MessageServer &"
  to
  "java -Djava.rmi.server.codebase=http://myhost.net/msg/ -Djava.security.policy=server.policy -Djava.rmi.server.hostname=myhost.net MessageServer &"
  ("myhost.net" is just a reference for the real domain name)
  Now, I can connect the server from outside (Internet) but if I try to connect from the LAN (192.168.*.*) I get an Exception:
  java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.1:5099 accept,resolve)
  Per haps there is a firewall problem. I connect to the internet unsing the gateway (firewall) 192.168.0.1 (which is also the RMI and webserver) and I opened the port 1099 for RMI (but in the exception above there is always another port, for example 5099, 5100, 5101, 5102, 5103) and it looks as if the applet tries to connect on different ports... first for example 4800, then 4801, 4802 and so on (and I really can't open alle these ports).
  What should I try... I'm new to RMI and I don't have much experience in using RMI and handling ports, hosts, codebases etc. Is there a possibility to allow the access to the registry/server from LAN AND Internet or what can I do. Is there a possibility to tell the client/server to connect to a fix port (for example 5099) so I would open this port on my firewall.
  Please give me some advice... I would be very grateful.
  Thanks a lot.
  Greetings
  Adrian R.
  Switzerland

  If you look back through this forum you will find LOTS of discussion about operating through firewalls. A lot of it is problems with callbacks. Ignore it (unless this is the next problem you have to tackle.)
  The probelm is about as you guessed: The actual communications from client to server program require a socket, and that's a problem unless you can nail down fixed ports and open them in the firewall. (There is supposed to be an automatic workaround built into RMI to use HTTP tunnelling. This may work - I just have no experience using it.)
  One basic technique for solving the problem you posted is to define and set a "socket factory" that will provide fixed addresses for the communications.
  As I said, look back through earlier postings.

• RMI | Firewall  issue revisited

  Hi all,
  I have searched through these forums for a suitable answer to my problem, but have not gotten any.
  My RMI client-server app was working perfectly well on a Windows 2000 Advanced Server (with its firewall restrictions), until my company decided to buy another firewall appliance. My RMI server used to run on the Advanced server machine with a static IP and I ran my server with the following command :
  java -Djava.security.policy=server.polocy -Djava.rmi.server.hostname=209.XXX.XXX.XXX Server
  (209.XXX.XXX.XXX being the static IP used by the advanced server)
  Now, with the addition of the firewall appliance and after having opened up 2 ports for RMI communication and forwarding them to the Host machine, my application had stopped functioning across the internet.
  The host machine has an internal IP address of say 129.128.***.***
  When an external client tries to establish contact with the my RMI server using 209.XXX.XXX.XXX (the external IP), I get a
  "Connection refused: Unable to connect with 129.128.***.***"
  This makes me believe that even though the client is able to initially establish connection with the RMI server, the RMI server sends back a reply to the client, asking it to find the server at the INTERNAL ip address.
  Is there a way to avoid this ? Where am I going wrong ? How can I resolve this issue ?

  The error is happening because the client is finding and connecting to the RMI registry OK, it is getting the Remote reference OK but when it tries to send a message to the Remote reference it is sending to your internal IP address and hence getting the unable to connect error.
  The IP address in the Remote reference returned by the RMI registry is the one that the server object is bound to. No amount of port forwarding will change that.
  You have two options in my experience:
  1. You can try to force your server to believe it is 209.x.x.x when you bind the Remote instance. You can do this on Linux, but I have no idea how to do it on W2K.
  2. The server.rmi.hostname works for fully qualified domain names, not IP addresses. If you only have one RMI server running, or if you use different ports for different RMI servers, you should be fine by setting the hostname value to your fully qualified domain name and then use NAT to forward to the Internal IP address. If you have more than one server running on the same port number, you'll need to register different FQDN's for each. Then all you need to do is update your internal DNS to point to the internal IP address and the external clients will use their existing DNS in the normal manner.

• Anyone using Multi plexing to solve RMI firewall problem?

  Hello,
  I read in the RMI protocol spec about Rmi's multiplexing protocol (http://java.sun.com/j2se/1.3/docs/guide/rmi/spec/rmi-protocol7.html)
  which states:
  The purpose of multiplexing is to provide a model where two endpoints can each open multiple full duplex connections to the other endpoint in an environment where only one of the endpoints is able to open such a bidirectional connection using some other facility.
  However i still have not found how to do this using the RMI api provided within Java. I have read numerous posts saying that you CANNOT using the multiplexing protocol, I have read posts which say that you should not allow the client to create a server socket which will force the client to use the multiplexing protocol over an existing socket.
  My main concern is the product i am developing will be used across firewalls, where we are able to create connections from our server to our client, but the firewall disallows the opposite, and our IT department WILL NOT open access on known ports. Thusly our only option is to use the multiplexing protocol if it does in fact exist/work.
  If anyone has any experience using the multiplexing protocol in a firewall environment please post your experience here.
  Thanks,
  Dan

  Hi Dan,
  I have had a lot of success using proxies to work around firewalled clients. I host a free software project at java.net dedicated to spontaneously linking Virtual Machines using RMI.
  https://cajo.dev.java.net
  It uses two classes, ClientProxy & ItemProxy, to implement the protocol.
  More detailed information about this can be found here.
  Best wishes,
  John

• Rmi firewall

  I'm having trouble connecting to my RMI server outside the firewall.
  I've read about HTTP tunneling but It's currently not an option since
  I can't access the web server being used on port 80.
  The concrete problem is this:
  I'm trying to connect from IP address 111.111.111.111 inside one firewall to IP address 222.222.222.222(external) 333.333.333.333 (internal) inside another firewall.
  I'm able to establish a connection to 222.222.222.222 (even though it takes quite a while to establish it), but once I try to execute a method on the remote object I get:
  java.rmi.ConnectException: Connection refused to host: 333.333.333.333;
  Can anybody help me with this?

  I've tried doing that but it doesn't seem to work.
  How do I know if I'm using callbacks and how can I be sure I don't use them?
  Here's my SocketFactory code:
  ----server----
  java.rmi.server.RMISocketFactory.setSocketFactory(new DemoSocketFactory());
  ----server----
  ----DemoSocketFactory---
  public class DemoSocketFactory extends java.rmi.server.RMISocketFactory
  public DemoSocketFactory() {
  public java.net.ServerSocket createServerSocket(int param) throws java.io.IOException
       if (param==0)
       param=1199;
       System.out.println("Creating server socket on port: "+param);
       return new java.net.ServerSocket(param);
  public java.net.Socket createSocket(java.lang.String str, int param) throws java.io.IOException
       System.out.println("Creating client socket to: "+str+":"+param);
       return new java.net.Socket(str, param);
  ----DemoSocketFactory----
  Thanks for the help!