RMI through firewall
I want to know if RMI http tunniling works fine, or if it is hard to do.
Before I start to testing, I need to clarify some doubts.
Why JDK windows distribution doesn't have java-rmi.cgi file for http tunneling?
The bin directory has a file java-rmi.exe that I don't know what it does. I couldn't find many information about this.
Because you should use the RMI servlet that comes in the samples.
Similar Messages
-
my java applet will have to communicate with SAP server using JCO
so the applet connects to an RMI server then the RMI server connects to SAP server.
in between applet and RMI server there is a firewall. will RMI get through firewall?The answer is "maybe". It depends on
o How the service is coded. Probably has to be written to communicate using a fixed port number, rather than randomly assigned. (Most firewalls allow access to only specified ports.)
o Changing the firewall settings.
o Whether or not your server tries to call back the client, and whether the client is also behind a fireall. If these two details are both true, then you are probably dead in the water.
There are HTTP tunelling techniques for getting through firewalls. Haven't used them, but if you look back through this forum you'll probbly find some info. -
Its possible make RMI calls Through Firewall if the ports 1099 and 1098 are open???
or its necessary applies the tunneling solution to pass through the firewall??well well... rmi is really bad for this. But this can be achieved...
problem is, i think, that this server behind the firewall has private IP. So, when You register your server object, then registry knows, that it locates on private IP... and registry tells this information also to clients from outside networks (who connected originally to public ip).
I did a nasty hack, using custom client socket factory. I ignore ip address, that is passed to the createSocket method. There I just use my preferred IP. Being more exact: cause this createSocket method is invoked on client side, I ask this IP from client's static method (and this method returns me IP, where client originally connected). So, now my server is available from everywhere, cause createSocket uses that IP, which was used looking up registri at the beginning.
I am not happy with this, but... what else can I do? Most servers are behind firewall and does not have public IP... unfortunately, RMI developers don't get it :( -
Client connecting through firewall
Hi
We have two clustered servers.Our client is connecting through
firewall NAT. When iam connect to first server the response is very slow and
at the same time clustering is not working.If i stop the second server the
response fast .
The same configaration is working fine when my client is local.
Can you explain the reason for this problem ?
Presently iam using weblogic 6.1 version.
Thank you
OK I spoke too soon. The user looked like it was working but it was working because it matched another IAS policy further down the list. It seems as though the PIX refuses to use ms-chap of any sort. If I include the authentication type in the VPN policy conditions as ms-chap, it skips the VPN policy I am using to authenticate this. If I remove it, then it gives an invalid authentication type as if whatever the PIX is sending the IAS server does not understand as ms-chap.
It seems like the PIX authentication is totally wrong for use with IAS. What else do I need to add to this configuration to gewt it to work with ms-chap of any kind? I really don't get it. -
Hi all,
hi have installed Oracle Business Intelligenge 10g (10.1.2). I
I lunch Oracle discoverer plus in the local network and all work fine. But when i try to access to oracle discoverer by interner (through firewall ) i see the logon page but after input User Name Password ed cnnect string a obtained Page not Found.
Thank in advance.
Best Regards
Giuseppe MarcelloBy Default, Discoverer uses JRMP protocol, which does not necessarily pass
through the firewall.
Configure Discoverer to use HTTP instead of JRMP and it will solve your problem.
The 10.1.2 Discoverer Enterprise Manager allows you to configure this. -
Itunes gets blocked through Firewall
I have Sonic Wall TZ 150 Standard as a firewall gateway and allowing hand ful of websites in to the allowed list of domains in Sonic wall so as to restrict others. But with this my Itunes was getting blocked and not allowing My IPHONE to update. So I run netstat utility and added all list of IP address coming up in to the allowed list of domains but still ITUNES is getting blocked.
So can you tell me if apple is using specific IP address list or is there any other process to get Itunes working through firewall.and the McAfee Security programs
Doublechecking ... do your McAfee products include McAfee Family Protection?
If so, check to see if your McAfee Family Protection is currently blocking iTunes, as per the following McAfee document:
Using McAfee Family Protection Web Blocking
If iTunes is currently being blocked, unblock it.
Are you able to get through to the Store now? -
Urgent_Socket Programming through firewall
Hi all...
I am developing multiple client-one server application through socket programming.
I have one client who will send real time data on request of another client.
This whole data will pass through socket connection.(something like video conferencing)
Steps:
1.Client B sends request to Client A through server.
2.Server accepts connection and gives Client B's IP address and port number
to Client A.
3.Client A sees the request and starts transferring real time data to Client B by opening Socket connection.
I have following doubts:
1. What exactly role of server
2. Important is What about firewall?* This communication has to happen through firewall also.*
What technique has to be used to pass data through FIREWALL.
Thanks In Advance.Hi..
can you please give me some details about how to write program using SOCKS.
i have developed simple application using Socket and Server socket.
I want this application to be run over web,from anywhere,from any machine.
Thanks -
RMI Connection Refused through Firewall
Hi,
I am having problems making an RMI connection through a firewall. On the server outside the firewall I have my servlet application running in an OC4J container and inside the firewall I have an EJB listening on port 6666. I have setup the firewall to allow connections through on port 6666. If I telnet from the machine outside the firewall on port 6666 I am able to make a connection to the EJB. So I know the firewall has been setup to handle the connection.
I run the servlet application and when it tries to make the connection it gives an error:
javax.naming.NamingException: Lookup error: java.net.ConnectException: Connection refused; nested exception is:
java.net.ConnectException: Connection refused
When I do a snoop on the external machine to see what data is trying to be sent to the internal machine there is no data. When doing the telnet test there was data.
I have the same servlet application deployed on a machine internally and it is able to make a connection to the EJB. The only problem is either the configuration of the application server on the external machine or the firewall configuration.
Anyone able to help me see what I am missing?
Thanks
Shawn Clarknot sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
-lp -
Has anybody been able to do this. I have an RMI server that will attach on a non-firewalled machine but won't on the machine I really need it on. Can anyone tell me what needs to be done admistratively or programmactically?
SteveI looked into RMI over a firewall once.
The port 80 solution, called Http Tunnelling, at the time ( 2 years ago ) required a custom servlet intercepting all the RMI calls, then it forwarded the call on to the actual RMI server..... messy.
In the end I recommened writing an RMI Custom Socket Factory.
Not as hard as it looks, and source is available.
It meant that you could have your own properties file which dictated the ports the RMI used. So you might have something like
rmi_ports=1900-2000
You parse the properties file, and only attempt to open ports in that range.
The firewall will off course have to open that range of ports too.
I never implemented this, but did research it a few years back.
Maybe there's a more up-to-date solution.... maybe not.
But that's my 2 cents ( in Euro not dollars ! )
regards,
Owen
http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/index.html -
Dear All
My Problem is
I have an RMI Server on an NT machine, and I have an RMI Client on another machine, I have placed a firewall in between,
RMI Registry on the NT machine is listening at 1099 ( whiah is the default ),
I made my own implementation of the RMISocketFactory, in which I made the createServerSocket, to create sockets at a port of mine, let us say 30000.
now, when setting up the configuration on the firewall to accespt communications over 1099 and 30000, client rquests don't happen successfully,
it terminates, with a connection error,
when using the netstat ustility at the RMI Server side, during the client rquests, there seems to be 1099, 30000, and other randomly dynamically changing potrs used.
I need to know how to fix those ports, in order to configure the Firewall to allow communications to happen over those ports.
Any Help Highly appreciated.I'm not going through a firewall on my application, but I have noticed that
my RMI server program does bind to a port number between 1300 and 1450.
This port number is different everytime I run the application. Does anyone
know what the purpose of this port is? Is it the server connecting to the
rmiRegistry, or just listening for a client connection or what? -
JMS through firewall (no tunneling)
Hi,
I have to send and receive messages through a firewall with JMS. The company security
policy forbids http tunneling but I can get a specific port opened. Which port
do I have to get opened to start listening to a queue ? Weblogic's default ?
I heard that Weblogic JMS initiates the communication on the default port but
then attributes another socket dynamically, is that true ? If so, is there a way
to specify the ports that must be used ?
Thanks.
Hi Matt,
I'm sorry for the delay, I've been away for a while.
I'm wondering if I gave you incorrect advice. I'm not
familiar enough with firewalls. I suspect the new port
is related to the permanent standard TCP/IP connection
that WL sets up between any client and any server.
It may be that you should use HTTP tunneling instead of T3 - just
substitute "http" or "https" for "t3" or "t3s" respectively,
and ensure that HTTP tunneling is enabled for the port you
have opened up.
We've reached the limits of my knowledge - please consider
directing further questions to the "RMI" newsgroup (WL JMS
communicates through WL RMI, which, in turn communicates
through sockets...)
Tom
Matthieu Riou wrote:
> I really have a problem with my JMS listeners. Anytime I start a new JMS listener
> to a Weblogic queue, a new port is opened and listening around 2100 to 2200 or
> 3100 to 3200. I configured a network channel only accepting t3 on port 8001 and
> a very restrictive connection filter that only accepts t3 on 8001 and http on
> 7001.
>
> Still, anytime I start a listener, a new port is opened. How can I avoid that
> ?
>
>
> Tom Barnes <[email protected].bea.com>
> wrote:
>
>>T3 is fine. In fact, it is preferable, as it is the
>>fastest. Actually T3S is much more preferable. The point
>>is to lock things down as much as possible:
>>
>>-- Consider a seperate port for admin - to
>>ensure it is never reachable through the firewall
>>
>>-- create an additional port just for the firewall - to make
>>it more managable and to restrict it to SSL only connections
>>(with certificates),
>>
>>-- ensure that all server resources are secured so that
>>users coming in through the firewall have the most
>>restricted permissions possible...
>>
>>Matthieu Riou wrote:
>>
>>>So if I understand well, I should use another protocol than t3 to be
>>
>>sure to always
>>
>>>use only one port.
>>>I'm using Weblogic 7.0 sp4, it seems that iiop is not supported
>>>for JMS on this version. So what is left ? JCOM ?
>>>
>>>Tom Barnes <[email protected].bea.com>
>>>wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>In WL, all services are available on a port (EJB, JMS, JNDI,
>>>>JTA, etc.), but the protocols that the port supports are
>>>>configurable (T3, HTTP tunnel, IIOP, JCOM).
>>>>
>>>>Additionally, WL supports the concept of an "Admin"
>>>>port (channel), which, when configured, is the only port
>>>>that can be used for privileged administrative purposes.
>>>>An "Admin" port is SSL only.
>>>>
>>>>In WL 7.0 and later, additional ports can be configured.
>>>>These are referred to as network channels.
>>>>
>>>>In light of the above, I recommend:
>>>>
>>>>(1) Consider configuring a separate admin port.
>>>>(2) Consider configuring a port specific for the purpose (using
>>>>a channel).
>>>>(3) Ensuring that all applications, and destinations, etc. are
>>>>secured (via ACLs) such that permission to access
>>>>a particular destination doesn't imply permission to access any
>>>>other server resources.
>>>>(4) Considering configuration of "connection filters"
>>>>as to act as a second layer of firewall for the port...
>>>>
>>>>For further questions, try "rmi", "network",
>>>>and "security" newsgroups.
>>>>
>>>>Tom
>>>>
>>>>Matthieu Riou wrote:
>>>>
>>>>
>>>>>Hi,
>>>>>
>>>>>I have to send and receive messages through a firewall with JMS. The
>>>>
>>>>company security
>>>>
>>>>
>>>>>policy forbids http tunneling but I can get a specific port opened.
>>>>
>>>>Which port
>>>>
>>>>
>>>>>do I have to get opened to start listening to a queue ? Weblogic's
>>>>
>>>>default ?
>>>>
>>>>
>>>>>I heard that Weblogic JMS initiates the communication on the default
>>>>
>>>>port but
>>>>
>>>>
>>>>>then attributes another socket dynamically, is that true ? If so,
>>
>>is
>>
>>>>there a way
>>>>
>>>>
>>>>>to specify the ports that must be used ?
>>>>>
>>>>>Thanks.
>>>>
>
-
Management server access through firewall
I'm trying to use the memory leak detector with a server in our data canter. The firewall only allows communication on certain ports and I've set -Djrockit.managementserver.port to use one of them.
The initial connection (RMI registry lookup) from the client works fine, but then the client tries to connect back to an "anonymous" (random) port that the RMI (mgmt) server listens at.
Is there a way to specify which port the actual mgmt server listens at? (I've also tried -Dcom.sun.management.jmxremote.port, but that didn't help either)
We'd like to avoid having to open ports for each newly establish connection.
Thanks!The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
Contact me at hirt(at)bea.com if this is something you need right away. ;)
Kind regards,
Marcus -
what kind of Socket should i use inorder to enable EJB RMI based calls from client to
server through a Firewall that NATes IP addresses ?what if you just want to have the EJB's go through a certain port, not port 80, but maybe port 800 let's say
how do you configure that? -
I need some help on how to get jconsole through our firewall.
The JVM is set up with
-Dcom.sun.management.jmxremote.port=7087The firewall has been configured to allow access to this port (and I
can telnet to it) so that works.
But when I fire up jconsole on my machine it just hangs there.
jconsole vivaldi.my.ubc.ca:7087Using lsof I see a connection attempt on a completely different port:
jconsole 32621 lindholm 12u IPv6 7057786 TCP scandia.esd.itservices.ubc.ca:33568->vivaldi.my.ubc.ca:36302 (SYN_SENT)The only reference to this situation that I've been able to find is from the Tomcat 5.5 documentation:
Note:The JSR 160 JMX-Adaptor opens a second data protocol port. That is a problem when you have installed a local firewall.So what is this second port and how do I control it?
Thanks
GeorgeI tried the solution given in
http://forum.java.sun.com/thread.jspa?forumID=58&threadID=703567but I get:
java.rmi.server.ExportException: internal error: ObjID already in useI start the JVM with
-Dcom.sun.management.jmxremote.port=7087and my code looks like:
static{
LocateRegistry.createRegistry(7087);
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
HashMap env = new HashMap();
JMXServiceURL url = new JMXServiceURL(
"service:jmx:rmi://localhost:3000/jndi/rmi:localhost:7087/server");
cs = JMXConnectorServerFactory.newJMXConnectorServer(
url, env, mbs);
cs.start();
}started by Tomcat as a servlet loaded at startup time.
Any ideas?
George -
SunMC console through firewall
Our firewall sits between our SunMC server/agents and our Windows PCs (SunMC console gui) I'd like to control what ports the SunMC server talks to the console on so that I don't have to have all ports open in our firewall.
Has anyone changed what ports the server uses to talk to the consoles on? It looks like they are all high ports and it would be nice if I can define a range of ports. I can see in the docs how to configure what ports the agent talks to the servers on, but wasn't able to find th same info for the server <--> console portion.
Thanks,
KarenHi Karen,
Unless things have changed, the Java RMI communication between the Server and Console uses unbound (dynamic) ports, and there is no option to restrict them to a certain range.
Do you need all the functionality of the standard Java Console? Many organizations use the full Console to setup SunMC, then use the web interface through a browser for day-2-day viewing. The web server is part of the standard free SunMC 3.5 distribution, requires no additional license, and uses a single http/https port... which you should easily be able configure your firewall to accept.
I recommend giving the web interface a try to see if it meets your needs. If not, then you may need to look into some sort of tunneling/VPN solution. You could even use a free X Server on your Windows box (i.e. Cygwin) to run the Java Console off of your SunMC Server, but that may be a bit slow.
Regards,
Mike
Standard disclaimer: I am an employee of Halcyon (www.HalcyonInc.com)
Maybe you are looking for
-
I just installed LV2011 and one dll from my vi won't load with the error "application configuration is incorrect", which is Windows lingo for "missing package dependencies". All the computers at my company with 2010 loaded seem to do OK. When I do
-
Very bad signal on iPhone 4 after upgrade to IOS 6
After upgrading my iPhone 4 from IOS 5.1.1 to IOS 6, I started having lot of troubles with signal and signal strength: the phone is continuously switching form 3G to GPRS/Edge, signal strength is always bad, Internet access is almost unusable, and so
-
How to install PS CS6 Extended on a computer with no disc drive? [was: Help]
I just purchsed Photoshop CS6 Extended, got home and totally forgot my computer does not have a disk drive. How do I install it now??
-
Want to restrict redandend data and find therelevant workcenter
Hi friends i am developing the following report in pp output is coming but same data comes in two times and also fetched the workcenter irrelavant. pl give me a solutions SELECT F~MATNR F~AUFNR F~PSMNG G~XMNGA G~PERNR G~BUDAT G~GRUND G~VORNR
-
Error When Trying to Repair HD - Want to Save Files - Help
Inexplicably, when I went to Restart, the screen got stuck at the grey apple with the spinning gear. Called Apple and they helped me reset PMU on bottom of console, then run Disk Utility to try to repair the HD. The error message that came up was "Th