java - Spring: Cannot connect to a JMX Server using RMI from behind a firewall -


my spring application running on machine behind nat firewall (pfsense). machine's internal ip a.b.c.d, , nat ip w.x.y.z

the spring configuration's serviceurl set internal ip (a.b.c.d) on port 1100, , when start application, provide following switches:

 -dcom.sun.management.jmxremote -djava.rmi.server.hostname=w.x.y.z -dcom.sun.management.jmxremote.port=1099 -dcom.sun.management.jmxremote.local.only=false -dcom.sun.management.jmxremote.authenticate=false -dcom.sun.management.jmxremote.ssl=false 

as shown above, set -djava.rmi.server.hostname=w.x.y.z in order make possible connect application through nat. have opened relevant ports on machine's firewall, , set port forward w.x.y.z:1100 a.b.c.d:1100

when try connect app outside network using jconsole on w.x.y.z:1100, java.io.ioexception: jmxrmi

 java.io.ioexception: jmxrmi @ sun.tools.jconsole.proxyclient.checksslconfig(proxyclient.java:236) @ sun.tools.jconsole.proxyclient.<init>(proxyclient.java:127) @ sun.tools.jconsole.proxyclient.getproxyclient(proxyclient.java:483) @ sun.tools.jconsole.jconsole$3.run(jconsole.java:524)  caused by: java.rmi.notboundexception: jmxrmi @ sun.rmi.registry.registryimpl.lookup(registryimpl.java:136) @ sun.rmi.registry.registryimpl_skel.dispatch(unknown source) @ sun.rmi.server.unicastserverref.olddispatch(unicastserverref.java:409) @ sun.rmi.server.unicastserverref.dispatch(unicastserverref.java:267) @ sun.rmi.transport.transport$1.run(transport.java:177) @ sun.rmi.transport.transport$1.run(transport.java:174) @ java.security.accesscontroller.doprivileged(native method) @ sun.rmi.transport.transport.servicecall(transport.java:173) @ sun.rmi.transport.tcp.tcptransport.handlemessages(tcptransport.java:556) @ sun.rmi.transport.tcp.tcptransport$connectionhandler.run0(tcptransport.java:811) @ sun.rmi.transport.tcp.tcptransport$connectionhandler.run(tcptransport.java:670) @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1145) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:615) @ java.lang.thread.run(thread.java:744) @ sun.rmi.transport.streamremotecall.exceptionreceivedfromserver(streamremotecall.java:275) @ sun.rmi.transport.streamremotecall.executecall(streamremotecall.java:252) @ sun.rmi.server.unicastref.invoke(unicastref.java:378) @ sun.rmi.registry.registryimpl_stub.lookup(unknown source) @ sun.tools.jconsole.proxyclient.checksslconfig(proxyclient.java:234) 

if try connect using jconsole on w.x.y.z:1099, java.rmi.connectexception (connection refused). how can expose jmx mbeans outside natted firewall?

 java.rmi.connectexception: connection refused host: w.x.y.z; nested exception is:  java.net.connectexception: operation timed out @ sun.rmi.transport.tcp.tcpendpoint.newsocket(tcpendpoint.java:619) @ sun.rmi.transport.tcp.tcpchannel.createconnection(tcpchannel.java:216) @ sun.rmi.transport.tcp.tcpchannel.newconnection(tcpchannel.java:202) @ sun.rmi.server.unicastref.invoke(unicastref.java:129) @ javax.management.remote.rmi.rmiserverimpl_stub.newclient(unknown source) @ javax.management.remote.rmi.rmiconnector.getconnection(rmiconnector.java:2373) @ javax.management.remote.rmi.rmiconnector.connect(rmiconnector.java:297) @ sun.tools.jconsole.proxyclient.tryconnect(proxyclient.java:355) @ sun.tools.jconsole.proxyclient.connect(proxyclient.java:313) @ sun.tools.jconsole.vmpanel$2.run(vmpanel.java:292) caused by: java.net.connectexception: operation timed out @ java.net.plainsocketimpl.socketconnect(native method) @ java.net.abstractplainsocketimpl.doconnect(abstractplainsocketimpl.java:339) @ java.net.abstractplainsocketimpl.connecttoaddress(abstractplainsocketimpl.java:200) @ java.net.abstractplainsocketimpl.connect(abstractplainsocketimpl.java:182) @ java.net.sockssocketimpl.connect(sockssocketimpl.java:392) @ java.net.socket.connect(socket.java:579) @ java.net.socket.connect(socket.java:528) @ java.net.socket.<init>(socket.java:425) @ java.net.socket.<init>(socket.java:208) @ sun.rmi.transport.proxy.rmidirectsocketfactory.createsocket(rmidirectsocketfactory.java:40) @ sun.rmi.transport.proxy.rmimastersocketfactory.createsocket(rmimastersocketfactory.java:147) @ sun.rmi.transport.tcp.tcpendpoint.newsocket(tcpendpoint.java:613) ... 9 more 

interestingly enough, can connect both ports (1099 , 1100) on w.x.y.z using telnet.

the relevant portion of spring configuration is:

<bean id="registry" class="org.springframework.remoting.rmi.rmiregistryfactorybean">     <property name="port" value="1100" /> </bean> <bean id="serverconnector" class="org.springframework.jmx.support.connectorserverfactorybean" depends-on="registry">     <property name="server" ref="mbeanserver" />     <property name="objectname" value="connector:name=rmi" />     <property name="serviceurl" value="service:jmx:rmi://a.b.c.d:1100/jndi/rmi://a.b.c.d:1100/server" />     <property name="environment">         <props>             <prop key="jmx.remote.jndi.rebind">true</prop>         </props>     </property> </bean> <bean id="mbeanserver" class="org.springframework.jmx.support.mbeanserverfactorybean">     <!-- indicate first server -->     <property name="locateexistingserverifpossible" value="true"/> </bean> 

note: not using servlet containers.

edit: first answer provided me basis solution specific problem, can seen in second answer.

the initial port define com.sun.management.jmxremote.port called registry port , used start negotiation , determine next port(s) use "real" communication. java rmi mechanism uses dynamically allocated ports , in general not compatible firewalls.

what port used java rmi connection?

that said, jmx possible work around it

a) use system properties lock both ports (requires java 7)

com.sun.management.jmxremote.port com.sun.management.jmxremote.rmi.port 

b) use custom code request specific port. see jconsole on ssh local port forwarding

see also:


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -