Home > Default > RMI firewall issue - opening port 1099 is not enough

RMI firewall issue - opening port 1099 is not enough

November 30Hits:0
Advertisement
Hello,
We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
Procedure ...
(1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
(2) start another client - it connects to the DB Server, but NOT the RMI server.
(3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
I am sure that this is all completely standard and correct RMI behavior.
QUESTIONS:
1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
Other comments ...
The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
Any guidance is appreciated.
Many Thanks,
-Damian

Answers

1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects.

Read other 5 answers

Tags:

Related Articles

  • RMI firewall issue - opening port 1099 is not enoughNovember 30

    Hello, We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites. We are about to deploy out to more customer sites - so I have been doing mor

  • RMI | Firewall  issue revisitedNovember 30

    Hi all, I have searched through these forums for a suitable answer to my problem, but have not gotten any. My RMI client-server app was working perfectly well on a Windows 2000 Advanced Server (with its firewall restrictions), until my company decide

  • Port 1099 being used by other processes ,need an alt port for RMI-RegistryNovember 30

    I am using port 1099 for RMI and the o/s is windows 2003. We want that the RMI registry shud automatically be started with the windows startup processes.But we found that some other processes are usoing the same port. Is there any other port which ca

  • Java.rmi.server.ExportException: Listen failed on port: 1099;November 30

    Hi All, I am trying to run RMI tutorial from sun's java tutorial. It has 8 parts. The last two parts are "Compiling the Example Programs" and "Running the Example Programs". Until "Compiling the Example Programs", I am okay.

  • Default RMI port 1099November 30

    Hello, Does anybody know how to change the default RMI port 1099 for WebLogic implementation of RMI. Is there some config parameter which will do it. I happened to have two RMI registry running on one computer and I would like to run them on two diff

  • And again firewall issue... (but take a look, pls)November 30

    I read posts here again and again, but didn't find an answer; situation: 1. my rmi-app works fine on local network; 2. i deployed Server-side of it on my web-server; 3. web-admin opened 2 ports (1099 & 3456) in server firewall; 4. server started; 5.

  • Cannot install any apps from Creative Cloud in corporate environment.  Suspsected Firewall issues.October 11

    Hello all.  I subscribed successfully and easily to CC on my home PC (iMac) and downloaded a few apps.  All is fine.  I wanted to download those same few apps on a remove machine I use several times a week (Win 7). After many many attempts of trying

  • Java.rmi.ServerException: JAXRPCSERVLET28: Missing port informationOctober 11

    Hi We are getting errors when we run the webservice client.. With this we have also provided the webservice code. Please any one help us to resolve this issue... Thanks in advance. We are using J2EE 1.4 Error: java.rmi.ServerException: JAXRPCSERVLET2

  • Can't scan from Lexmark multifunction printer - firewall issue?October 11

    Hi there! I got a Lexmark printer/scanner combo which used to work fine on my arch install. However, its mobo died, so now I'm back at another install which refuses to scan. Scanning is done through the browser via a java applet residing on the print

  • Windows Firewall issue, Inbound rule opend all, still not the same as turning offOctober 11

    This is Windows Firewall issue on Windows 8.1 Pro.  Backup Exec server cannot expand a computer node in selection list. I drill down to Microsoft Windows Network/Domain/Computers, then when I tried to expand a Windows 8.1 Pro computer node, it hangs

Copyright (C) 2019 wisumpire.com, All Rights Reserved. webmaster#wisumpire.com 14 q. 0.696 s.