Skip to Main Content

Java APIs

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

RMI Through Firewall

808678Oct 27 2010 — edited Oct 28 2010
Hello,

I am developing a Java client application that is using RMI to connect to resources on a server application that is being hosted behind a firewall. I am attempting to to get around the firewall at present by using an SSH tunnel. I have learned that while RMI uses port 1099 to listen for incoming connections it by default uses some random port to actually handle the connection. So, from my understanding, I can set the handle port by using the export object method:
   UnicastRemoteObject.exportObject(obj,1098)
where I want to use port 1098 to handle connections.

The server system I am connecting to is the head node of an HPC cluster and has two IP addresses (a local one and one visible to the internet) so I set the rmi hostname to to the world-visible address when I start rmiregistry:

rmiregistry -J-Djava.rmi.server.hostname=<world-visible-ip>

Next, I start the RMI server application (this is currently just Java Hello World RMI tutorial) with a wide-open security policy (defined in file /home/user/wideopen.policy) for testing and also pointing to the correct RMI server hostname:

java -Djava.security.policy=/home/user/wideopen.policy -Djava.rmi.server.hostname=<world-visible-ip>

For the client I, launch it with the appropriate security policy like above. Now, I can run the client on the server side and everything works fine. Also, if I run the client on another machine inside the server's firewall it also works fine. However, I want to run it outside the firewall so I set up an SSH tunnel from my local machine to the server machine for ports 1098 and 1099. However, whenever I do this I get a connection refused exception. What am I missing in this setup that it will work just fine within the firewall, but not outside?? I am a bit new to RMI so I might have confused a few things in here, any guidance would be appreciated. Thanks.

Also, I have posted my server and client code below:


Server:
import java.io.*;
import java.rmi.*;
import java.rmi.server.*;
import java.rmi.registry.*;

public class HelloImpl implements Hello {

    public HelloImpl() {}

    public String sayHello() {
        return  "Hello World!";
    }

    public static void main(String args[]) {

	if (System.getSecurityManager() == null) {
	    System.setSecurityManager(new SecurityManager());
	}

	try {
	    /*
	     * Create remote object and export it to use
	     * custom socket factories.
	     */
	    HelloImpl obj = new HelloImpl();
	    Hello stub =
		(Hello) UnicastRemoteObject.exportObject(obj,1098);

	    /*
	     * Create a registry and bind stub in registry.
	     */
	    Registry registry = LocateRegistry.getRegistry();
	    registry.rebind("Hello", stub);
	    System.out.println("HelloImpl bound in registry");

	} catch (Exception e) {
	    System.out.println("HelloImpl exception: " + e.getMessage());
	    e.printStackTrace();
	}
    }
}
Client:
import java.rmi.*;
import java.rmi.registry.*;

public class HelloClient {

    public static void main(String args[]) {

	if (System.getSecurityManager() == null) {
	    System.setSecurityManager(new SecurityManager());
	}

        try {
	    Registry registry = LocateRegistry.getRegistry("localhost",1099);
            Hello obj = (Hello) registry.lookup("Hello");
            String message = obj.sayHello();
            System.out.println(message);

        } catch (Exception e) {
	    System.out.println("HelloClient exception: " +
                               e.getMessage());
            e.printStackTrace();
        }
    }

}
The first line of the exception is:

HelloClient exception: Connection refused to host: <world-visible-ip>; nested exception is:
java.net.ConnectException: Connection refused: connect
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 25 2010
Added on Oct 27 2010
2 comments
1,706 views