Thursday, April 19, 2012

JMS Jboss behind NAT firewall



JMS clients like swing or remote clients were unable to connect to the JBOSS server because of random ports and the ip address of the machine which was not the same as the internal ip address of the machine from the cloud provider. When JBOSS starts it has to bind with the ip address of 0.0.0.0


  1. Open inbound port 443, the JMS client was unable to connect to the server.
  2. The following ports were opened on inbound.
    • 8083, and 8093
    • 8080,
    • 1098-1099,
    • 8009,
    • 4444-4445 & 4457
  3. Once the above ports were opened, the JMS client is able to connect to that IP address.
  4. At this point the server basically returns the host name (name of the box devjmsserver) , since that was not a FQDN like devserverjms.domain.com it failed. 
    1. For this reason a host name was created and a subdomain under the main domain was created to point to this public ip address.
  5. The FQDN now created was devserverjms.maindomain.com
    • Still the JMS client is not able to connect to the server.
  6. On the server listing all the ports that the jboss server was listening to, it picked random ports greater than the >1024 < 65000
    1. netstat -tulnp will list all the ports
  7. The jboss server on startup assigns random ports, we have to “fix” the ports that the server is listening to. 
    1. For this we have to edit the /home/jboss/jboss-5.1.0.GA/server/default/deploy/messaging/remoting-bisocket-service.xml and edit the serverBindProperty and serverConnectorProperty to a fixed non clashing port, for this test environment we gave it as 7914.
  8. Now running the client it is able to resolve and connect to it and send messages to that server.