3 Replies Latest reply on Dec 17, 2010 10:58 AM by scottdawson

    JBoss Messaging and firewall

    massios

      Dear all,

       

      We are trying to use jboss messaging in a secure environment. In our configuration we have

      1) A JBoss 5.1 GA application server that acts as a client

      2) A JBoss 5.1 GA application server that runs JBoss ESB 4.6 that acts as a server

      3) A firewall that separates the two.

       

      We want to configure the firewall to only allow the necessary ports through. So far we have noted down the following ports related to JBoss messaging

      1099 JNI

      1098 RMI

      4457 JMS - bisocket transport


      However we are missing one. Each time the server jboss (2) is restarted it starts using a forth port. This port is each time different and the range is very wide (I do not think it has a range). I have seen values from as low as 1XXX to as high as 5XXXX. We want to set this port in jboss configuration to something fixed, so that we can declare it to the firewall. Has anyone done this?

       

      Thanks in advance,

       

      Nikos

        • 1. Re: JBoss Messaging and firewall
          scottdawson

          Nikos,

            Uncomment and provide a port value for the secondaryBindPort attribute in deploy/messaging/remoting-bisocket-service.xml. Then open that port in the firewall.

           

          Regards,

          Scott

          • 2. Re: JBoss Messaging and firewall
            massios

            Hello Scott,

             

            I tried it out yesterday and your suggestion worked just fine, thanks. It also worked for remoting-sslbisocket-service.xml. The only problem I found was that in our configuration we are using clustering and we set the ports for each node in the cluster using -Djboss.service.binding.set=ports-default etc. It seems that the secondaryBindPort is not included in the ports that this port setting system of jboss can handle. So I had to manually edit the secondaryBindPort for each node in the cluster.

             

            I was wondering if you have also seen this and have found a better solution.

             

             

            Thanks again,

             

            Nikos

            • 3. Re: JBoss Messaging and firewall
              scottdawson

              Hello Nikos,

                No, I don't have a solution for your second issue. Our environment is different (we have one JBoss instance per VM) so we don't configure the ports like you do.

              Regards,

              Scott