4 Replies Latest reply on Dec 22, 2011 5:58 AM by sewatech

    How to access JMX via a firewall on AS 7

    sewatech

      Hi,

       

      I'm trying to install a JBoss AS 7 on a EC2 instance. Everything is working fine except JMX access.

       

      My server has a LAN IP address wich is different from the IP address used to acces to the server. I've change the interfaces (management and public) to any-address.

       

      I'm trying to access to JMX with the following code, using the public address :

       

      {code}

              String host = "ec2-100-20-180-80.compute-1.amazonaws.com";

              int port = 1090;

       

              String urlString = System.getProperty("jmx.service.url",

                      "service:jmx:rmi:///jndi/rmi://" + host + ":" + port + "/jmxrmi");

              JMXServiceURL serviceURL = new JMXServiceURL(urlString);

              JMXConnector jmxConnector = JMXConnectorFactory.connect(serviceURL, null);

              MBeanServerConnection connection = jmxConnector.getMBeanServerConnection();{code}

       

      I get the following message :

       

      Exception in thread "main" java.rmi.ConnectException: Connection refused to host: 10.190.70.10; nested exception is:

                ...

       

      Of course, it cannot work as 10.190.70.10 is the local IP of my server.

       

      I've tried to add some properties, but it didn't work.

      -Djava.rmi.server.hostname=ec2-100-20-180-80.compute-1.amazonaws.com

      -Djava.rmi.server.useLocalHostname=false

       

      How could I do to access to my server with JMX ?

        • 1. Re: How to access JMX via a firewall on AS 7
          kabirkhan

          in standalone.xml, depending on which interfaces you have set up in your interfaces section, try setting up these socket bindings

           

          <socket-binding name="jmx-connector-registry" interface="management" port="1090"/>

                  <socket-binding name="jmx-connector-server" interface="management" port="1091"/>

           

          to bind to an externally accessible interface

          • 2. Re: How to access JMX via a firewall on AS 7
            sewatech

            The only way I found to connect a jconsole to my JBoss AS 7 on EC2 to pass through a SOCKS proxy.

             

            To start the proxy client :

            ssh -vfND 6666 -i .amazon/aws1-sewatech-net.pem ec2-user@aws1.sewatech.net
            

             

            To launch jconsole :

            jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=6666 aws.sewatech.net:1090
            

             

            For french speaking people, I described the solution in my personal wiki.

            1 of 1 people found this helpful
            • 3. Re: How to access JMX via a firewall on AS 7
              hgomez

              socket-binding allow set TCP port, but what about TCP host (ie: listening adress).

              How could we make JBoss to listen only to a specified adress (AWS dual homed case) ?


              • 4. Re: How to access JMX via a firewall on AS 7
                sewatech

                Support of -Djava.rmi.server.hostname has been added in JBoss AS 7.1.0.CR1. With that version, I just have to add this in bin/standalone.conf

                 

                JAVA_OPTS="$JAVA_OPTS -Djava.rmi.server.hostname=myPublicHostName"