glassfish
  1. glassfish
  2. GLASSFISH-17151

EJB remote deployed on GF 3.1 behind a NAT unaccessible via a simple Java app

    Details

    • Type: Bug Bug
    • Status: Reopened
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: 3.1
    • Fix Version/s: 4.1.1
    • Component/s: orb
    • Labels:
      None
    • Environment:

      OS Linux Debian 6
      JDK 1.6.0.26

      Description

      I have 2 Glassfish servers version 3.1: a FRONT server and a BACK server.
      The FRONT server is in a DMZ.
      The BACK server is in on a private lan, not accessible directly from the DMZ, but through a firewall that does a NAT on the IP of the BACK server.
      -> IP-PU-B = Public IP address of the BACK
      -> IP-PR-B = Private IP address of the BACK

      Thus, the FRONT server only knows the public IP of the BACK server (the "NATed" IP). The Glassfish on the BACK server knows only its own "private" IP address, not its NATed address (it is only valid for machines on the DMZ).

      Here is my client code:
      try {
      InitialContext context = new InitialContext();
      System.out.println("Context initialized!");
      HelloService service = (HelloService) context.lookup("HelloEJB");
      System.out.println("Service retrieved!");
      String name = service.countryCount();
      System.out.println("Hello " + name);
      } catch (Exception e) {
      e.printStackTrace();
      }

      And here is my jndi.properties content in my client app:
      java.naming.factory.initial = com.sun.enterprise.naming.SerialInitContextFactory
      java.naming.factory.url.pkgs = com.sun.enterprise.naming
      java.naming.factory.state = com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
      org.omg.CORBA.ORBInitialHost = IP-PU-B
      org.omg.CORBA.ORBInitialPort = 3700

      This code doesn't work if I launch my application from the DMZ trying to access the EJB remote via the IP address IP-PU-B.
      This code works if I launch the application from "inside the network" trying to access the EJB remote via the IP address IP-PR-B.

      The problem is due to the IIOP protocol as implemented on the Glassfish server. It does a first call on the ORB to locate the EJB (which is deployed on the same server as the ORB). Thus, the ORB sends the private IP to the client, instead of the public IP (which it has no way of knowing, as it is determined by the firewall)... The client then tries to connect on the private IP, which does not go though the firewall.

      We have already tried the following solutions:

      • Connecting to a Remote EJB Module Through a Firewall
        Link: http://download.oracle.com/docs/cd/E19226-01/820-7695/6niugesud/index.html
        We have put the IP-PU-B as value for the variable "com.sun.corba.ee.ORBVAAHost".
        In that case, the problem between the FRONT and the BACK still exists, and moreover there is also a problem when I try to access the EJB remote from the Java application run on the BACK to the EJB remote on the BACK.
      • Replace Network address of the orb-listener-1, no better result.
      • Use of variable "java.rmi.server.hostname", no better result.

      Is there a specific way to configure Glassfish behind a NAT to make it send the public IP instead of the private one?

      Thanks in advance for your help!

        Issue Links

          Activity

          Hide
          lordvlad added a comment -

          Is there any progress on this issue? Is it supposed to be fixed in 4.1.1? Because we have the same issue now with 4.1.1 and it is kind of a showstopper.

          Show
          lordvlad added a comment - Is there any progress on this issue? Is it supposed to be fixed in 4.1.1? Because we have the same issue now with 4.1.1 and it is kind of a showstopper.
          Hide
          skgaju added a comment -

          has anyone tried setting public IP to IIOP listener and Blaise Gosselin patch.

          Show
          skgaju added a comment - has anyone tried setting public IP to IIOP listener and Blaise Gosselin patch.
          Hide
          hoseka added a comment -

          Hi all!
          Can I solve this problem in version 3.1.2?
          Does the correction proposed by Blaise Gosselin work?
          Where can I get the source orb-iiop.jar to fix it and replace in my glassfish?

          Show
          hoseka added a comment - Hi all! Can I solve this problem in version 3.1.2? Does the correction proposed by Blaise Gosselin work? Where can I get the source orb-iiop.jar to fix it and replace in my glassfish?
          Hide
          Tom Mueller added a comment -

          Targeting for 4.0.1 as bugs related to the orb do not need to be fixed for the RI/SDK.

          Show
          Tom Mueller added a comment - Targeting for 4.0.1 as bugs related to the orb do not need to be fixed for the RI/SDK.
          Hide
          ymajoros added a comment -

          Hi,

          Is it possible to have an answer to this problem please?

          I work with Blaise Gosselin, who made the patch in #4, and we still have the issue. We have to patch every new version of Glassfish as described.

          Thanks in advance for your help!

          KR,

          Show
          ymajoros added a comment - Hi, Is it possible to have an answer to this problem please? I work with Blaise Gosselin, who made the patch in #4, and we still have the issue. We have to patch every new version of Glassfish as described. Thanks in advance for your help! KR,

            People

            • Assignee:
              Harshad Vilekar
              Reporter:
              Blaise Gosselin
            • Votes:
              5 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated: