Re: [JBoss-user] JBoss 3.0.x through firewall (port issues)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Johnson, Lance wrote:
> Hello everyone out there in JBoss land...
> 
> We are trying to put some firewall documentation together for our customers
> so they understand the requirements of our system.  When we started putting
> this together we noticed some unfortunate behavior in JBoss with random port
> selection.  This type of port selection is obviously not good for firewalls
> because no static rules can be written to it.  So I started investigating
> how to make these ports static.  Thanks to the forum and the mail list I was
> able to figure out how to get JNDI to stop opening his random port by
> setting the RmiPort property.  As we only use JBoss as an EJB container we
> were also able to turn off several of the MBeans that we didn't need.
> Unfortunately, we still have a few ports that we don't know where they are
> coming from.  Below is a listing of the ports JBoss is using in our config.
> 
> java TCP *:1099 (LISTEN)   -> JNDI port
> java TCP *:4444 (LISTEN)   -> RMI port
> java TCP *:4445 (LISTEN)   -> another RMI port set by RmiPort prop
> java TCP *:8083 (LISTEN)   -> Webservice port
> java TCP *:54387 (LISTEN)   ->  Unknown (seems to be randomly selected)
> java TCP *:54388 (LISTEN)   -> Unknown  (seems to be randomly selected)
> java TCP *:54389 (LISTEN)   -> Unknown  (seems to be randomly selected)
> 
> ok.. we have two questions (with several sub questions).
> 
> 1) Is there a way to disable the Webservice MBean?  We tried commenting it
> out but kept getting errors from the EJB-Manager, which we assumed was vital
> to serving up EJBs in the container.  Correct me if I am wrong, but the
> Webservice is used for downloading EJB interfaces if they are not know by
> the client.  We won't need this because our Java application will have all
> the interfaces it needs inside a deployed jar file.
> 
> 2) What are the three consecutive random ports that keep showing up (54387,
> 54388, and 54389 in the example above), what uses them, and if they are
> needed can them be statically set?

I responded to this thread awhile ago and haven't seen any subsequent 
discussion.  Turns out this issue has just come to the forefront in our 
production environment.  The security folks are not keen on opening up 
all ports above 32000.  My understanding (and I'm batting zero lately) 
is that the high-numbered ports are RMI ports resulting from 
home.create() and are for all intents and purposes randomly selected. 
In our Sun Solaris environment, the ports are usually in the 32000+ 
range, though occasionally I've seen then in the 57000+ range.  Is this 
a correct understanding, and if so is my only alternative to implement a 
custom socket factory?