RMI app behind NAT firewall

[tobias.weih]

I have a problem getting my RMI application to work. Having a RMI Server app running in a VMWare that forwards port 1099 in a NAT enviroment.
Physical machines IP on the outside = 9.154.38.47
Physical machines IP in local area = 192.168.0.1
Virtual machines IP = 192.168.0.100

I start a rmiregistry on my virtual machine and since port 1099 is NAT-forwarded I can connect to the registry from the outside using telnet 9.154.38.47:1099.

I startup my serverside rmi-app on the virtual machine

Code:

-Djava.rmi.server.hostname=$HOST

and in my app I do the following binding:

Code:

System.getProperties().put("java.rmi.server.hostname", HOST);
Registry reg = LocateRegistry.createRegistry Registry.REGISTRY_PORT);
Naming.rebind("//"+ HOST + ":1099/" + CommandBroker.NAME, this);

This work fine with HOST=127.0.0.1 or HOST=192.168.0.100 but when setting HOST=9.154.38.47 (the public IP address), startup fails with:

Code:

java.rmi.AccessException: Registry.Registry.rebind disallowed; origin /9.154.38.47 is non-local host

When server is running with HOST=127.0.0.1 or HOST=192.168.0.100 (like I said using HOST=9.154.38.47 doesn't work at all, the server is not allowed to bind) the binding from the outside using my client-app works (bind to 9.154.38.47 the public IP) , but however when trying to actually use the remote object the client throws the following exception:
Using HOST=127.0.0.1 on serverside

Code:

Operation timed out: connect:could be due to invalid address

or when server HOST=192.168.0.1

Code:

java.net.ConnectException: Connection refused: connect
	at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:585)

I assume using the public IP on serverside by setting HOST= to 9.154.38.47 is the right way, but as stated above binding to the rmiregistry is not allowed! What am I missing?

Thanks alot, your help is very much appreciated.
Cheers,
Tobi

[tobias.weih]

my problem is solved, finally. There are a couple of things that caused my troubles:
First of all, binding to localhost is correct, since the host-address is only used
to contact the registry for the rebind operation. When using the public IP to bind
it fails because the connection to 9.154.38.47 is being routed out to the NAT and
back in again, so its origin appears non-local. And as a rule binding to a non l
ocalhost is forbidden.
As far as an external client being able to use the bound stub, the important setting
is the java.rmi.server.hostname system property, which controls the host name or
address that gets put into the stubs for remote objects exported in this VM. Thus
it has to be 9.154.38.47 in my case.
Another very interessting thing is the need to explicitly define the port the
Remote Object uses. Therefor I call super(1099) instead of just super().
See http://archives.java.sun.com/cgi-bin...i-users&P=3663 for details. Many thanks to Peter Jones!

tobi

[vanho]

Hi,

I'm also having problem with RMI app behind NAT as well. Could you please
help me to identify problem and to solve it?

The scenario is as follow:

- My RMI server is running on Linux machine which is running as guest on VMWare
with Windows XP is host OS.
- On XP, physical IP address: 129.94.174.21 (host IP), virtual IP address: 192.168.170.1
- On Linux, virtual IP address: 192.168.170.128 (guest IP).
- On Linux, the RMI server is created as follow:

if (System.getSecurityManager() == null) {
System.setSecurityManager(new RMISecurityManager());
}
try {
String host = 129.94.174.21;
int port = 1099;
java.rmi.registry.Registry reg =
java.rmi.registry.LocateRegistry.createRegistry(port);
HelloImpl obj = new HelloImpl(port);
// Bind this object instance to the name "HelloServer"
Naming.rebind("//" + host + ":" + port + "/HelloServer", obj);

- And the server is running with option -Djava.rmi.server.hostname=129.94.174.21.
- RMI client is on another physical machine and is looking up and invoking on
host IP 129.94.174.21. And I got "Connection refused to host", as stack trace
shown below.

- If I run RMI client on host machine, connection is fine. I've also verified
that the host machine is accepting incoming calls by running RMI server on
host machine, and RMI client from the same machine that I run RMI client earlier.
The connection is OK as well.

Am I missing something here?

Thank you very much in advance.
Regards,
Van

=======================================

-bash-3.1$ ./runclient-desk.sh
reg 0 HelloServer
HelloServer found: true
HelloApplet exception: Connection refused to host: 192.168.170.128; nested
exception is:
java.net.ConnectException: Connection timed out
java.rmi.ConnectException: Connection refused to host: 192.168.170.128; nested
exception is:
java.net.ConnectException: Connection timed out
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at examples.hello.HelloImpl_Stub.sayHello(Unknown Source)
at examples.hello.HelloApp.init(HelloApp.java:85)
at examples.hello.HelloApp.<init>(HelloApp.java:67)
at examples.hello.HelloApp.main(HelloApp.java:113)
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown
Source)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown
Source)