users@glassfish.java.net

Re: EJB remote access through firewall

From: Glenn Holmer <gholmer_at_weycogroup.com>
Date: Tue, 08 Apr 2008 09:16:52 -0500

Ping? Does anybody recognize this symptom?

Glenn Holmer wrote:
> Use case: we have servers in a DMZ and want to know if we can access
> remote EJBs from standalone programs on our inside network. We have a
> test program working that does this:
>
> java -Dorg.omg.CORBA.ORBInitialHost=...
>
> context = new InitialContext();
> logger.info("SkuEJB");
> ...
>
> and it works between two machines on the inside network and two machines
> within the DMZ.
>
> Now we try from a machine on the inside network to a machine
> ("webdevel") in the DMZ. We have one address (172.16.1.x) that we use
> to access webdevel from the inside network, and one (10.0.0.x) from
> within the DMZ. But when I try to run the test program from the inside
> network to either "webdevel" or to "172.16.1.74", packet traces show
> that the first few packets go to 172.16.1.74, but then there's a packet
> that Wireshark labels "GIOP 1.2 Reply 5: Location Forward", and after
> that, the inside machine is trying to send to the 10.0.0.x address
> (which is what webdevel knows itself by). Our firewall rules disallow
> this, and the program fails with
>
> Mar 27, 2008 1:25:48 PM
> com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl <init>
> WARNING: "IOP00410201: (COMM_FAILURE) Connection failure: socketType:
> IIOP_CLEAR_TEXT; hostname: 10.0.0.64; port: 3700"
> org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No
>
> What is causing the change of addresses? Is it a network misconfiguration?
>


-- 
____________________________________________________________
Glenn Holmer                          gholmer_at_weycogroup.com
Software Engineer                        phone: 414-908-1809
Weyco Group, Inc.                          fax: 414-908-1601