users@glassfish.java.net

Re: How to connect Java SE client to Java EE module running on GlassFish?

From: Witold Szczerba <pljosh.mail_at_gmail.com>
Date: Sun, 16 Aug 2009 01:20:17 +0200

> That's an issue with firewalls and NAT. It might cause some inconvenience in
> some situations, but "firewalls and NAT" is not "over the Internet". It's in
> "over the Internet to a private network that is not visible to the world".

You say that NAT is only about the Internet and private network that
is not visible to "the world"? No, it is about traveling from one
network (passing by one or more routers) to another network. This is
very typical, especially when it comes to servers, which are very
often in theirs own (DMZ or not) networks behind companies' main
gateways.

> This is a problem that affects lots of applications. What does MSN do if it
> tries to negotiate P2P between two clients that are both behind "firewalls
> and NAT"? Neither client can directly connect to the other client, so it
> reverts to a server-based proxy solution which is much slower.

This is totally off topic. Who says here about P2P??

> If you want to be able to safely navigate through NAT, you'll need to
> restrict yourself to protocols which only connect one-way and don't send
> callback addresses that may not be accessible. [...]
> I don't know personally whether RMI/CORBA can be made to work through
> firewalls and NAT. The article you posted seems to suggest it is possible,
> but may require some tweaking to get it to work right.

This is nonsense. You think the RMI/CORBA is some kind of P2P
protocol? No, this is "one-way", the problem is Glassfish - I have no
idea why - puts into the response its own IP address. Maybe this is
something about load balancing or something. Whatever reason it is -
it has ugly side effect which should be considered a bug or a high
priority feature to implement.

I agree with the author of this thread as I had same problems with
Glassfish. Our standalone Swing application refuses to connect to
Glassfish when it is in different network. Initially client connects
to server, but Glassfish hard-codes its internal IP address as a
"reply-to" and no further communication happens. We worked this around
using VPN, so remote offices, using VPN, are (virtually) one the same
network as the HQ. That would be huge relief if they would fix that
issue.