users@glassfish.java.net

Glassfish EJB remote call through NAT

From: <forums_at_java.net>
Date: Fri, 29 Jul 2011 03:48:24 -0500 (CDT)

Hello,

I have 2 Glassfish servers version 3.1: a FRONT server and a BACK server. The
FRONT server is in a DMZ. The BACK server is in on a private lan, not
accessible directly from the DMZ, but through a firewall that does a NAT on
the IP of the BACK server.

Let's say:
-> IP-PU-B = Public IP address of the BACK
-> IP-PR-B = Private IP address of the BACK

Thus, the FRONT server only knows the public IP of the BACK server (the
"NATed" IP). The Glassfish on the BACK server knows only its own "private" IP
address, not its NATed address (it is only valid for machines on the DMZ).

Here is my client code:
try {
            InitialContext context = new InitialContext();
            System.out.println("Context initialized!");
            HelloService service = (HelloService)
context.lookup("HelloEJB");
            System.out.println("Service retrieved!");
            String name = service.countryCount();
            System.out.println("Hello " + name);
} catch (Exception e) {
            e.printStackTrace();
}

And here is my jndi.properties content in my client app:
java.naming.factory.initial =
com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs = com.sun.enterprise.naming
java.naming.factory.state =
com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
org.omg.CORBA.ORBInitialHost = IP-PU-B
org.omg.CORBA.ORBInitialPort = 3700

This code doesn't work if I launch my application from the DMZ trying to
access the EJB remote via the IP address IP-PU-B.
This code works if I launch the application from "inside the network" trying
to access the EJB remote via the IP address IP-PR-B.

The problem is due to the IIOP protocol as implemented on the Glassfish
server. It does a first call on the ORB to locate the EJB (which is deployed
on the same server as the ORB). Thus, the ORB sends the private IP to the
client, instead of the public IP (which it has no way of knowing, as it is
determined by the firewall)... The client then tries to connect on the
private IP, which does not go though the firewall.

Is there a way to configure Glassfish to make it send the public IP instead
of the private one?

Thanks in advance for your help! 


--
[Message sent by forum member 'bgbw']
View Post: http://forums.java.net/node/827322
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.