Date: Mon, 1 Aug 2011 12:43:39 +0200
Hello,
I have 2 Glassfish servers version 3.1: a FRONT server and a BACK
server. The FRONT server is in a DMZ. The BACK server is in on a private
lan, not accessible directly from the DMZ, but through a firewall that
does a NAT on the IP of the BACK server.
Let's say:
-> IP-PU-B = Public IP address of the BACK
-> IP-PR-B = Private IP address of the BACK
Thus, the FRONT server only knows the public IP of the BACK server (the
"NATed" IP). The Glassfish on the BACK server knows only its own
"private" IP address, not its NATed address (it is only valid for
machines on the DMZ).
Here is my client code:
try {
InitialContext context = new InitialContext();
System.out.println("Context initialized!");
HelloService service = (HelloService) context.lookup("HelloEJB");
System.out.println("Service retrieved!");
String name = service.countryCount();
System.out.println("Hello " + name);
} catch (Exception e) {
e.printStackTrace();
}
And here is my jndi.properties content in my client app:
java.naming.factory.initial =
com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs = com.sun.enterprise.naming
java.naming.factory.state =
com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
org.omg.CORBA.ORBInitialHost = IP-PU-B
org.omg.CORBA.ORBInitialPort = 3700
This code doesn't work if I launch my application from the DMZ trying to
access the EJB remote via the IP address IP-PU-B.
This code works if I launch the application from "inside the network"
trying to access the EJB remote via the IP address IP-PR-B.
The problem is due to the IIOP protocol as implemented on the Glassfish
server. It does a first call on the ORB to locate the EJB (which is
deployed on the same server as the ORB). Thus, the ORB sends the private
IP to the client, instead of the public IP (which it has no way of
knowing, as it is determined by the firewall)... The client then tries
to connect on the private IP, which does not go though the firewall.
Is there a way to configure Glassfish to make it send the public IP
instead of the private one?
Thanks in advance for your help!
______________________________________ _ _ _
Blaise Gosselin
Front-End Development Applications
BUY WAY Services GEIE
Boulevard Anspachlaan 1/11
Brussel 1000 Bruxelles
Mobile: +32 478 80 44 81
blaise.gosselin_at_externe.buyway.be
This e-mail and any attachment(s) are strictly confidential and intended solely for the use of the addressee. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. Unauthorized publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachments is strictly prohibited. The sender and its affiliates decline any liability if the mail is modified.
(image/gif attachment: image001.gif)