File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Distributed Java and the fly likes RMI app behind NAT firewall Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "RMI app behind NAT firewall" Watch "RMI app behind NAT firewall" New topic

RMI app behind NAT firewall

Tobias Weih

Joined: Jan 25, 2006
Posts: 3
I have a problem getting my RMI application to work. Having a RMI Server app running in a VMWare that forwards port 1099 in a NAT enviroment.
Physical machines IP on the outside =
Physical machines IP in local area =
Virtual machines IP =

I start a rmiregistry on my virtual machine and since port 1099 is NAT-forwarded I can connect to the registry from the outside using telnet

I startup my serverside rmi-app on the virtual machine

and in my app I do the following binding:

This work fine with HOST= or HOST= but when setting HOST= (the public IP address), startup fails with:

When server is running with HOST= or HOST= (like I said using HOST= doesn't work at all, the server is not allowed to bind) the binding from the outside using my client-app works (bind to the public IP) , but however when trying to actually use the remote object the client throws the following exception:
Using HOST= on serverside

or when server HOST=

I assume using the public IP on serverside by setting HOST= to is the right way, but as stated above binding to the rmiregistry is not allowed! What am I missing?

Thanks alot, your help is very much appreciated.
Nathan Pruett

Joined: Oct 18, 2000
Posts: 4121

You have to ensure that your firewall is forwarding your RMIRegistery port (1099), and you also have to set the java.rmi.server.hostname property on the command line when you run your server. The value of java.rmi.server.hostname should be the external address of your firewall. This allows your server to "know" it's running locally, but to ensure that any stubs generated will use the IP address of your firewall. When clients use the stubs, they "talk" to the firewall, and the firewall forwards to your real server.

Write once, run anywhere, because there's nowhere to hide! - /. A.C.
Tobias Weih

Joined: Jan 25, 2006
Posts: 3
Hi, thanks for your reply.

Well, ok. So my assumtion of using the public IP is correct. But when doing so on server side, this exception occurs when starting the server:

[ January 26, 2006: Message edited by: Tobias Weih ]
Nathan Pruett

Joined: Oct 18, 2000
Posts: 4121

The value of HOST in your code above has to be the IP of the machine the server code is running on. From the error above it looks like this value isn't correct.

// HOST *must* be localhost
String HOST = ""; // or just
Naming.rebind("//"+ HOST + ":1099/" + CommandBroker.NAME, this);

The java.rmi.server.hostname property that you specify on the command-line will be the IP of your firewall, though...


Are these the values you are specifying?
[ January 27, 2006: Message edited by: Nathan Pruett ]
Tobias Weih

Joined: Jan 25, 2006
Posts: 3
my problem is solved, finally. There are a couple of things that caused my troubles:
First of all, binding to localhost is correct, since the host-address is only used
to contact the registry for the rebind operation. When using the public IP to bind
it fails because the connection to is being routed out to the NAT and
back in again, so its origin appears non-local. And as a rule binding to a non l
ocalhost is forbidden.
As far as an external client being able to use the bound stub, the important setting
is the java.rmi.server.hostname system property, which controls the host name or
address that gets put into the stubs for remote objects exported in this VM. Thus
it has to be in my case.
Another very interessting thing is the need to explicitly define the port the
Remote Object uses. Therefor I call super(1099) instead of just super().
See for details. Many thanks to Peter Jones!

Niklas Borss�n

Joined: Mar 08, 2006
Posts: 1
Having the same problem, not very familiar with this, but:

You are running the rmiregistry? It is a problem here, because when I call super(1099), the port is already in use.

Do you have a simple example of client/server with NAT router?

- nibo
I agree. Here's the link:
subject: RMI app behind NAT firewall
It's not a secret anymore!