This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Distributed Java and the fly likes RMI behind NAT Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "RMI behind NAT" Watch "RMI behind NAT" New topic
Author

RMI behind NAT

kkyim
Greenhorn

Joined: Jun 22, 2001
Posts: 20
If the client tries to connect to the rmi server behind the firewall, what is the workaround?
Jared Cope
Ranch Hand

Joined: Aug 18, 2004
Posts: 243
Hi,

Originally posted by kkyim:
If the client tries to connect to the rmi server behind the firewall, what is the workaround?


We struggled with this for ages and ages before calling off the whole thing and going for another solution for people effected by NAT. Our situation was home workers that are behind a personal home router (which in effect is NAT as well).

We found references to using a webserver to accept RMI traffic and do the translation at that level (lots of extra wrapping around packets, installation of a web-script etc), but for our purpose we needed to do reverse RMI traffic from a server to clients (for a 'push' architecture) which would mean having some kind of web server installed on client PC's to facilitate this. This was not workable for us.

This link was really helpful to understand the issues:

http://www.ia-inc.com/javatips/rmi.jsp

In short and in my experience NAT makes RMI unworkable. If someone else has any other take, then I would be very interested to hear.

Cheers, Jared.


SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
Oricio Ocle
Ranch Hand

Joined: Nov 30, 2004
Posts: 284

Hello,
AFAIK RMI behind a NAT is perfectally suitable.
I have just finished readind the previous link, and i there are some tips wrong.

1)
"NAT does have the capability to map only particular port numbers to private server address, which is useful for exposing a single port like a web server on port 80, but this doesn't help us because RMI server objects pick random socket port numbers during construction, so there's no way to predict on which ports they will appear. You could find out where they are at run-time, but they'd change the next time you restart your server application"

Please take a look to UnicastRemoteObject API, specially to Constructor Summary.
"Creates and exports a new UnicastRemoteObject object using the particular supplied port"
and static method exportObject(int).
SocketFactories can also be specified.

I would recommend you create all the UnicastRemoteObject instances on the same port , even the RMI registry. 80 or 8080 if possible, since many client firewalls block outgoing traffic to othersThis way you only need to make one router port mapping.


2)
. Note that the reverse is still a problem: if the client application/applet tries to create an RMI server object (e.g. a "ClientIsStillHere" RMI object which responds to "pings" from the server machine), then the server machine will not be able to contact the RMI server object residing on the client machine (hidden by NAT)


Server callbacks are perfectly posible too if the client is not behind other NAT. In thus case, server firewall must let outgoing connections to client listening port.

If the client is also behind a NAT I do a trick to let server callbacks possible. If you are interested a can give you some tips

Regards

[ July 18, 2006: Message edited by: Oricio Ocle ]
[ July 18, 2006: Message edited by: Oricio Ocle ]

SCJP, OCMJD, OCMJEA
Nathan Pruett
Bartender

Joined: Oct 18, 2000
Posts: 4121

"kkyim" -

Welcome to the JavaRanch! We don't have many rules around the ranch, but we do have a policy on displayed names... Please adjust your displayed name to meet the JavaRanch Naming Policy. User names cannot be obviously fake and must constist of a first name and a last name.

You can change your user name here.

Thanks! and welcome to the JavaRanch!


-Nate
Write once, run anywhere, because there's nowhere to hide! - /. A.C.
Jared Cope
Ranch Hand

Joined: Aug 18, 2004
Posts: 243
Hi,

Just read your post and yes, you are right about all those things you say. I was quite negative about it all because of what we needed to achieve with clients stuck behind personal home firewalls and routers for which we would never be able to access and configure to allow RMI to work.


Server callbacks are perfectly posible too if the client is not behind other NAT. In thus case, server firewall must let outgoing connections to client listening port.


Unfortunately that is our situation -- clients are behind NAT for which we can't access and configure.


If the client is also behind a NAT I do a trick to let server callbacks possible. If you are interested a can give you some tips


I would very much like to hear about the trick if you can share it.

Cheers, Jared.
Oricio Ocle
Ranch Hand

Joined: Nov 30, 2004
Posts: 284

Hello again people

i've just opened a new thread that hope you will find interesting:
RMI callback, NAT environments. DEBATE OPENED.

See you there
Chris Janicki
Greenhorn

Joined: Aug 30, 2006
Posts: 21

Also consider overriding RMISocketFactory. I posted some notes here:

Augur Systems: Java RMI Tips

I also corrected an error someone pointed out in the previous thread here.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: RMI behind NAT