RMI server behind a NAT router
Hello all,
I have a server behind a NAT router and I perform an RMI lookup. The stub the client receive has the server host which the client is NOT familiar with (because of the NAT router).
My question is, how can I override the server host address in the stub object with the server IP the client is familiar with (which will be translated to the actual IP address in the NAT router)?
I will demonstrate what I mean:
I have -Login login = (Login) registry.lookup(url);
I want to override and do something like -login.setHost(...........);
Is such a thing possible?
Thanks!!!!!!
[658 byte] By [
Lior_Levya] at [2007-11-27 3:35:32]
# 1
java.rmi.server.hostname http://java.sun.com/j2se/1.5.0/docs/guide/rmi/faq.html#firewallIn
ejpa at 2007-7-12 8:38:43 >
# 2
Thanks for your reply!I already tried to do so after receiving the stub from the lookup- System.setProperty( "java.rmi.server.hostname", "10.18.5.236" );but it didn't help. Any idea why?
# 3
because you have to set it at the server, not the client.
ejpa at 2007-7-12 8:38:43 >
# 4
You're probably right, but... the server doesn't know what IP address the NAT router is giving the client...
# 5
I am right, and (if your topic title is correct) it is the server that gets a NAT address from the router, not the client. But this address is of no interest and indeed it is part of the problem.
What the server needs is the public IP address of the NAT router to set as the value for java.rmi.server.hostname. This address will be fixed by the router configuration.
ejpa at 2007-7-12 8:38:43 >
# 6
OK, I was probably misunderstood.... The client is the one that gets the IP from the NAT router. What can be done in this situation?
# 7
So the client is behind a NAT router? There should be no problem at all in this case unless the client is exporting callbacks. In which case it is really a server behind an NAT firewall and all my remarks above apply.
Otherwise I don't understand the problem. The client-side NAT router shouldn't stop the client from seeing the server as long as there is a route to the outside world and access to the Internet DNS system.
ejpa at 2007-7-12 8:38:43 >
# 8
I will try to draw the problem:
The client performs an RMI call to the server IP he knows (10.18.5.236) and the NAT router translates this IP to 10.17.5.236. the server returns the stub to the client.
Now that the client wants to perform the API call the call fails because the server IP in the stub is the real one (10.17.5.236) which the client is not familiar with.
Can the client override the real IP in the stub (10.17.5.236) with the other one (10.18.5.236)?
/^^^^^^^^^^^^^^^^\
-|NAT router|
|client| ||--|server|
||||| 10.17.5.236 |
-\/
10.18.5.236
translated to
10.17.5.236
# 9
No but the server can as I said above. You need to read sections C.10, 11, and 12 of that FAQ again. The situation is as described in your title. The NAT is on the server side; its public IP address is fixed and known by the client, and the server needs to set its java.rmi.server.hostname to that value.
ejpa at 2007-7-12 8:38:43 >
# 10
I'm sorry I'm nagging you again....
The server doesn't know the IP the client called with, because the call went through the router! The server doesn't even know the IP was translated, it doesn't even know if there is a router or not! So, how can he override with an IP it does not aware of?
# 11
You've got this back to front. If the server is behind a NAT firewall it is the server's IP address that is being translated, not the client's.
The server doesn't need to know the IP the client called with. Why would it? The client connects to the server, not the other way round. What the server needs to know, for java.rmi.server.hostname, is the public IP address of the NAT router that it's behind.
So what you need to to is set -Djava.rmi.server.hostname=10.18.5.236 at the server JVM.
ejpa at 2007-7-12 8:38:43 >
# 12
Thanks a lot for your time!!
# 13
Let me try to understand a little better.
Sun running rmi ip address: 10.10.10.128
router with public ip address 64.3.117.248 with NAT for RMI port
set to ->10.10.10.128
User at home with cable modem (could be DHCP ip address) runs some client software which is setup to connect to 64.3.117.248.
What should the rmi registry on the Sun server be using?
What is there is also an internal user who is on a PC at 10.10.10.129 who needs to connect to 10.10.10.128. Can it support both 64.3.117.248 and 10.10.10.128?
# 14
The RMI Registry doesn't 'use' anything.
Sun's theory in all this, with which I do not agree, is that there is always a 'most public' IP address of any host which any client can use. So in your case the internal client should still be able to use the external IP address i.e. the address of the NAT box.
If your network doesn't conform with Sun's theory, i.e. if your internal client can't access that external IP, I am sorry but you are hosed.
IMO this part of RMI is badly broken. Curiously enough there is a simple fix but when I suggested it on the RMI mailing list some years ago I was flamed from within Sun.
ejpa at 2007-7-12 8:38:43 >
# 15
Well, when we are using the external IP, 64.3.117.248 we are getting an error: java.rmi.ConnectException connection refused to host 64.3.117.248
# 16
Then your only recourse is to get the network admin(s) to allow internal clients to connect to the external IP. They may not want to do that, in which case you have the serious problem I described - your practical network doesn't match Sun's imagined model.
ejpa at 2007-7-21 20:50:27 >
