RMI only works over network and not over internet

[zach.bastick]

Hello

I am testing an RMI application that I have written and have found that
my client can only connect to servers which are in my local network
(192.168.* and 10.0.*). I have tried to connect to servers over the
internet with no success. I can, however, ping the remote machines, and
I am sure that they have no restrictive firewalls on them.

If anyone could help me solve this problem I would be very grateful


Zach

 

[Alex Molochnikov]

What is the exception type?
How do the servers publish their remote objects? How are the objects bound
to the IP address?
Do the servers have multiple network interfaces (multi-homing hosts)?
How do you connect to the servers (example of the Naming.lookup()
parameters)?
Is your client behind a firewall?

Without knowing all these, not much can be offered in the way of help.

Alex Molochnikov
Gestalt Corporation

 

[zach.bastick]

Thanks for the reply.

Here is the code that the server uses:

java.rmi.registry.LocateRegistry.createRegistry(defport);
Services server = new ServicesImpl();
Naming.rebind("rmi://localhost:48594/ControlService", server);


Here is the code that the client uses:

if(System.getSecurityManager() == null)
System.setSecurityManager(new RMISecurityManager());
s = (Services)Naming.lookup("rmi://"+host+":48594/ControlService");


The exception that I get when trying to connect to a machine over the
internet is:
Can't Connect: Connection Refused to HostConnection refused to host:
[THE REMOTE IP IS HERE]; nested exception is:
java.net.ConnectException: Connection timed out: connect

However the remote machine has no firewall and I can ping it. I have
tried this on 3 computers over the internet, and I get the same
response from all of them.

 

[Alex Molochnikov]

You did not answer the question of multi-homing remote hosts. I assume the
server has only one NIC. In this case, try binding the NIC address like
this:

Naming.rebind("rmi://[SERVER'S PUBLIC IP ADDRESS]:48594/ControlService",
server);

(do not use "localhost" - it is not a valid domain name on the Net).

If the server does have multiple NICs, you will need to set the following
property _prior_ to binding:

String publicAddress = [PUBLIC IP ADDRESS OF THE SELECTED NIC];
System.getProperties().put("java.rmi.server.hostname", publicAddress);

 

[zach.bastick]

ok
i did what you said and tried to bind my public IP after setting the
property.
However, it just won't bind. I get this error:

nested exception is:
java.net.ConnectException: Connection refused: connect

It seems to me that, since I am behind a NAT, this is my internet
gateways IP. Hence, I am trying to bind the server to the IP of another
machine..

Is there no way around this besides running the program on the gateway
machine (which I can't do since that machine belongs to my ISP)?

 

[Alex Molochnikov]

I can only help you if you help me understand your environment. This is what
you said in your original post:

I am sure that they [servers - A.M.] have no restrictive firewalls on them

Now you say:

since I am behind a NAT

NAT _is_ a firewall - or, at least, that aspect of the firewall that
requires careful consideration when setting up the RMI connections.

So, let me ask you again:

What is the configuration of the network between your client and server
machines? E.g. the client is behind a firewall, or the server is behind a
firewall, or both. If the server is behind the firewall, then is the IP
address of the firewall on the ISP side static or dynamic?

If your server is indeed behind the firewall, and the configuration is
something like:

internet > external NIC > firewall > internal NIC > LAN > server host
(here "external NIC" and "internal NIC" are network cards inside the
firewall, at the public and private ends)

then you have to bind the server object to your _local_ (private) IP address
of the server host, but the java.rmi.server.hostname property must be set to
the external IP address of the firewall. Your client, when locating the
server, will also have to use that same external IP address in order to
connect to the server. Finally, the firewall (or NAT router - whatever it is
called at your location) will have to route packets destined to the server
(based on say port number) from the external to the internal NIC.

Alex Molochnikov
Gestalt Corporation

 

[zach.bastick]

it sounds like it would be difficult to create a protable RMI
application, given the specific settings that have to be programmed for
each network set up.

 

[Alex Molochnikov]

You do not program "specific settings" in your RMI-based (i.e.
client-server) application. Instead, the parameters that are likely to vary
from one installation to another must be put into an external file (like
property file) to be edited by whoever does the installation, and your
server and client get these parameters (server IP address, port etc.) from
this file. Of course, nothing stops you from providing a nice-looking GUI to
make the property editing easier for the users.

And if firewalls are involved, then some cooperation from the firewall admin
will be required - but this hardly makes the RMI applications non-portable.
For examples of live RMI-based products that are "portable" you can visit
our websites: www.reportgenerator.org or www.gestalt.com.

Alex Molochnikov
Gestalt Corporation