1 2 Previous Next 18 Replies Latest reply: May 8, 2012 7:16 PM by 925521 RSS

    RMI, NAT firewall, and callbacks

    896954
      Hi,

      My problem is similar to many other problems that have been posted over the span of nearly a decade on this forum. However, I'm starting this thread because my search through the forum didn't make me happy, and because I hope that with new versions of Java new things might be possible.

      My setting: the server has a public IP, a client is behind a NAT firewall. The client passes a Remote object to the server so that the server can call back the client some time later. This setting is nowadays very common in Internet: clients are run on ubiquitous home routers with NAT, and servers are available on public IP addresses.

      One way to solve this problem is to instruct the server to use the TCP connection already established by the client when the server wants to call back the client. This way the NAT firewall will not block the server communication, because it will be part of the connection initiated by the client. So it looks like using a socket factory might be a solution.

      Is the solution with socket factories possible?


      Thanks,
      Irek

      Edited by: 893951 on 2011-10-31 04:44

      Edited by: 893951 on 2011-10-31 04:52
        • 1. Re: RMI, NAT firewall, and callbacks
          EJP
          No that's not a solution, and there have been practically no substantive changes in Java RMI since 1.2, certainly none that address this issue.
          • 2. Re: RMI, NAT firewall, and callbacks
            896954
            Thanks, EJP, for your input. That's pretty bad news for anyone who wants to use RMI over Internet. The inability of an RMI server to communicate back with a client is a serious drawback, practically a show-stopper. If I come across a solution that uses pure RMI, I will drop a note to this thread.

            I noticed your product, which looks great. However, my RMI problems are not related to a commercial project, but only teaching and personal curiosity.
            • 3. Re: RMI, NAT firewall, and callbacks
              896954
              Wow! EJP is Esmond Pitt! Cool! I'm reading your book Java.RMI and it's great: technical and well-written. Thanks! I haven't read the book completely yet, and was hoping to learn how to resolve the problem from your book. But since you say that socket factories won't help, then I get it. I consider this thread answered and closed.
              • 4. Re: RMI, NAT firewall, and callbacks
                EJP
                RMI with HTTP tunneling is a possible solution but the client has to set it up, and also arrange port forwarding at the NAT device, all of which tends to rule it out in practice. Callbacks via the Internet are a problem in any technology: best to design without them.

                Thanks for the kind remarks about the book. I thought it was well-written when I wrote it, but I find the early chapters pretty heavy going now. One of these days there might be a second edition, on Kindle or such.
                • 5. Re: RMI, NAT firewall, and callbacks
                  896954
                  Without callbacks one has to resort to polling, which is inefficient and causes unnecessary delays. Java RMI already does magic with multiplexing servers and a registry into a single socket, and that's pretty impressive. And so it seemed to me feasible that RMI could reuse a socket for calling back a client through an extended and revived multiplexing protocol that you mention in 15.8 of your book. This protocol, however, has not been revived, and therefore only polling remains.

                  As to the book, I find the book very informative. Before buying it, I read a number of on-line tutorials, including the one on the Oracle website. These tutorials didn't go into details. When I finally started reading the book and writing my own code with your information, I started to feel that I finally get RMI. I'm looking forward to studying the rest of the book.

                  If you decide to work on a new version of your book, please consider addressing the following:

                  * What's the difference between a stub and a proxy?

                  * What's the difference between a skeleton and a dispatcher?

                  * Ideas on callbacks for clients behind NAT firewalls.

                  * Why Java RMI over SSL is not secure?

                  The NAT and SSL issues break my heart. Both are crucial to RMI over Internet.

                  It seems the development of RMI is no longer a priority. Is there another Java tool better than RMI? I'm not thinking about regular sockets, because RMI is far better.
                  • 6. Re: RMI, NAT firewall, and callbacks
                    EJP
                    please consider addressing the following
                    I'll address them right now.
                    * What's the difference between a stub and a proxy?
                    None.
                    * What's the difference between a skeleton and a dispatcher?
                    None.
                    * Ideas on callbacks for clients behind NAT firewalls.
                    See above: there aren't any more.
                    * Why Java RMI over SSL is not secure?
                    Because you can't perform the authorization step, because you can't get the authenticated peer identity.
                    It seems the development of RMI is no longer a priority.
                    Not for about ten years, no.
                    Is there another Java tool better than RMI?
                    RMI/IIOP or SOAP. The former has at least the potential to handle callbacks down the same connection, if OMG ever finishes the bidirectional GIOP specification. If I ever do a new edition it will cover RMI/IIOP much more thoroughly.
                    I'm not thinking about regular sockets, because RMI is far better.
                    It's only better if it's feasible.
                    • 7. Re: RMI, NAT firewall, and callbacks
                      896954
                      Thank you for the information! I guess I need to reconsider RMI.
                      • 8. Re: RMI, NAT firewall, and callbacks
                        gimbal2
                        iszczesniak wrote:
                        Wow! EJP is Esmond Pitt! Cool! I'm reading your book Java.RMI and it's great: technical and well-written. Thanks! I haven't read the book completely yet, and was hoping to learn how to resolve the problem from your book. But since you say that socket factories won't help, then I get it. I consider this thread answered and closed.
                        Dang, how did you make that connection :s I mean I know his initials are in his nick, but still!

                        It must be cool when you have your own wiki page! Can use some more content though ;)

                        http://en.wikipedia.org/wiki/Esmond_Pitt


                        Yeah its over EJP. Expect fanmail soon.
                        • 9. Re: RMI, NAT firewall, and callbacks
                          EJP
                          Stalkers beware, I have ways ... And secret friends...
                          • 10. Re: RMI, NAT firewall, and callbacks
                            925521
                            Wow, i´m sorry to hear that. I have a rmi server and client and i´m having this callback trouble too. Is there any way to solve it?

                            The thing is, my client fetches values from database in a 5 minutes interval. And the server uses client callback to fetch all that values from the client, also in a 5 minutes interval. In a single hostname i have a server and a client. This callback procedure is done successfully.

                            However, when i connect another client in another host to the server, this connection is done but when arrives the time to server to fetch values from all the two clients, the first client in the same host gives all the data in callback, but the seconds one fails.

                            Is it because of firewall? If i kill the firewall in both server and clients, does it work? Or is there any solution, making the client as a server?
                            • 11. Re: RMI, NAT firewall, and callbacks
                              EJP
                              the seconds one fails.
                              Fails how?
                              Is it because of firewall?
                              Impossible to say until you tell us how it fails.
                              If i kill the firewall in both server and clients, does it work?
                              I don't know, it's your firewall. Does it?
                              Or is there any solution, making the client as a server?
                              A callback is a server.

                              It sounds like a strange design. How come the client has the datase?, not the server? and why can't the client just push the database updates to the server? How can the server know when to callback the client to get more updates?
                              • 12. Re: RMI, NAT firewall, and callbacks
                                925521
                                EJP wrote:
                                the seconds one fails.
                                Fails how?
                                Well, the server can´t connect to client. That is, i have a server in 193.136.205.20 a a client in 193.136.205.20 (same host). The client connects to server and the server callback the client. I have another client in 193.136.205.128 and it connects do server too, but when the server callback this client, i have the exception "No connection to route host".
                                Is it because of firewall?
                                Impossible to say until you tell us how it fails.
                                If i kill the firewall in both server and clients, does it work?
                                I don't know, it's your firewall. Does it?
                                Or is there any solution, making the client as a server?
                                A callback is a server.
                                Yes, i understood that. I have expressed myself in a bad way. A callback is a server indeed. When i create the client callback object, i export it, creating the object and in the login method (existent in server) i send this object so the server adds it to a hashtable to callback later.
                                >
                                It sounds like a strange design. How come the client has the datase?, not the server? and why can't the client just push the database updates to the server? How can the server know when to callback the client to get more updates?
                                Well, i have a local database for each client and a large database in server. I said the clients fetch database just as a example. The real deal is that a client fetches values from devices that measure energy values (electricity, gas, water, temperature, etc...). It fetches all connected devices in 5 minutes interval and saves values in the local database. 3 minutes after that synchronize, the server fetches all connected clients for all values from all proxys (clients). This is done using callback. It´s why i have this design. I thought on pushing values to the server. And it´s an idea that could be implemented. But this is how my company wants this testing project implemented...

                                However i have managed to correct this error. I have tried with another host 193.136.205.106 and it connected to server and the server could callback it. I then assumed that the host 193.136.205.128 had firewall permission problems. I solved this, creating the server registry in port 1099 and fixed the object port to 2000. Then, everytime i create a client, i fixed the export callback object in port 2004. I have set the permissions in both firewalls (server and clients) to accept connections in por 1099, 2000 and 2004 and it functions all correctly!! =)

                                Thanks for the help.
                                • 13. Re: RMI, NAT firewall, and callbacks
                                  gimbal2
                                  922518 wrote:
                                  However i have managed to correct this error. I have tried with another host 193.136.205.106 and it connected to server and the server could callback it. I then assumed that the host 193.136.205.128 had firewall permission problems. I solved this, creating the server registry in port 1099 and fixed the object port to 2000. Then, everytime i create a client, i fixed the export callback object in port 2004. I have set the permissions in both firewalls (server and clients) to accept connections in por 1099, 2000 and 2004 and it functions all correctly!! =)
                                  Yeah, now try to maintain that mountain of knowledge or try to distribute it to other people. I'm pretty sure that when you implement this as a push-strategy, things become a whole lot simpler. But I'm an RMI noob, EJP will likely send me to stand in the corner again for saying that.
                                  • 14. Re: RMI, NAT firewall, and callbacks
                                    925521
                                    gimbal2 wrote:
                                    922518 wrote:
                                    However i have managed to correct this error. I have tried with another host 193.136.205.106 and it connected to server and the server could callback it. I then assumed that the host 193.136.205.128 had firewall permission problems. I solved this, creating the server registry in port 1099 and fixed the object port to 2000. Then, everytime i create a client, i fixed the export callback object in port 2004. I have set the permissions in both firewalls (server and clients) to accept connections in por 1099, 2000 and 2004 and it functions all correctly!! =)
                                    Yeah, now try to maintain that mountain of knowledge or try to distribute it to other people. I'm pretty sure that when you implement this as a push-strategy, things become a whole lot simpler. But I'm an RMI noob, EJP will likely send me to stand in the corner again for saying that.
                                    Of course ;) One thing i would like to be explained, is what the advantages/disadvantages of choosing a push strategy (where the client/proxy fetches values and automatically sends them to server) or the other way round that i have actually implemented (where the server callbacks all clients, one at a time, and fetches all values from each one)...
                                    1 2 Previous Next