JMX Connections Through a Firewall
If a JMX client application needs to connect to a broker that is located behind a firewall, the broker must be configured to use fixed JMX ports so the firewall can, in turn, be configured to allow traffic on these ports. The relevant ports are the following:
-
The port used by the JMX connector. The property used to configure this port is imq.jmx.connector.connectorName.port, where connectorName can be jmxrmi or ssljmxrmi.
-
The port used by the RMI registry, if any. The property used to configure this port is imq.jmx.rmiregistry.port. The equivalent command line option for imqbrokerd is -rmiRegistryPort.
Once these ports are specified, configure the firewall to allow traffic on these ports.
Example D–3 JMX Configuration for Firewall When Not Using a RMI Registry
The following example starts a broker with no RMI registry and a jmxrmi connector on port 5656 on a host called yourhost, as follows:
# imqbrokerd -Dimq.jmx.connector.jmxrmi.port=5656
The resulting JMX service URL is:
service:jmx:rmi://yourhost:5656/stub/rO0ABdmVyLlJlpIDJy== |
The JMX service URL shows the connector port. In this case, you need to configure the firewall to allow traffic only on port 5656.
Example D–4 JMX Configuration for Firewall When Using an RMI Registry
The following example starts a broker with an RMI registry on port 1098 and a jmxrmi connector on port 5656 on a host called yourhost, as follows:
# imqbrokerd -startRmiRegistry -rmiRegistryPort 1098 -Dimq.jmx.connector.jmxrmi.port=5656
The resulting JMX service URL is:
service:jmx:rmi://yourhost:5656/jndi/rmi://yourhost:1098
/yourhost/7676/jmxrmi
|
The JMX service URL shows both these ports. You need to configure the firewall to allow traffic on ports 1098 and 5656.
- © 2010, Oracle Corporation and/or its affiliates