Thursday, November 15, 2012

To Enable Broker Connections Through a Firewall

The network/OS team here in Bangkok is really on the ball. Really!

Besides a strictly configured firewall between server zones, the system administrators even have iptables enabled on each machine. This is to say, even if all my OpenAM servers are in the same zone, they are not able to communicate with each other!!

This is annoying. So I have to submit all ports that I want them to allow and to explain the usage of each port. (yes, more paper work!).

Nevertheless, once the ports are enabled, the 5 OpenAM servers are now able to communicate and work as a site. Cool!

But today, when I configure AM Session Failover, I was not too lucky.

I kept getting the following errors:


2012-11-15 15:46:46,583 WARNING [javax.jms] (main) [C4003]: Error occurred on connection creation [192.168.1.117:41612]. - cause: java.net.NoRouteToHostException: No route to host
2012-11-15 15:46:49,586 WARNING [javax.jms] (main) [C4003]: Error occurred on connection creation [192.168.1.116:52916]. - cause: java.net.NoRouteToHostException: No route to host

Very strange! I am damn sure I have requested port 7676 to be opened. That is the port I have assigned to the Java Message Queue on each node.

Until I saw this ... 


So, lesson learnt:

1. Port 7676 is only the Message Queue PortMapper port
2. The actual port used for communication is the JMS port (in this case, port 10234)

Careless me ...

.


No comments:

Post a Comment