Aaron Mulder wrote:
Which reminds me, does anyone have any thoughts on the possibility
and/or wisdom of multiplexing all network communication over a single
port? You know, HTTP, RMI, JNDI, IIOP, etc. all on the same port (sure, I
have 7001 in mind)? It makes it darn easy to configure, firewall, tunnel,
etc. at the cost of (I assume) quite a bit of complexity in terms of initially accepting the connection, figuring out the protocol, and sending it to the proper handler.
This is one of those things I always HATED about WebLogic, though, was that you couldn't feel confident about using the internal HTTP service without Apache or something in front of it because it did all coms over one port. That means I either *had* to have a freestanding webserver in front of it, or accept the fact that my firewall had to allow connections to the T3 port.
At least isolating HTTP (SMTP, etc) ports that someone may realistically want to have going through a firewall is important. Especially because many firewalls know how to inspect those service ports, and get really upset when they see RMI or other such traffic over them.
