[
https://issues.apache.org/jira/browse/ARTEMIS-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491295#comment-17491295
]
Ning Kang commented on ARTEMIS-3681:
------------------------------------
Hi,Justin Bertram, thank you very much for your kind comment.
We are using artemis version 2.20, not the classic activemq. The reason i put
the reference from ibm is because this is the only location I found the
description for the ports used by artemis, especially the 3rd port. Artemis
website does not mention this.
Yes, we have defined in broker.xml for which port to use for listening, and has
opened the firewall for this port. However, for the 3rd port, it is a random
port, we cannot open a range of ports for this. On Monday I will contact with
our security team to check the firewall rules for ephemeral ports.
I have tried to add the localPort in the broker.xml and restarted artemis.
However, from the broker's log, I saw that the broker still tried to use a
random port to connect to the client. I also tried to add this localPort into
connector element in broker.xml, and get the same result.
<acceptors>
<acceptor
name="netty-acceptor">tcp://[0.0.0.0:1414?localPort=1414|http://0.0.0.0:1414/?localPort=1414]</acceptor>
</acceptors>
> Add the function to define a static port for artemis to connect with client
> ---------------------------------------------------------------------------
>
> Key: ARTEMIS-3681
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3681
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.20.0
> Reporter: Ning Kang
> Priority: Blocker
>
> Artemis uses 3 ports - 61616 , 8181 and a random port.
> # 61616 is the activemq port which is connected by PCMD(Platform Cluster
> Manager core daemon).
> # 8161 is the internal port used by activemq NIO(Non-Blocking IO)
> communication.
> # Any random port like 37551, 35134 etc. : This port is used to communicate
> with already connected clients.
> The first 2 ports can be changed, but the last random port cannot be changed.
> This will bring a problem in a firewall situation because it is very
> difficult to open a rang of firewall ports for the 3rd port due to security
> reasons.
> So the question is: is it possible to define a static port for the 3rd one,
> or disable the usage of the 3rd port? If not, then it will be very helpful to
> add this function.
> If we do not open the 3rd port on firewall, then it is not possible to make
> the connection, and the artemis server log will show this error in below. The
> ip of 111.127.116.95 is the client ip.
> {noformat}
> 2022-02-10 18:16:34,047 WARN [org.apache.activemq.artemis.core.client]
> AMQ212037: Connection failure to /111.127.116.95:55818 has been detected:
> AMQ229014: Did not receive data from /111.127.116.95:55818 within the
> 60,000ms connection TTL. The connection will now be closed.
> [code=CONNECTION_TIMEDOUT]{noformat}
> References:
> * [https://www.ibm.com/support/pages/ports-used-activemq-hpc]
> * [https://www.ibm.com/support/pages/change-default-ports-activemq]
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
