[ https://issues.apache.org/jira/browse/KARAF-6955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315418#comment-17315418 ]
Grzegorz Grzybek commented on KARAF-6955: ----------------------------------------- I had problem after this change - {{jconsole}} stopped working and sample Java application ended with {{Connection refused}} exception. I did enjoyable analysis and I found that: * ports are opened on proper interfaces ({{::ffff:127.0.0.1}} in my case, which is an IPv6 address from _::ffff:0:0/96 CIDR_ that represents _Transition from IPv4_ address block) * I could connect to RMI Registry at port 1099 and even obtain {{karaf-root}} object from there, which: ** is of {{javax.management.remote.rmi.RMIServer}} interface ** is of {{javax.management.remote.rmi.RMIServerImpl_Stub}} implementation The problem is that this stub contains: {noformat} ref: java.rmi.server.RemoteRef = {sun.rmi.server.UnicastRef2@1918} ... ref: sun.rmi.transport.LiveRef = {sun.rmi.transport.LiveRef@1925} "[endpoint:[192.168.0.38:44444](remote),objID:[2f23195f:178a6a29327:-7ffa, 4962682433218761153]]" ep: sun.rmi.transport.Endpoint = {sun.rmi.transport.tcp.TCPEndpoint@1927} "[192.168.0.38:44444]" host: java.lang.String = "192.168.0.38" port: int = 44444 (0xAD9C) {noformat} The problem is that when {{RMIServerImpl_Stub}} is created *at server side* by karaf.management.server bundle, the bind address of this remote object is NOT taken from {{rmiServerHost}} property of {{org.apache.karaf.management}} PID. It's taken from (top to bottom): * sun.rmi.transport.tcp.TCPEndpoint#getLocalEndpoint() * java.net.InetAddress#getLocalHost() * java.net.InetAddressImpl#getLocalHostName() * java.net.InetAddress#getAddressesFromNameService() * java.net.Inet6AddressImpl#lookupAllHostAddr() * getaddress() libc method * /etc/hosts The way to solve this is to set {{java.rmi.server.hostname}} system property to 127.0.0.1, so the Stub contains proper address. > JMX: With rmiRegistryHost = 127.0.0.1, Karaf should listen only on 127.0.0.1 > ---------------------------------------------------------------------------- > > Key: KARAF-6955 > URL: https://issues.apache.org/jira/browse/KARAF-6955 > Project: Karaf > Issue Type: Bug > Components: karaf > Affects Versions: 4.2.9 > Reporter: Martin Lichtin > Assignee: Jean-Baptiste Onofré > Priority: Major > Fix For: 4.2.11, 4.3.1 > > > JMX - with rmiRegistryHost = 127.0.0.1 Karaf should listen only on 127.0.0.1 > However, Karaf listens on 0.0.0.0 which opens up access to the network. > {noformat} > > config:list "(service.pid=org.apache.karaf.management)" > ---------------------------------------------------------------- > Pid: org.apache.karaf.management > BundleLocation: ? > Properties: > daemon = true > felix.fileinstall.filename = > file:mykaraf/etc/org.apache.karaf.management.cfg > jmxRealm = karaf > jmxmpEnabled = false > jmxmpHost = 127.0.0.1 > jmxmpObjectName = connector:name=jmxmp > jmxmpPort = 9999 > jmxmpServiceUrl = service:jmx:jmxmp://127.0.0.1:9999 > objectName = connector:name=rmi > rmiRegistryHost = 127.0.0.1 > rmiRegistryPort = 25031 > rmiServerHost = 127.0.0.1 > rmiServerPort = 25041 > service.pid = org.apache.karaf.management > serviceUrl = > service:jmx:rmi://127.0.0.1:25041/jndi/rmi://127.0.0.1:25031/karaf-mykaraf > threaded = true > {noformat} > Using netstat one can see the listen address is not 127.0.0.1: > {noformat} > $ netstat -n -l -t|grep 25031 > tcp 0 0 0.0.0.0:25031 0.0.0.0:* LISTEN > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)