Hi Jon,
I think it should work as written, but it would be worth trying out.
With the SOCKS proxy enabled in VisualVM, any time it wants to make a
TCP connection to a host:port, it should instead ask the SOCKS proxy.
So to connect to theserver:10001, for example:
* VisualVM connects to the SOCKS proxy on localhost:1080 and asks it
to connect to theserver:10001.
* The local SSH client receives the request and sends it to the remote
side.
* The remote SSH daemon opens a connection to theserver:10001 (which
is now a loopback connection, since the remote SSH daemon is running
on "theserver").
* SSH links up the two connections--piping data sent between VisualVM
(via the SOCKS proxy) and theserver:10001.
So with connections to all three ports, VisualVM would hold open three
connections to the SSH SOCKS proxy. On the remote side, the SSH daemon
would hold open three connections (to ports 10000-10003), and all three
are linked together by SSH.
But from the point of view of the firewall, there's just one SSH
connection here. All other connections are just loopback connections
being sneakily tunnelled over the SSH link.
That's my understanding anyway. Hopefully it matches what you see in
reality :)
Mark
Jonathan Felder <fel...@media.berkeley.edu> writes:
> The issue here is we want the view jstatd plus jmx on two apps for a
> total of 3 connections. As far as I know this only works for a single
> connection, no?
>
> If I'm wrong, how do you configure this work with say jstatd running
> on port 10000, and jmx opening up on 10001 and 10002?
>
> --
> Jon
>
> On 6/5/12 2:00 PM, Mark Triggs wrote:
>> Hi John,
>>
>> I wondered if using an SSH SOCKS proxy might do the job. Something like
>> this works on my local network with some local firewall rules blocking
>> all TCP packets but the SSH ones to my server:
>>
>> On the server running the JVM, start up jstatd as normal:
>>
>> $ sudo su -
>>
>> # cat> jstatd.all.policy<<EOF
>> grant codebase "file:${java.home}/../lib/tools.jar" {
>> permission java.security.AllPermission;
>> };
>> EOF
>>
>> # jstatd -J-Djava.security.policy=$PWD/jstatd.all.policy
>> -J-Djava.rmi.server.logCalls=true
>>
>>
>> Then on the client you'll be running VisualVM from, open an SSH SOCKS
>> proxy:
>>
>> $ ssh -N -D 1080 server.example.com
>>
>> Leave that running in one window, then start VisualVM in another with
>> some tricky switches for using the SOCKS proxy
>> (nicked from http://labs.skiinfo.com/?p=77):
>>
>> $ jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:1080
>> -J-Djava.net.useSystemProxies=true
>>
>> With those switches, I was able to "Add remote host" through VisualVM
>> and connect to the JVMs running on my server.
>>
>> Cheers,
>>
>> Mark
--
Mark Triggs
<m...@dishevelled.net>
_______________________________________________
oae-dev mailing list
oae-dev@collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/oae-dev
