Dominic Mitchell wrote: > On 21 Aug 2008, at 09:25, Mark Thomas wrote: > >> Bill Davidson wrote: >>> I've been through the docs. I've been through Google. I can't seem >>> to figure this out. >>> >>> Server: Tomcat 6.0.18, JDK: 1.6.0_07, Redhat Server 5.2 >>> Client: jconsole from JDK 1.6.0_07 on Windows XP >>> >>> I've got all of these in $CATALINA_OPTS and they do show up in >>> the java command line when I run ps: >>> >>> -Dcom.sun.management.jmxremote >>> -Dcom.sun.management.jmxremote.port=12345 >>> -Dcom.sun.management.jmxremote.ssl=false >>> -Dcom.sun.management.jmxremote.authenticate=false >>> >>> The Redhat server is running iptables and disallows most things that >>> aren't 80/443. Any other ports that are needed are generally opened >>> up only to specific IP's. >>> >>> I've opened up the JMX port specified above on the Linux firewall: >>> >>> iptables -A INPUT -s myClientsIp -p tcp -m tcp --dport 12345 -j ACCEPT >>> >>> I run jconsole: >>> >>> C:\PathToJava\bin>jconsole myServer.myDomain.com:12345 >>> >>> It can't make the connection. I've got a feeling it's something to >>> do with >>> the firewall. I've seen some stuff that suggests that there's another >>> unspecified port opened up but it didn't really make sense to me. >>> >>> Note that the server and the client are at different facilities >>> connected >>> over the internet which is why I eventually want to get it going with >>> authentication and SSL but I can't even get this simple insecure >>> version of the connection to work. >> >> Add some logging to your firewall configuration to see what is being >> dropped. > > That should help, but it's likely to be a different port in use each > time. Because JMX uses RMI by default, and RMI uses two ports: a fixed > port to initiate the connection and then a secondary (random) port for > data transfer. This is a real pain to get working.
There are tricks you can play with iptables to allow that. The down-side is that it isn't as secure. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]