Discussions

EJB programming & troubleshooting: EJB Server to EJB Server Communication Behind Firewall

  1. Hi,

    Is it possible for a EJB server behind a firewall to contact another EJB server directly behind another firewall forming a P2P network topology without another server in-between. These firewalls are erected by ISPs and the IP addresses for these servers are assigned dynamically so there are no way of knowing what IP address to connect to, even if it's possible to do that over the firewall.

    My guess is that this is possible because of clients like Gnutella but I wonder how it is implemented. Anyone can shed some lights on how I can implement this using Java.

    Ben
  2. ben,

    i dont think there shud be any problem in letting two EJB servers communicate behind firewalll, as long as those firewalls have the appropriate sockets/protocols opened/enabled for communication. also as long as your routers/gateways/DNS are aware of the existence of the server beyond their own domain. also make sure that the appropriate server EJB stubs are present on the client EJB server.

    however i dont comprehend why wud anyone assign dynamic IP addresses to their web/application servers. in fact most of the application/web servers dont let u do that, i know iPlanet for one. application servers are supposed to be assigned static addresses. coz then u will get into problems of ur routers/gateawys/DNS not being aware of the server IP across the network. i know of protocols(push/pull/RIP) which exist which have a work around for dynamic IP addresses, but i m not sure bout that.

    kapil
  3. This is likely to be problematic if you have dynamic IP addresses.

    Most firewall policies do NOT use host names in their rules, specifically to avoid problems with DNS spoofing.

    Also, you would require a lot of ports to be open in order to use the default protocols. You could tunnel your remote calls over HTTP but you cannot use callbacks if you do that (which you shouldn't do anyway if you're steering clear of re-entrance problems)

    There is nothing to stop you putting static routes on the servers to tell them how to get to other host but that leaves you with little to no fault tolerance.

    Basically, you are likely to have a problem doing this, sorry. :-(

    Your best bet here is to form a VPN between the servers, then you don't care about any of this stuff.

    Chz

    Tony