Login/Register
JMX enabled Java application appears to open a random high order port when JMX client connects
Asked Answered
Solved javarandomportjmxfirewall
W

5

9

JMX enabled Java application appears to open a random high order port when JMX client connects

I have successfully configured a helloworld JMX enabled program, and I can connect to it using jconsole JMX client from a remote location.

When I attempt to turn on iptables I noticed that a random high order port is established when a client logs in. Eventually I would like to monitor Java applications in firewall segregated network segments. Can we control the range the random port opens in?

I'll move this question to serverfault.com if suggested.

Waters answered 23/8, 2011 at 15:2 Comment(4)
The port is established on client or server? If on client I suppose it's the client port bound to the server port...Caulescent
Interesting question you pose. The JMX client connects to the JMX server over a port defined by the server. After this happens another (random?) port opens and is used to communicate.Waters
So this port is on the client or on the server?Caulescent
This random port opens on the server hosting the JMX enabled application (server)Waters
I
4

It's possible to control the port used by RMI. See: http://olegz.wordpress.com/2009/03/23/jmx-connectivity-through-the-firewall/

This requires code and a command-line parameter. There's no way that I know of to do this without code (though the code can obviously be packaged in a different jar).

Islamite answered 23/8, 2011 at 17:45 Comment(1)
I found this blog post helpful as well blogs.oracle.com/jmxetc/entry/…Waters
I
7

Since Java 7u25 the RMI port can be changed with a system property:

-Dcom.sun.management.jmxremote.rmi.port=1234

See this answer for details.

Inexpert answered 5/8, 2015 at 8:13 Comment(0)
I
4

It's possible to control the port used by RMI. See: http://olegz.wordpress.com/2009/03/23/jmx-connectivity-through-the-firewall/

This requires code and a command-line parameter. There's no way that I know of to do this without code (though the code can obviously be packaged in a different jar).

Islamite answered 23/8, 2011 at 17:45 Comment(1)
I found this blog post helpful as well blogs.oracle.com/jmxetc/entry/…Waters
P
0

Random third port seems to be expected behavior https://bugs.openjdk.java.net/browse/JDK-8035404

Principality answered 21/3, 2016 at 14:26 Comment(0)
C
0

by the way, this third ephemeral port can be controlled too - https://www.paybackblog.de/java-jmx-how-to-finally-control-your-ports/

Carlyn answered 19/7, 2016 at 12:23 Comment(0)
C
0

A workaround is to set the RMI port the same as the JMX port; then only that one port needs to be open on the Firewall.

For example:

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

See Why Java opens 3 ports when JMX is configured?

Chorale answered 5/10, 2016 at 18:7 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.