Product: OpenFusion JacORB

Version: 2 and above

Description:

How to access a simple persistent server through a firewall?

Solution:

There are a number of different firewall configurations which could apply:

1. Client talks to the server on port x, the firewall uses NAT to translate the address to another one which the server is actually on.

In this situation the jacorb.ior_proxy_port property should be used, i.e in the jacorb.properties file:

jacorb.use_imr=off
jacorb.ior_proxy_port=52001

2. There is a hole in the firewall which allows the client and server to talk to each other on a fixed port.

In this situation where everything is running on a fixed port, then the OAPort option should be used, i.e in the jacorb.properties file:

jacorb.use_imr=off
OAPort=52001

3. You could also use the PortRange factories if you want to use a specific range of ports. You will find the configuration settings for these in the socket factory section of the jacorb.properties file:

# A factory design pattern is used for the creation of sockets and server sockets.
# The jacorb.net.socket_factory property can be used to configure
# a socket factory that must implement the operations defined in the
# interface org.jacorb.orb.factory.SocketFactory.
# The jacorb.net.server_socket_factory property can be used to configure a
# server socket factory that must implement the operations defined in the
# interface org.jacorb.orb.factory.ServerSocketFactory.
#
#jacorb.net.socket_factory=org.jacorb.orb.factory.DefaultSocketFactory
#jacorb.net.server_socket_factory=org.jacorb.orb.factory.DefaultServerSocketFactory
#jacorb.net.socket_factory=org.jacorb.orb.factory.PortRangeSocketFactory
#jacorb.net.server_socket_factory=org.jacorb.orb.factory.PortRangeServerSocketFactory
#
# Additional socket factores are supported that allow for the configuration
# of maximum and minimum port numbers that can be used. This can be used to
# enable firewall traversal via a fixed port range. To use these socket factories
# configure one or both of the following property pairs. The first property pair
# configures the client socket factory and the second pair the server socket
# factory.
#
#jacorb.net.socket_factory.port.min
#jacorb.net.socket_factory.port.max
#jacorb.net.server_socket_factory.port.min
#jacorb.net.server_socket_factory.port.max

4. In JacORB 2.3 there is more support for proxy addresses in the IOR. You will find the configuration properties for this in the Proxy Address in the IOR section of the jacorb.properties file:

# Some times it is necessary to present an endpoint alias in an IOR
# to allow clients outside a firewall to get a connection to a server
# that is behind a NAT'ing firewall.
#
# WARNING: this is just "dumb" replacing, so you
# have to take care of your configuration!
#

# The general form of this address is <protocol key>://<address>
# The protocol key in the address must match the protocol(s) used by
# the server. See the section on configuring Transport Factories for
# information on loading specific protocols.
#jacorb.ior_proxy_address=iiop://1.2.3.4:4711

# Deprecated IIOP-specific form:
# with these two properties it is possible to
# tell the ORB what IP/port IORs should contain,
# if the ServerSockets IP/port can't be used
# (e.g. for traffic through a firewall).
#
# WARNING: this is just "dumb" replacing, so you
# have to take care of your configuration!
#

#jacorb.ior_proxy_host=1.2.3.4
#jacorb.ior_proxy_port=4711

More information on all these options can be found in the JacORB Programming Guide which is in the docs/JacORB/pdf directory in the installation.

5. You can obtain a third party product to handle the firewall for you, for example the Xtradynes DBC product.