[英]Access RMI Port from remote using iptables
I want to access an RMI-Service from a remote Server. 我想从远程服务器访问RMI服务。 Locally everything works fine.
在本地,一切正常。 But from the remote side i get the following exception:
但是从远程方面,我得到以下异常:
java.net.ConnectException: Connection timed out
java.net.ConnectException:连接超时
I used IP-Tables, that the server believes the request comes to 127.0.0.1 and not to the public ip address xx.yy.zz 我使用IP表,服务器认为请求来自127.0.0.1,而不是公共IP地址xx.yy.zz
iptables -t nat -A PREROUTING -p tcp -d xx.yy.zz --dport 1099 -j DNAT --to-destination 127.0.0.1:1099
iptables -t nat -A PREROUTING -p tcp -d xx.yy.zz --dport 1099 -j DNAT --to-destination 127.0.0.1:1099
The server is started with "-Djava.rmi.server.hostname=127.0.0.1" as JVM-Argument. 服务器以“ -Djava.rmi.server.hostname = 127.0.0.1”作为JVM参数启动。
Regards, Markus 问候,马库斯
For me this looks like misuse of iptables. 对我来说,这似乎是滥用iptables。 Do the following:
请执行下列操作:
$iptables -A INPUT -p tcp --dport 1099 -j ACCEPT$ iptables -A输入-p tcp --dport 1099 -j接受
I suspect the DNAT only changes the destination of the packet, rather than the source. 我怀疑DNAT只会更改数据包的目的地,而不是源。 Wouldn't it make a lot more sense to make the RMI server accept packets from a trusted LAN or VPN, instead of trying to rewrite the packets using iptables?
使RMI服务器接受来自受信任的LAN或VPN的数据包,而不是尝试使用iptables重写数据包,是否更有意义?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.