NAT Problems
Problem
When a CORBA service is running on a node that has a private and public IP address, the IOR seems to contain the private IP which means it cannot be found from outside clients
Solution
I read this article on http://osdir.com/ml/corba.jacorb.devel/2005-11
Hi,
We are currently looking to use JacORB but have hit a problem when our (Solaris) server is behind a NATing firewall.
As you might expect, the IORs end up containing the internal IP address (10.10.*.*) which of course the external client can not connect to.
Now, I realise there is an option to use the "jacorb.ior_proxy_host" property but the problem with this is that it seems to always try to resolve the address.
What I would really like to do is set the proxy_host property to the hostname of the machine, but if I do that then as soon as I start the naming service, it appears to resolve the Hostname to the internal IP
and break the IORs again.
If I set the proxy_host property to be the external IP of the machine, then it appears to try to look up that external IP and then the service refuses to start, giving the following exception:
[jacorb.iiop.listener] WARN : Cannot assign requested address
org.omg.CORBA.INITIALIZE: Could not create server socket vmcid: 0x0
minor code: 0 completed: No
at
org.jacorb.orb.iiop.IIOPListener$Acceptor.createServerSocket(Unknown
Source)
at org.jacorb.orb.iiop.IIOPListener$Acceptor.init(Unknown
Source)
at org.jacorb.orb.iiop.IIOPListener.configure(Unknown Source)
at org.jacorb.orb.etf.FactoriesBase.create_listener(Unknown
Source)
at org.jacorb.orb.BasicAdapter.configure(Unknown Source)
at org.jacorb.orb.ORB.getRootPOA(Unknown Source)
at org.jacorb.orb.ORB.resolve_initial_references(Unknown Source)
at org.jacorb.naming.NameServer.main(Unknown Source)
I must be missing something obvious. Any ideas as to what I can do to just force JacORB to insert the hostname, or the external IP address into the IOR?
Thanks
Simon.
Here is the conversation thread
Hi Simon,
For the first part, Try adding the property jacorb.dns.enable=off to your property set. That way the ORB won't try to resolve the hostname.
For the second part, can you tell me the version of JacORB you are using? I recently made some changes to the nature of the ior_proxy* properties which may be affecting you.
Regards,
Phil
==================================================================================================================================================================
Hi Phil, thanks for your reply.
I'll give the dns.enable property a go and let you know.
As for the version, we're using 2.2.2.
Thanks,
Simon.
==================================================================================================================================================================
Phil,
It appears that the jacorb.dns.enable defaults to false anyway. Yet even with it explicitly set to false, I'm still seeing the IP address in the IOR (using ethereal to peek at the network traffic): IIOP::Profile_host: 10.0.6.82
Though both my "OAIAddr" and "jacorb.ior_proxy_host" are set to the hostname of the server.
I'll admit to being pretty new to all this... Hopefully Im just missing something obvious ;)
Simon.
==================================================================================================================================================================
The property jacorb.dns.enable actually has a slightly different meaning. "on" means your IORs will contain symbolic DNS names, and "off" means they will contain numeric addresses. If the property is
"on" and you specify a DNS name in OAIAddr, then that name will be copied verbatim into your IORs. But if you specify a numeric IP in OAIAddr, it will be turned into a DNS name using a reverse lookup first.
So, in your scenario, you could either set jacorb.dns.enable=off and specify the exact IP address you want in the IOR in OAIAddr, or you could set jacorb.dns.enable=on and specify the DNS hostname in OAIAddr, which would then be copied directly into your IOR without a DNS lookup.
Hope this helps,
Andre
Related articles