Debugging RMI connection

Question

I know slightly similar questions have been answered to this, but I have read those and I am still having troubles.

I have a server and a client using RMI to connect to each other. The client is at University, and the server is at home. It was done this way around because I have full control of any firewall at home, but not at University, and I felt this would give me the best chance of it working.

I tested them using "localhost" whilst on the same machine and that was fine (both home and uni). I then moved the server onto a VM on my home machine which is running Windows Server 2012. I can remote desktop to that VM as it is set up as a bridged connection and port forwarding is set up. I also forwarded port 1099. The server has right at the top of the main this:

System.setProperty("java.rmi.server.hostname", "localhost");
setRegistry(LocateRegistry.createRegistry(1099));
System.setSecurityManager(new RMISecurityManager());
Naming.rebind("rmi://localhost/" + AUTH_OBJECT_BINDING, server);

The security manager uses a security.policy file which has in it, for now:

grant {
        permission java.security.AllPermission;
};

When I try to connect my client to the server, having replaced "localhost" in the naming lookup on the client with my home IP, and having allowed java through the firewall and set up port forwarding, I get this:

java.rmi.ConnectException: Connection refused to host: xxx.xxx.xxx.xxx; nested exception is: 
    java.net.ConnectException: Connection timed out: connect

Where xxx.xxx.xxx.xxx is my correct home IP address.

So, to test where the problem was, I ran the client on the servers VM, but instead of using localhost I used my external IP. This connected and worked. Therefore, as I can connect using my external IP (starting 217.137...) I think the server is accepting connections fine.

I think this means there is a problem with outbound connections from the University. Is that the only problem this could be? I want to rule everything out. Unfortunately I don't have access to another network which isn't home or uni, but testing using my external IP from home should be the same.

If that is the case, I can set up an SSH server on my home machine which I know works from within the university, and perhaps use putty and tunneling, any guidance on that, or if it's even possible would really help.

Just to be clear, my question is in two parts: 1) Is it likely to be an outbound rule at the university stopping me connecting to my server. 2) If it is, how I can I set up tunelling to work with RMI?

Any help is really appreciated.

Answer 1

I got the same problem which the lookup works but remote invocation failed. My env is little bit different. My RMI application is running on k8s and my code doesn't have any problem on window. But when I deployed the application to k8s, the remote invocation failed. It was painful to find the root cause. Finally I found this page and ThePerson mentioned to add super(1099) to all of the classes which derived from UnicastRemoteObject. That totally solved my problem. Hope it helps others who want to deploy RMI application on k8s.

Answer 2

System.setProperty("java.rmi.server.hostname", "localhost");

This will never work. It needs to be set to the public IP or hostname of your server, via which you can reach it over the Internet.

What you've done here is force every stub to contains 'localhost' as its target address, which will work if the clients are in the same localhost as the servers, but not otherwise. It needs to be something that the client can use to connect to the server.

You also need to export your remote objects on port 1099, via super(1099) in the usual case, and that in turn means you have to run the Registry via LocateRegistry.createRegistry(), making sure to store the result in a static variable so it won't be garbage-collected.

Answer 3

I don't have any specific documentation on hand, but as far as I'm aware RMI does not work well with NAT.

I'm assuming you're still able to connect to the server from inside your network as your router uses nat loopback.