java.net.ConnectException: Connection timed out: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:102)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.
at java.net.Socket.
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 10 more
java.rmi.ConnectException: Connection refused to host: 10.88.112.165; nested exception is:
java.net.ConnectException: Connection timed out: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:274)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.
at java.net.Socket.
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 11 more
Exception in thread "main" java.lang.NullPointerException
at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:278)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
**********************************************
【问题】
telnet 10.88.112.165 1100是ok的,但是远程通过客户端连接jmx时,访问不到,只有关闭防火墙,才可以访问到,
防火墙的配置规则,应该怎么配?==>
*********************
【分析】
问题状态:
1、通过netstat查看端口号,显示1100为LISTEN;监听是正常的;
2、iptables中已经将端口号1100置为开放的;
3、远程通过telnet
4、(但是)通过jconsole
5、(如果)关闭firewall的话,第4步的方式是可以成功的;
***********************
【解答】
In addition to listening to the port you specified (1100) the JMX server also listens to a randomly chosen (ephemeral) port.
Check, e.g. with lsof -i|grep java if you are on linux/osx, which ports the java process listens to and make sure your firewall is open for the ephemeral port as well.
除了JMX server指定的监听端口号外,JMXserver还会监听一到两个随机端口号,
可以通过命令:lsof -i|grep java |grep
///////////begin////////
# netstat -tupln |grep 1101
tcp 0 0 0.0.0.0:1101 0.0.0.0:* LISTEN 13997/java
# lsof -i|grep 13997
java 13997 root 9u IPv4 132890 0t0 TCP *:37040 (LISTEN)
java 13997 root 70u IPv4 132891 0t0 TCP *:pt2-discover (LISTEN)
java 13997 root 72u IPv4 132892 0t0 TCP *:40085 (LISTEN)
java 13997 root 76u IPv4 146976 0t0 TCP hotnamea:61618->10.88.146.205:49165 (ESTABLISHED)
java 13997 root 84u IPv4 132904 0t0 TCP *:61618 (LISTEN)
java 13997 root 95u IPv4 132936 0t0 TCP *:8163 (LISTEN)
///////////end//////////
并且把这些端口号也放到iptable中,置为开放状态。
【小结】这也证明了尽管jmx server的主监听端口号【1100】已开放,但是远程连接时,还是访问不到,只有关闭firewall,才可以远程jmx连接上。
【建议】因为随机短口号是Java进程启动后,OS随机分配给jmxserver的,如果可以关闭firewall就选择关闭,否则,需要每次在server就绪后,监测到随机
端口号,并把它们配置到iptables中,置为开放状态。
【注意】每个Jmxserver还需要两个随机端口号。
*********************