远程访问JMX遇到连接不上的问题(JConsole和VisualVM工具类似)

java.rmi.ConnectException: Connection refused to host: 10.88.112.165; nested exception is:
java.net.ConnectException: Connection timed out: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:102)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 10 more
java.rmi.ConnectException: Connection refused to host: 10.88.112.165; nested exception is:
java.net.ConnectException: Connection timed out: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:274)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 11 more
Exception in thread "main" java.lang.NullPointerException
at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:278)
at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
**********************************************
【问题】
telnet 10.88.112.165 1100是ok的,但是远程通过客户端连接jmx时,访问不到,只有关闭防火墙,才可以访问到,

防火墙的配置规则,应该怎么配?==>
*********************
【分析】
问题状态:
1、通过netstat查看端口号,显示1100为LISTEN;监听是正常的;
2、iptables中已经将端口号1100置为开放的;
3、远程通过telnet <ip> <port>时,telnet是正常的;
4、(但是)通过jconsole <ip> <port>进行连接时,连接不上;
5、(如果)关闭firewall的话,第4步的方式是可以成功的;
***********************
【解答】
In addition to listening to the port you specified (1100) the JMX server also listens to a randomly chosen (ephemeral) port.
Check, e.g. with lsof -i|grep java if you are on linux/osx, which ports the java process listens to and make sure your firewall is open for the ephemeral port as well.

除了JMX server指定的监听端口号外,JMXserver还会监听一到两个随机端口号,
可以通过命令:lsof -i|grep java |grep <pid> 来查看当前java进程需要监听的随机端口号,
///////////begin////////
# netstat -tupln |grep 1101
tcp        0      0 0.0.0.0:1101                0.0.0.0:*                   LISTEN      13997/java        
# lsof -i|grep 13997
java      13997    root    9u  IPv4 132890      0t0  TCP *:37040 (LISTEN)
java      13997    root   70u  IPv4 132891      0t0  TCP *:pt2-discover (LISTEN)
java      13997    root   72u  IPv4 132892      0t0  TCP *:40085 (LISTEN)
java      13997    root   76u  IPv4 146976      0t0  TCP hotnamea:61618->10.88.146.205:49165 (ESTABLISHED)
java      13997    root   84u  IPv4 132904      0t0  TCP *:61618 (LISTEN)
java      13997    root   95u  IPv4 132936      0t0  TCP *:8163 (LISTEN)
///////////end//////////
并且把这些端口号也放到iptable中,置为开放状态。

【小结】这也证明了尽管jmx server的主监听端口号【1100】已开放,但是远程连接时,还是访问不到,只有关闭firewall,才可以远程jmx连接上。
【建议】因为随机短口号是Java进程启动后,OS随机分配给jmxserver的,如果可以关闭firewall就选择关闭,否则,需要每次在server就绪后,监测到随机
         端口号,并把它们配置到iptables中,置为开放状态。
【注意】每个Jmxserver还需要两个随机端口号。
*********************

你可能感兴趣的:(java,jvm,JConsole,jmx)