9

JMX enabled Java application appears to open a random high order port when JMX client connects

I have successfully configured a helloworld JMX enabled program, and I can connect to it using jconsole JMX client from a remote location.

When I attempt to turn on iptables I noticed that a random high order port is established when a client logs in. Eventually I would like to monitor Java applications in firewall segregated network segments. Can we control the range the random port opens in?

I'll move this question to serverfault.com if suggested.

  • 1
    The port is established on client or server? If on client I suppose it's the client port bound to the server port... – home Aug 23 '11 at 15:06
  • Interesting question you pose. The JMX client connects to the JMX server over a port defined by the server. After this happens another (random?) port opens and is used to communicate. –  Aug 23 '11 at 15:15
  • So this port is on the client or on the server? – home Aug 23 '11 at 15:50
  • This random port opens on the server hosting the JMX enabled application (server) –  Aug 23 '11 at 16:02

5 Answers5

7

Since Java 7u25 the RMI port can be changed with a system property:

-Dcom.sun.management.jmxremote.rmi.port=1234

See this answer for details.

Community
  • 1
  • 1
hzpz
  • 7,536
  • 1
  • 38
  • 44
4

It's possible to control the port used by RMI. See: http://olegz.wordpress.com/2009/03/23/jmx-connectivity-through-the-firewall/

This requires code and a command-line parameter. There's no way that I know of to do this without code (though the code can obviously be packaged in a different jar).

nojo
  • 1,065
  • 6
  • 12
  • I found this blog post helpful as well http://blogs.oracle.com/jmxetc/entry/connecting_through_firewall_using_jmx –  Aug 23 '11 at 18:53
0

Random third port seems to be expected behavior https://bugs.openjdk.java.net/browse/JDK-8035404

Pushkar
  • 541
  • 4
  • 18
0

by the way, this third ephemeral port can be controlled too - https://www.paybackblog.de/java-jmx-how-to-finally-control-your-ports/

mnp
  • 3,282
  • 1
  • 14
  • 4
0

A workaround is to set the RMI port the same as the JMX port; then only that one port needs to be open on the Firewall.

For example:

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

See Why Java opens 3 ports when JMX is configured?

Community
  • 1
  • 1
LeslieM
  • 2,105
  • 1
  • 17
  • 8