Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Firewall tunneling  RSS feed

 
paul wheaton
Trailboss
Posts: 22255
Firefox Browser IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone give me an idea of how firewall tunneling works for, say, RMI?
 
Tim Uckun
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't quite understand what you are asking. Are you wondering how RMI can penetrate firewalls or how http tunneling works with RMI. Configuring a firewall to accept RMI is fairly straightforward just open up the port (I forget the port number off the top of my head).
Http tunneling on the other hand is a bit more complicated. From what I have read it's more practical to do text streams over http get or post requests. It <bold>is</bold> possible to serialize an object and pass the object to the client using http but the client has to be running JDK 1.1 or better. Once the object is on the client then you can use it like any other object.
Here is what I have done using my feeble understanding. There is an old piece of software called java-CGI-bridge on the net. All this software does is to simulate a POST to a given URL. I wrote a wrapper around this object using public methods. I then embed this applet in a HTML page. I call the public methods from javascript! You can actually pass java objects to javascript this way it's too cool. In essence I create scriptable objects in java that do the communication to the server. I wish I understood threads a bit better I think I could make it better.
Of course as with all web projects this will only work on browsers which support scripting of the applet tags. Almost all version of NS, IE4+ and nothing on a Mac (the JVM is not scriptable on a Mac).
 
paul wheaton
Trailboss
Posts: 22255
Firefox Browser IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
RMI generally uses port 1099. Supposing that that port is blocked by a firewall, the RMI would have to try to mash its way through port 80 which is being served by a web server. Right?
So the RMI client would send an HTTP GET command to port 80, probably specifying some CGI program and passing some parameters (the RMI data mashed into hideous text). The CGI program will then decipher the hideous text and convert it to the proper RMI cliend call and pass it to the RMI server.
Yes?
 
Tim Uckun
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes and no. That is yes what you describe can be made to happen but does not need to. If you subsitute a servelet for the CGI the servelet can actually create a java object (whatever it may be) and then serialize it and pass it over to the client as binary data. the client then "de-serializes" it and voila objects passed over http!. This could be very powerful when you think about it.
If the servlet is also an RMI server then it can create the stub and the skeleton. It can pass the stub over to the client which can then manipulate the remote object (if the RMI port is open).
If the port is closed then RMI is pretty much out of the question and you will have to deal with either text or serialized objects being passed around.
IMHO it is best to deal with text. I have created an API of sorts. So the server CGI gets a request like command=1&data=somestring and it executes what ever the 1 comand is passing the somestring parameter to it. The return value is allways x,somestring where x is an exit status and somestring is the meat of the result. Sometimes I use simple XML like structures ( < double > 2.0 < /double > ) other times I just send over data like this 1|2|3~1|2|3 to represent a recordset. I kind of used WDDX http://www.wddx.org as a basis for my XML specs. Also there are some cool white papers at inprise http://www.borland.com/jbuilder/papers/jb2servlet/ if you have time to read white papers.
I have been able to do all of this using very minimal knowledge of JAVA (feeble at best!). I just use JAVA as a bridge and rely on Cold Fusion on the server which I know well and javascript on the client.

[This message has been edited by Tim Uckun (edited September 15, 1999).]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!