| Author |
Message
|
| onward |
 Posted: Fri May 23, 2003 12:51 pm Post subject: Is there a way to restrict the port in Java MQ client? |
 |
|
Newbie
Joined: 23 May 2003
Posts: 3
|
We're trying to use the MQ java client through a firewall that forces us to use port 1414 for both the MQ client and server. Our IS dept. doesn't want to open up the firewall any more than this.
With our C-based MQ client we simply set the environment variable MQTCPSDRPORT=1414,1414 and everthing worked fine. We want to switch our client code to java since it interfaces better with Oracle. (Pro*C is a major headache.)
Is there a java equivalent to this that will restrict the client port to a specified port number or range of ports? If not, is IBM planning on adding this to the MQ java client in the future? Would a proxy server solve the problem?
The fact that the MQ client picks a random port is not very firewall friendly.
TIA,
Owen |
|
| Back to top |
|
 |
| bower5932 |
| Posted: Tue May 27, 2003 10:29 am Post subject: |
|
|
Jedi Knight
Joined: 27 Aug 2001
Posts: 3023
Location: Dallas, TX, USA
|
| There is no way to configure the java tcp/ip port like you do in C. I know that this is already a requirement that has been added to the MQ requirements database. |
|
| Back to top |
|
|
| dlamond |
| Posted: Tue May 27, 2003 10:38 am Post subject: |
|
|
Newbie
Joined: 28 May 2002
Posts: 9
Location: Montreal
|
I'm not sure I understand the concern here, what about using :
MQEnvironment.hostname = host_name
MQEnvironment.channel = channel_name
MQEnvironment.port = port_number
this in your java code. Of course if your using JMS it won't work.
_________________
Daniel Lamond
IBM Certified Specialist MQSeries
IBM Certified Specialist MQSeries Integrator |
|
| Back to top |
|
|
| onward |
| Posted: Tue May 27, 2003 11:48 am Post subject: |
|
|
Newbie
Joined: 23 May 2003
Posts: 3
|
| dlamond wrote: |
I'm not sure I understand the concern here, what about using :
MQEnvironment.hostname = host_name
MQEnvironment.channel = channel_name
MQEnvironment.port = port_number
this in your java code. Of course if your using JMS it won't work. |
The problem is that the MQ java client picks a random port for itself when it connects to the MQ server via port 1414. So all traffic back to the client will go to the randomly assigned port, not 1414. Our firewall wants the return traffic to go back through 1414 also. The C client supports limiting the client port to a range of ports or a single port. The java client doesn't. |
|
| Back to top |
|
|
| onward |
| Posted: Tue May 27, 2003 11:56 am Post subject: |
|
|
Newbie
Joined: 23 May 2003
Posts: 3
|
| bower5932 wrote: |
| There is no way to configure the java tcp/ip port like you do in C. I know that this is already a requirement that has been added to the MQ requirements database. |
Thanks for the information. Do you have any estimate of when this feature might be released? I'd be willing to test a beta version if possible. |
|
| Back to top |
|
|
| bower5932 |
| Posted: Tue May 27, 2003 1:09 pm Post subject: |
|
|
Jedi Knight
Joined: 27 Aug 2001
Posts: 3023
Location: Dallas, TX, USA
|
| Sorry, I can't give you any estimate. I just know that this has been asked for before and it is in the requirements database. |
|
| Back to top |
|
|
| kingdon |
| Posted: Wed May 28, 2003 2:08 am Post subject: |
|
|
Acolyte
Joined: 14 Jan 2002
Posts: 63
Location: UK
|
I think that support for this shipped in MQ5.3 CSD3, but I don't have a copy to hand to check. The support introduces the concept of a localAddress string that defines the local IP address and a range of ports to be used for client connections. The format of the string is:
a.b.c.d(minPort, maxPort)
e.g.
9.20.0.1(2000, 3000)
The string can be set in several different ways:
a) globally, via a Java property:
java -Dcom.ibm.mq.localAddress=9.20.0.1(2000, 3000) MyProg
b) globally, using the MQEnvironment.localAddressSetting static variable
(as an aside, I would always recommend avoiding this technique and use c instead)
c) per MQQueueManager object, by using the properties hashtable with a key of MQC.LOCAL_ADDRESS_PROPERTY
d) via JMS, using the MQConnectionFactory.setLocalAddress method
e) using JMSAdmin to set the LA property of connection factories.
Regards,
James. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed May 28, 2003 2:15 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
A more conventional programming model for MQ applications is to connect your MQ client to a local MQ queue manager, the port number issue will then not apply.
Arrange for your local queue manager to connect to the other queue manager either directly (with 1414 port opened), using a VPN (or SSL channels with 5.3) or using the MQ internet gateway over HTTP or HTTPS.
The usual arrangement is to have a queue manager in your DMZ for the purpose of connectivity to external queue managers over the Internet. |
|
| Back to top |
|
|
|
|
