thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Slee <ms...@fb.com>
Subject Re: Java Client Connections
Date Tue, 21 Aug 2012 23:09:57 GMT
Nothing in there sounds suspicious to me. I don't think you should be
seeing any virtual server ports at the firewall level, if the client asked
to connect to 8014, the packets going back across the wire from the server
ought to indicate that they are replies from 8014.

Where do you "see" the packet being thrown out? Does your firewall
indicate this somewhere? If it tells you about the packet being discarded,
wondering if it supplies any metadata somewhere as to what rule was
violated.

Good luck!

On 8/21/12 3:55 PM, "Steve Knott" <steve@ttonk.com> wrote:

>That is what I would expect.
>
>The server is running on port 8014. I am seeing the client open a local
>socket in the 40k range, which I expect.
>The firewall is only on for incoming connection. It block everything
>that isn't 8014.
>
>I see a packet being thrown out. It has a destination of the client
>w/the 40k port with a source port of 8014 of the server machine.  Does
>that seem right? I would thing the source port would be some virtual
>port number the server passed it off to.  I was thinking that maybe the
>firewall thinks this is a new connection and is filtering.... but I am
>still investigating.
>
>Thanks,
>Steve
>
>
>On 8/21/2012 6:28 PM, Mark Slee wrote:
>> No, there should not be. The client should only have one socket, which
>>is
>> the one you explicitly pass to it via Tsocket.
>>
>> This will probably end up getting assigned a local virtual port number,
>> which is not necessarily the same as the port number you're trying to
>> connect to on the server. (i.e. all my outbound HTTP requests on port 80
>> on various hosts do not come back to port 80 locally, each local socket
>> has its own)
>>
>> What is the firewall issue? You should just need to allow outbound TCP
>> connections from the client on whatever remote port you're attempting to
>> connect to.
>>
>> On 8/21/12 1:55 PM, "Steve"<steve@subwest.com>  wrote:
>>
>>> Hi,
>>>
>>> Is there any situations where a client (java) would open up a socket
>>> (for listening) that isn't the calling port to the server?
>>>
>>> I am trying to un-wrangle some firewall issues.
>>>
>>> Thanks,
>>> Steve
>>>
>
>


Mime
View raw message