Saturday 23 February 2013

JMX ports to open in firewall for jconsole to Cassandra


  1. Port 7199
    1. Used for about a dozen packets when JMX connection first made
      1. A handshake of sorts
      2. Probably sets up the agreement on which high port to connect to, used below
        1. Similar to SIP
        2. Similar to old FTP
    2. Not used again after initial handshake
  2. Port range 55000 to 55999
    1. To see these packets, on JVM server
      1. tcpdump -nn ! port 22 and host <jconsole client IP> (not literal, replace this)
  3. If jconsole starts showing graphs, you are connected
To run jconsole directly on the server via VNC, see this article: http://sysadminandnetworking.blogspot.com/

Tricks and Tips
  1. If you don't want to expose 1000 ports to the world for some reason
    1. Open all ports on firewall in front of JVM server
    2. On JVM server: tcpdump -nn ! port 22 and host <jconsole client IP>
    3. Start jconsole connection on client machine
    4. Watch to see which port JVM server is trying to reach jconsole client via
    5. Close all but that port in the firewall, will be between 55000-55999
  2. Do a local experiment to a local JVM JMX-able application if unsure of good jconsole connection result
  3. Get your external IP from where you are running jconsole client
    1. CLI: curl http://ipaddr.me
    2. Or web browser: http://ipaddr.me

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Interview questions: 2020-12

Terraform provider vs provisioner Load balancing Network Load Balancer vs Application Load Balancer  Networking Layer 1 vs Layer 4 haproxy u...