[
https://issues.apache.org/jira/browse/ARTEMIS-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491298#comment-17491298
]
Robbie Gemmell commented on ARTEMIS-3681:
-----------------------------------------
That setting is for the connecting side, not the server acceptor. It controls
the client side locally used port so you set it at the connection side. The
servers locally used acceptor port is already fixed, that is the port it is
accepting on.
All TCP connections have a port at the TCP server side that is connected to
(i.e accepted on, one of the ones Justin outlined), and a port at the TCP
client side that is 'connected from', allocated by the clide side, typically
randomly assigned (since only one thing can use it at a time) from the
ephemeral range. That setting allows specifying the connecting client use a
fixed client-side port.
The server log message is saying a connection from a client is being dropped
and the " /111.127.116.95:55818", i.e is conveying the client side selected
port 55818 for that connection it opened to the broker.
As Justin said, this does not typically mean you need to open those ports on a
server firewall too, as they are not being accepted on. The difference would be
if your firewall is additionally restricting that incoming connections on its
open ports are only being made FROM specific remote client ports, when then yes
you would need to allow connections FROM (but not TO) such ports as well as
saying which ports at the server can be connected TO.
(Note: you could look at the HTTP connections created for visits you make to
websites as an alternative everyday example of this typical randomly-assigned
client side local port selection in action.)
> Add the function to define a static port for artemis to connect with client
> ---------------------------------------------------------------------------
>
> Key: ARTEMIS-3681
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3681
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.20.0
> Reporter: Ning Kang
> Priority: Blocker
>
> Artemis uses 3 ports - 61616 , 8181 and a random port.
> # 61616 is the activemq port which is connected by PCMD(Platform Cluster
> Manager core daemon).
> # 8161 is the internal port used by activemq NIO(Non-Blocking IO)
> communication.
> # Any random port like 37551, 35134 etc. : This port is used to communicate
> with already connected clients.
> The first 2 ports can be changed, but the last random port cannot be changed.
> This will bring a problem in a firewall situation because it is very
> difficult to open a rang of firewall ports for the 3rd port due to security
> reasons.
> So the question is: is it possible to define a static port for the 3rd one,
> or disable the usage of the 3rd port? If not, then it will be very helpful to
> add this function.
> If we do not open the 3rd port on firewall, then it is not possible to make
> the connection, and the artemis server log will show this error in below. The
> ip of 111.127.116.95 is the client ip.
> {noformat}
> 2022-02-10 18:16:34,047 WARN [org.apache.activemq.artemis.core.client]
> AMQ212037: Connection failure to /111.127.116.95:55818 has been detected:
> AMQ229014: Did not receive data from /111.127.116.95:55818 within the
> 60,000ms connection TTL. The connection will now be closed.
> [code=CONNECTION_TIMEDOUT]{noformat}
> References:
> * [https://www.ibm.com/support/pages/ports-used-activemq-hpc]
> * [https://www.ibm.com/support/pages/change-default-ports-activemq]
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
