Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 7 of 7
  1. #1
    kkretsch Guest

    Default Port binding not using localhost?

    One question concerning security: When I have a server without any firewall in front, I have some ports open to the outside coming from OX.
    Why are the ports 57461 and 57462 listening on all interfaces and not only on localhost?
    Using netstat -an one can see which ports listen only on localhost, like 1099 or 9999.
    And some ports are used in a random range, new ones for every new startup of the groupware server, some "feature" of java or jndi I dislike most.
    Is there any known tweakup to the config files to reduce the number of open ports to the world outside?

  2. #2
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi,

    Port 1099 is for RMI access, which is used for administration of the admindaemon (command line tools and so on). 9999 is for JMX which provides a monitoring service.
    Those other Ports are used for the different caches that are provided by the groupware and administration daemon. This is a feature which is used when setting up clusters of OX Servers that communicate (synchronize) which each other. If you are familiar with the JCS Protocol, you can configure the caching configuration at the cache.ccf file at the groupware and admindaemon "/etc" directory. This caching feature is not required when only running one instance of the Open-Xchange Server on one physical server. This caching is also the cause for random ports usage.

    Greetings.
    Last edited by Martin Heiland; 08-04-2007 at 10:15 PM.

  3. #3
    kkretsch Guest

    Default

    Quote Originally Posted by Martin Braun View Post
    If you are familiar with the JCS Protocol, you can configure the caching configuration at the cache.ccf file at the groupware and admindaemon "/etc" directory. This caching feature is not required when only running one instance of the Open-Xchange Server on one physical server. This caching is also the cause for random ports usage.
    I'm not yet familiar with JCS but I don't need clustering or multiple instances at all. So I would be glad to downsize some of the features. Any hint what to disable where?

  4. #4
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi,

    you've to comment out the following lines at the admindaemons and groupware's cache.ccf:

    Code:
    # AVAILABLE AUXILIARY CACHES
    # TCP Lateral Cache to broadcast PUTS and REMOVALS (and possibly GETS) to other local caches
    jcs.auxiliary.LTCP=org.apache.jcs.auxiliary.lateral.socket.tcp.LateralTCPCacheFactory
    jcs.auxiliary.LTCP.attributes=org.apache.jcs.auxiliary.lateral.socket.tcp.TCPLateralCacheAttributes
    jcs.auxiliary.LTCP.attributes.TcpServers=127.0.0.1:57461
    jcs.auxiliary.LTCP.attributes.TcpListenerPort=57462
    and every following up line starting with jcs.auxiliary.LTCP.*

    Greetings
    Last edited by Martin Heiland; 08-06-2007 at 09:15 AM.

  5. #5
    kkretsch Guest

    Default

    Thanks, that closed at least those two ports.
    I still have two ports listening on any-Interface, the port numbers changing every restart of the server. And there remains one udp port 44335 I can't associate any service with.
    Could these ports be configured to listen only on localhost?

  6. #6
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi,

    44335/udp is a push port for the outlook connector. This can be configured at the push.properties file.

    //edit
    Those other JMX Port should be bound to localhost by default as they are configured like that at the server.properties:
    MonitorJMXBindAddress=localhost

    This i obviously a bug and has been reported. Thank you!
    Last edited by Martin Heiland; 08-06-2007 at 10:05 AM.

  7. #7
    kkretsch Guest

    Default

    Quote Originally Posted by Martin Braun View Post
    Those other JMX Port should be bound to localhost by default as they are configured like that at the server.properties:
    MonitorJMXBindAddress=localhost

    This i obviously a bug and has been reported. Thank you!
    Great work, so I could disable this UDP port and the other two 'walking ports' are at least not my own configuration fault. Thanks for your help.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •