远程访问JMX遇到连接不上的问题（JConsole和VisualVM工具类似）

远程访问JMX遇到连接不上的问题（JConsole和VisualVM工具类似）

java.rmi.ConnectException: Connection refused to host: 10.88.112.165; nested exception is:
 java.net.ConnectException: Connection timed out: connect
 at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
 at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
 at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
 at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
 at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
 at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
 at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
 at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
 at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
 at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:102)
 at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
 at java.net.DualStackPlainSocketImpl.connect0(Native Method)
 at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
 at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
 at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
 at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
 at java.net.Socket.connect(Socket.java:579)
 at java.net.Socket.connect(Socket.java:528)
 at java.net.Socket.<init>(Socket.java:425)
 at java.net.Socket.<init>(Socket.java:208)
 at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
 at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
 at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
 ... 10 more
java.rmi.ConnectException: Connection refused to host: 10.88.112.165; nested exception is:
 java.net.ConnectException: Connection timed out: connect
 at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
 at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
 at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
 at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:129)
 at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
 at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2373)
 at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:297)
 at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
 at com.rf.emq.product.jmx.JmxProxy.initConn(JmxProxy.java:84)
 at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:274)
 at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
 at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
Caused by: java.net.ConnectException: Connection timed out: connect
 at java.net.DualStackPlainSocketImpl.connect0(Native Method)
 at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
 at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
 at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
 at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
 at java.net.Socket.connect(Socket.java:579)
 at java.net.Socket.connect(Socket.java:528)
 at java.net.Socket.<init>(Socket.java:425)
 at java.net.Socket.<init>(Socket.java:208)
 at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
 at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
 at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
 ... 11 more
Exception in thread "main" java.lang.NullPointerException
 at com.rf.emq.product.jmx.JmxProxy.getBrokerMbeanName(JmxProxy.java:278)
 at com.rf.emq.product.jmx.JmxProxy.getBrokerOperation(JmxProxy.java:105)
 at com.rf.emq.product.jmx.JmxProxy.main(JmxProxy.java:318)
**********************************************
【问题】
telnet 10.88.112.165 1100是ok的，但是远程通过客户端连接jmx时，访问不到，只有关闭防火墙，才可以访问到，

防火墙的配置规则，应该怎么配？==>
*********************
【分析】
问题状态：
1、通过netstat查看端口号，显示1100为LISTEN；监听是正常的；
2、iptables中已经将端口号1100置为开放的；
3、远程通过telnet <ip> <port>时，telnet是正常的；
4、（但是）通过jconsole <ip> <port>进行连接时，连接不上；
5、（如果）关闭firewall的话，第4步的方式是可以成功的；
***********************
【解答】
In addition to listening to the port you specified (1100) the JMX server also listens to a randomly chosen (ephemeral) port.
Check, e.g. with lsof -i|grep java if you are on linux/osx, which ports the java process listens to and make sure your firewall is open for the ephemeral port as well.

除了JMX server指定的监听端口号外，JMXserver还会监听一到两个随机端口号，
可以通过命令：lsof -i|grep java |grep <pid> 来查看当前java进程需要监听的随机端口号，
///////////begin////////
# netstat -tupln |grep 1101
tcp        0      0 0.0.0.0:1101                0.0.0.0:*                   LISTEN      13997/java         
# lsof -i|grep 13997
java      13997    root    9u  IPv4 132890      0t0  TCP *:37040 (LISTEN)
java      13997    root   70u  IPv4 132891      0t0  TCP *:pt2-discover (LISTEN)
java      13997    root   72u  IPv4 132892      0t0  TCP *:40085 (LISTEN)
java      13997    root   76u  IPv4 146976      0t0  TCP hotnamea:61618->10.88.146.205:49165 (ESTABLISHED)
java      13997    root   84u  IPv4 132904      0t0  TCP *:61618 (LISTEN)
java      13997    root   95u  IPv4 132936      0t0  TCP *:8163 (LISTEN)
///////////end//////////
并且把这些端口号也放到iptable中，置为开放状态。

【小结】这也证明了尽管jmx server的主监听端口号【1100】已开放，但是远程连接时，还是访问不到，只有关闭firewall，才可以远程jmx连接上。
【建议】因为随机短口号是Java进程启动后，OS随机分配给jmxserver的，如果可以关闭firewall就选择关闭，否则，需要每次在server就绪后，监测到随机
         端口号，并把它们配置到iptables中，置为开放状态。
【注意】每个Jmxserver还需要两个随机端口号。
*********************