Posted by binod
on December 8, 2006 at 9:57 AM PST
We, glassfish engineering team, often get issues related to windows firewall settings and its impact on socket mechanism in glassfish. This entry describles some of those issues
One of my Sun collegues (Bobby ) noticed that glassfish web server stops responding soon after the startup. The most interesting thing he found was that he can access the webserver using http://localhost:8080 where as accessing it using IP address (http://x.x.x.x:8080 ) wasnt working. The plot thickened when we found that the webserver can be accessed once using the IP address and from second time onwards it started failing. Two web browsers and a wget.exe showed the same behaviour.
Bobby is located in Santa Clara and I am located in Bangalore office of Sun Microsystems. Bobby setup a VNC Server on the laptop during his night so that I can look at whats happening during my day. Global engineering certainly certainly has advantages :-)
Debugging spell was quite longer than usual. Finally, we found that the issue was because of a firewall setting in the norton windows firewall.
As explained here symantec firewall has a setting called "Default Inbound loopback" which is configured to allow only 127.0.0.1. When this configuration is changed to allow any IP address (well bobby was using DHCP) the server started working.
This is not the first firewall related issue glassfish team has faced. Another one is with the Windows java.nio Selector implementation. Windows selector implementation in JDK use a loopback socket to handle the wakeup mechanism. But some firewalls are particularly strict against loopback sockets. Typically the issue will surface with the following stacktrace
java.io.IOException: Unable to establish loopback connection
at java.security.AccessController.doPrivileged(Native Method)
There are so many reports about this issue. Here are some links where people faced it outside glassfish [apache , limeware ]
A neat explanation about this issue can be found in this sun forum link on socket programming.
Thats all for today. Now that I have started working from home for 2 days a week, hopefully I will get time to write next blog soon.
Thanks to Bobby for his excellent support on debugging some of these issues.