Hi,

In this article we will discuss about port forwarding and how to do it on OpenShift. Port forwarding allows remote computers to connect to a specific computer or service within a private local-area network.

In a typical residential network, nodes obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device’s external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.

When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. For eg:

– Running a public HTTP server within a private LAN
– Accessing apllication server consoles
– Permitting Secure Shell access to a host on the private LAN from the Internet
– For monitoring applications or services using sniffing tools such as wily, Nagios
– Permitting FTP access to a host on a private LAN from the Internet

Usually only one of the private hosts can use a specific forwarded port at one time, but configuration is sometimes possible to differentiate access by the originating host’s source address.

Unix-like operating systems sometimes use port forwarding where port numbers smaller than 1024 can only be created by software running as the root user. Running with superuser privileges (in order to bind the port) may be a security risk to the host, therefore port forwarding is used to redirect a low-numbered port to another high-numbered port, so that application software may execute as a common operating system user with reduced privileges.

We can achieve port-forwarding in OpenShift as well. We can port forward JBoss AS admin console, mysql, JBoss remoting and AJP ports to our local machinne and can use them for monitoring and management purpose. All we need to do is to create an application and then forward the ports to local box. Below are the steps:

Step-1 : Create an OpenShift application using :

rhc app create -a $application-name -t jbossas-7 -l $userid

for eg:

..
[userone@userone OpenShift]# rhc app create -a testapp -t jbossas-7 -l openshift-id@blah.com
Password: 
Creating application: testapp in mydomain

MESSAGES:
OpenShift is currently being upgraded, some services may be unavailable.

Now your new domain name is being propagated worldwide (this might take a minute)...
Warning: Permanently added the RSA host key for IP address '207.246.174.134' to the list of known hosts.
Enter passphrase for key '/userone/.ssh/libra_id_rsa': 
Confirming application 'testapp' is available:  Success!

testapp published:  http://testapp-mydomain.rhcloud.com/
git url:  ssh://pqrs7b6d3cf24ce12345a1ec3c1b7d98@testapp-mydomain.rhcloud.com/~/git/testapp.git/
Successfully created application: testapp
..

Step-2 : Forward the ports :

rhc-port-forward -a $application-name -l $userid

for eg:

..
[userone@userone OpenShift]$ rhc-port-forward -a testapp -l openshift-id@blah.com
Password: ********

Checking available ports...

Binding httpd -> 127.3.77.9:8080...
Binding java -> 127.3.77.8:3528...
Binding java -> 127.3.77.8:4447...
Binding java -> 127.3.77.8:5445...
Binding java -> 127.3.77.8:5455...
Binding java -> 127.3.77.8:8080...
Binding java -> 127.3.77.8:9990...
Binding java -> 127.3.77.8:9999...
Binding mysqld -> 127.3.77.8:3306...
Use ctl + c to stop
..

Step-3 : Now you can tru to use services available through forwarded ports.

for eg: Accessing JBoss AS 7 admin console :

type below in address bar of your browser :

127.3.77.9:9990

Note : If you want to forward only a particular port not all of them, due to some security or management reasons. for eg. only port 9990, try below command :

ssh -N -L 127.3.77.9:9990:127.3.77.9:9990 $ssh-key@$app-name-$namespace.rhcloud.com

Cheers,
Middleware Magic Team 🙂

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.