Access RMI Port from remote using iptables

I want to access an RMI-Service from a remote Server. Locally everything works fine. But from the remote side i get the following exception:

java.net.ConnectException: Connection timed out

I used IP-Tables, that the server believes the request comes to 127.0.0.1 and not to the public ip address xx.yy.zz

iptables -t nat -A PREROUTING -p tcp -d xx.yy.zz --dpo开发者_运维百科rt 1099 -j DNAT --to-destination 127.0.0.1:1099

The server is started with "-Djava.rmi.server.hostname=127.0.0.1" as JVM-Argument.

Regards, Markus

For me this looks like misuse of iptables. Do the following:

1. Make sure your application binds to the public address. For example by removing "-Djava.rmi.server.hostname=127.0.0.1".
2. If you still can't reach your app. Add a firewall rule to iptables something like:

   $iptables -A INPUT -p tcp --dport 1099 -j ACCEPT

I suspect the DNAT only changes the destination of the packet, rather than the source. Wouldn't it make a lot more sense to make the RMI server accept packets from a trusted LAN or VPN, instead of trying to rewrite the packets using iptables?