Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2C19FD267 for ; Thu, 23 Aug 2012 00:42:15 +0000 (UTC) Received: (qmail 62570 invoked by uid 500); 23 Aug 2012 00:42:14 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 62476 invoked by uid 500); 23 Aug 2012 00:42:14 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 62467 invoked by uid 99); 23 Aug 2012 00:42:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2012 00:42:14 +0000 X-ASF-Spam-Status: No, hits=0.9 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sk92129@gmail.com designates 209.85.214.171 as permitted sender) Received: from [209.85.214.171] (HELO mail-ob0-f171.google.com) (209.85.214.171) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2012 00:42:10 +0000 Received: by obqv19 with SMTP id v19so501866obq.2 for ; Wed, 22 Aug 2012 17:41:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=jINGm3sHxIQWzljbY7BzOOudAcDb9qOiIQbuJlxDvmw=; b=YjyM9OflIND2jn/U5Zd30VQoEc1C7mdacNhZcHoBMMvt26EU8G23SLMGawOTBZCgND ueTl4TDF60vqZbxm3idSU9197NpHMygyRG26QaIlT7jo1Ma/hFmJawaDYUXN8q6LKe9G 7tDUmj+DJUAwWq/XnU3eAGXZPPEQvRdcQDva7nbOyhtmfonObovxEMp84kau7M/RAXp3 6zfO8STa3bclorVfNbxMDGu9hwsWzRynLg/TrLCr/7oEH9CgLpMeWIiy790/D0QtahNQ qTJvxXmdL9pM/pZt2l+HZ2e5jxANUpWjXgFE3TU9h/h+emfhUXzOWpF+ORFmBFe3iJw3 q2LQ== MIME-Version: 1.0 Received: by 10.182.50.68 with SMTP id a4mr17341435obo.59.1345682509368; Wed, 22 Aug 2012 17:41:49 -0700 (PDT) Received: by 10.76.83.68 with HTTP; Wed, 22 Aug 2012 17:41:49 -0700 (PDT) In-Reply-To: <1345680454710-4655464.post@n4.nabble.com> References: <1345675595443-4655461.post@n4.nabble.com> <1345680454710-4655464.post@n4.nabble.com> Date: Wed, 22 Aug 2012 17:41:49 -0700 Message-ID: Subject: Re: iptables and broker to broker transport From: Sean K To: users@activemq.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org So if I set broker centos-test3 as a unidirectional bridge- it cannot be a consumer, only a producer on a queue. how does real world deployments handle data going in both directions? I can think of two ways: 1.) put the broker in a less restricted DMZ zone in a company with less ports blocked. 2.) create two sets of brokers on each side -- one companyA has brokerA and broker B. Broker A is used by producer. Broker B is used by consumer. And companyB has broker C which is consumer used only from broker A, and has broker D which is used by producer only from Broker B. So, there is no way to have a duplex brokers on both sides of two companies with a set of ports known? SSL is already being planned to prevent spoof-ing. But I think a duplex broker on both sides would be nice. Does activemq 5.6 not handle that? On Wed, Aug 22, 2012 at 5:07 PM, ceposta wrote: > The network connector in broker 2 has duplex set to "true" > This will open a connection in both directions, which explains the random > port on broker1. > Can you try having uni-directional network connectors on each broker? > > > > ----- > http://www.christianposta.com/blog > -- > View this message in context: http://activemq.2283324.n4.nabble.com/iptables-and-broker-to-broker-transport-tp4655452p4655464.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com.