I am in developer network and the JBoss to be monitored using JVisualVM is behind client firewall in separate network. JBoss is exposed to us through a NAT. The exposed JMX port works when using telnet from our developer network, but JVisualVM still doesn't find the remote JMX. Apparently this can be due to two things: 1) one or several dynamic RMI sockets need to be accessed, or 2) the "java.rmi.server.hostname" is not defined. My problem may be both points 1 and 2, but apparently since we have SSH access this can be tackled according to this site:
http://rafaelsteil.com/setting-up-jmx-for-jconsole-visualvm-on-ec2-plus-jetty-configuration/
“java.rmi.server.hostname” is the public hostname (like example.com) of your server, without HTTP or anything else. You cannot use an internal address, otherwise you won’t be able to remotely access the service.
However I have one question about the "java.rmi.server.hostname", should the defined IP address be the server internal IP or NAT IP which is publicly expoed to our developer network?
I have actually just tackled this problem myself and figured it out.
I would wager that the problem is the RMI connections - you can't predict which ports it will use and so you can't get it to work with a firewall.
The workaround is to use an SSH proxy:
SSH to the box where your application is running but use the -D option like this:
ssh user@remoteHost -D 9999
This will start a socks proxy on your local machine on port 9999.
Open JVisualVM and in the preferences, under 'network' configure it to use a socks proxy at localhost, on port 9999.
If you do the above, you should then be able to connect to the remote machine as normal and since all the RMI traffic is now going over the SSH proxy, it is punched through the firewall and works nicely.
Good luck :-)