The wsconfig utility that installs the webserver connector for ColdFusion MX tries to establish TCP connections to the JRun server on two ports for the installation process, the JNDI port and the RMI port. Here's how to control both.

First it will scan the port range 2900 - 3000 to find out whats listening, then it will begin to connect to each active port discovered in that range starting at 2900. The target port is referred to as the JNDI port that the JRun server listens on. A server's JNDI port is defined in jndi.properties such as with the following setting
java.naming.provider.url=localhost:2920

Second, upon successful communication with the JRun server on the JNDI port, the JRun server will instruct wsconfig to complete the second half of the communication on the RMI port. By default, this is a high *random* port. So this is where most Linux folks running a firewall go wrong. They allow for the JNDI port but don't know about the high random port for RMI.

This two part process is described in more detail in my blog post Tracing wsconfig with Ethereal Network Analyzer.

I recently learned that this RMI port can be controlled and not left to default to a high random port. This is the primary point I'm trying to convey in this post, since much is written about the JNDI port already. You can edit the RMI property in the jndi.properties file to change the value
jrun.naming.rmi.port=0 to jrun.naming.rmi.port=[YOUR_PORT_HERE]

The jndi.properties file which has settings for both the JNDI and RMI ports can be found in this location for ColdFusion Server Configuration:

cf_root/runtime/servers/coldfusion/SERVER-INF/jndi.properties

Then restart ColdFusion and open the JNDI and RMI ports in the firewall.

The wsconfig utility will communicate with the JRun server over the JNDI port and the RMI port only during the webserver configuration process. Knowing about how to control the RMI port used for wsconfig should help overcome most problems encountered with this on Linux. Once the webserver is configured for ColdFusion or JRun, the webserver connector stub will communicate with the CF/JR server over the JRun Proxy Port, which is usually in the range of 51010-51020. More about how the webserver connector works after its installed can be found in my blog entry How ColdFusion Receives and Processes Requests.

A technote by David Stanten of Macromedia is pending that will elaborate more on the use of RMI ports in ColdFusion or JRun.

Some related technotes on wsconfig ports that may also be of interest are: