JMX enabled Java application appears to open a random high order port when JMX client connects

I have successfully configured a helloworld JMX enabled program, and I can connect to it using jconsole JMX client from a remote location.

When I attempt to turn on iptables I noticed that a random high order port is established when a client logs in. Eventually I would like to monitor Java applications in firewall segregated network segments. Can we control the range the random port opens in?

I'll move this question to serverfault.com if suggested.

It's possible to control the port used by RMI. See: http://olegz.wordpress.com/2009/03/23/jmx-connectivity-through-the-firewall/

This requires code and a command-line parameter. There's no way that I know of to do this without code (though the code can obviously be packaged in a different jar).

Since Java 7u25 the RMI port can be changed with a system property:

-Dcom.sun.management.jmxremote.rmi.port=1234

See this answer for details.

Random third port seems to be expected behavior https://bugs.openjdk.java.net/browse/JDK-8035404

by the way, this third ephemeral port can be controlled too - https://www.paybackblog.de/java-jmx-how-to-finally-control-your-ports/

A workaround is to set the RMI port the same as the JMX port; then only that one port needs to be open on the Firewall.

For example:

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

See Why Java opens 3 ports when JMX is configured?