Allow to specify a custom endpoint to be published
If the TDAQ_IPC_PUBLISH_ENDPOINT environment variable is set create an EndPointPublishPolicy with the specified address and pass it to the POA. The endpoint must be fully specified, including protocol, hostname and port number.
Note this changes only the publishing, the ORB still chooses his own endpoint with the usual rules.
For this to work some process has to listen at the specified address and then forward incoming connections to the original ORB (e.g. via an SSH tunnel).
The use case is an ipc_gateway_proxy process on a system that allows outgoing connections but no incoming ones:
export TDAQ_IPC_PUBLISH_ENDPOINT=giop:iiop:gatewayIP:8765
ssh -f -N -R gatewayIP:8765:localIP:12346
ipc_gateway_proxy -i privateIP -p 12345 -I proxyIP -P 12346
All outgoing connections go through proxy, and the proxy connects directly to the remote hosts. Incoming connections are going to the gatewayIP:8765 host/port and are tunnelled back to the public part of the proxy, which in turn talks to the local hosts. This is possible since the ssh tunnel was established from inside the restricted network.
The /etc/ssh/sshd_config host must have an entry:
GatewayPorts clientspecified
or the gateway host will only listen on the localhost interface.