Struggled with this a bit and thought others might find this useful. If you're using RMI Replicated caching with Ehcache, you need to put a little thought into port security/strategy. The sample ehcache.xml includes:
Using this config means you're going to have to poke holes in iptables for ports 40001 and 40002. All that is pretty simple - the gotcha is if you're using automatic peer discovery. It needs multicasting to work. The docs call this out but it took me awhile to realize I had to specifically allow it in iptables, as it is likely prohibited by default in most environments.
IBM has a nice post about how to do this. So in this example (replicated Ehcache with automatic peer discovery), you'll need this in iptables on each host you expect to participate:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 40001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 40002 -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT