Re: [2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[James H. H. Lampert]

On 8/11/17, 2:08 AM, Kreuser, Peter wrote:

PPS: James: I still can't get over it, that you run Tomcat on AS400,
my first contact to production systems back in '90.


That's not difficult at all. As long as a sufficiently high level of 
Java (the JV1 Licensed Program) is installed, it runs beautifully; 
just use JAR to unZIP it, and it'll run practically straight out of the box.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[Kreuser, Peter]

I'm glad that we get so well over serious problems. Made my day :-) !

PS: André: Sorry for the top post.
PPS: James: I still can't get over it, that you run Tomcat on AS400, my first 
contact to production systems back in '90.

-Ursprüngliche Nachricht-
Von: André Warnier (tomcat) [mailto:a...@ice-sa.com] 
Gesendet: Freitag, 11. August 2017 10:45
An: users@tomcat.apache.org
Betreff: [OT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an 
old CentOS 5 box. It can't be reached from outside the box.

On 11.08.2017 00:27, James H. H. Lampert wrote:
> After looking up the man page (and while I *know* where the term comes 
> from, I *still* think there ought to be "woman," "boy," and "girl" 
> pages [and maybe "cat" and "dog" pages] as well!)

Note that there may be no "woman" command, but that one can do "man | more".
Similarly, there is no "boy" command, but one can do "man | less".
There is no "girl" command, but the Linux developers have tried to ease the 
pain of that by providing "talk", "chat" and "nice" (and even "tee", for the 
mature generation).
As for the animal world, there is indeed a "cat" command. And there may not be 
any "dog" 
command, but there are  "tail" and "head", which might be seen as more generic.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[OT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[tomcat]

On 11.08.2017 00:27, James H. H. Lampert wrote:

After looking up the man page (and while I *know* where the term comes from, I 
*still*
think there ought to be "woman," "boy," and "girl" pages [and maybe "cat" and 
"dog" pages]
as well!)


Note that there may be no "woman" command, but that one can do "man | more".
Similarly, there is no "boy" command, but one can do "man | less".
There is no "girl" command, but the Linux developers have tried to ease the pain of that 
by providing "talk", "chat" and "nice" (and even "tee", for the mature generation).
As for the animal world, there is indeed a "cat" command. And there may not be any "dog" 
command, but there are  "tail" and "head", which might be seen as more generic.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[James H. H. Lampert]

On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote:


try : iptables -L

and then : man iptables
(only for the brave)


After looking up the man page (and while I *know* where the term comes 
from, I *still* think there ought to be "woman," "boy," and "girl" pages 
[and maybe "cat" and "dog" pages] as well!) and the Wikipedia article, I 
reasoned that this seemed like something CentOS (being a Red Hat 
derivative) would have a GUI front-end for, and sure enough, it's right 
where I expected it to be, from the Gnome desktop, 
System/Administration/Security Level and Firewall.


And as soon as I opened up 8080, it worked just fine.

--
JHHL

And now that I think of it, any text file is a "cat page."

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[James H. H. Lampert]

On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote:

try : iptables -L

and then : man iptables
(only for the brave)


BINGIE!

On another CentOS 5 box, on which we have Tomcat running, and completely 
reachable, "iptables -L" returns:

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


But on the "problem" box, it returns:

Chain INPUT (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
RH-Firewall-1-INPUT  all  --  anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT icmp --  anywhere anywhereicmp any
ACCEPT esp  --  anywhere anywhere
ACCEPT ah   --  anywhere anywhere
ACCEPT udp  --  anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp  --  anywhere anywhereudp dpt:ipp
ACCEPT tcp  --  anywhere anywheretcp dpt:ipp
ACCEPT all  --  anywhere anywherestate 
RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywherestate NEW tcp 
dpt:ssh
ACCEPT udp  --  anywhere anywherestate NEW udp 
dpt:netbios-ns
ACCEPT udp  --  anywhere anywherestate NEW udp 
dpt:netbios-dgm
ACCEPT tcp  --  anywhere anywherestate NEW tcp 
dpt:netbios-ssn
ACCEPT tcp  --  anywhere anywherestate NEW tcp 
dpt:microsoft-ds
REJECT all  --  anywhere anywherereject-with 
icmp-host-prohibited


I have no idea what any of this means.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[tomcat]

On 10.08.2017 21:32, James H. H. Lampert wrote:

On 8/10/17, 12:02 PM, l...@kreuser.name wrote:

telnet  , no “:" in between!


As a character that is one of Gilda Radner's most memorable legacies would say, 
"Oh.
That's very different."


Indeed. And kind of disorganised too..

quote
From my Mac:
(102 is the problem box. 105 is a WinDoze box that is completely reachable on 7070 
throughout the LAN, running Tomcat without a default app, and 100 is an AS/400 that runs a 
service on 80, and serves a simple page, "there are no web pages here," on browser requests.)

unquote



New transcript:


Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80
Trying 192.168.1.100...
Connected to venus.
Escape character is '^]'.


Now you're supposed to enter (and it probably shows no echo, so blind) :

GET / HTTP/1.1
Host: localhost


and it will display something (your simple page, but raw)

>> ^]

telnet> ^C
Jamess-Mac-mini:~ jamesl$ man telnet

(good idea)


Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070
Trying 192.168.1.105...
Connected to 192.168.1.105.
Escape character is '^]'.



same thing here, although without a default app, you may get a 404 error page


^]
telnet> ^C
Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080


wrong IP..


Trying 192.168.0.102...
telnet: connect to address 192.168.0.102: Operation timed out
telnet: Unable to connect to remote host


Told ya. probably lost somewhere in the wrong network.


Jamess-Mac-mini:~ jamesl$ telnet europa 7070
Trying 192.168.1.102...
telnet: connect to address 192.168.1.102: Connection refused
telnet: Unable to connect to remote host


Ok, this is relevant to the issue at hand.
So indeed it appears (to the client) as if there is nothing listening on that 
host/port,
or there is something rejecting connections there.
Like a firewall or IPtables as someone suggested earlier.

A guess : the OS may be configured so that by default it blocks most incoming connection 
requests (to most ports), and only selectively enables a port when you install a service 
on it through the official package manager (because the official package also contains 
something to do that).

Lately, OS'es have a tendency to become paranoid like that..
(that's the fault of all them Russians trying to hack Americans, Ukrainians trying to hack 
Russians, American Democrats trying to hack Trump's Twitter account, American Republicans 
trying to hack the Democrats' email servers, North Koreans trying to hack Pakistanese, and 
Nigerians and Chinese trying to hack everyone)


try : iptables -L

and then : man iptables
(only for the brave)



Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80
Trying 69.16.229.207...
Connected to fountainpennetwork.com.
Escape character is '^]'.
^]
telnet> ^C




That's ok, but does not seem relevant.



--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[James H. H. Lampert]

On 8/10/17, 12:02 PM, l...@kreuser.name wrote:

telnet  , no “:" in between!


As a character that is one of Gilda Radner's most memorable legacies 
would say, "Oh. That's very different."


New transcript:


Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80
Trying 192.168.1.100...
Connected to venus.
Escape character is '^]'.
^]
telnet> ^C
Jamess-Mac-mini:~ jamesl$ man telnet
Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070
Trying 192.168.1.105...
Connected to 192.168.1.105.
Escape character is '^]'.

^]
telnet> ^C
Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080
Trying 192.168.0.102...
telnet: connect to address 192.168.0.102: Operation timed out
telnet: Unable to connect to remote host
Jamess-Mac-mini:~ jamesl$ telnet europa 7070
Trying 192.168.1.102...
telnet: connect to address 192.168.1.102: Connection refused
telnet: Unable to connect to remote host
Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80
Trying 69.16.229.207...
Connected to fountainpennetwork.com.
Escape character is '^]'.
^]
telnet> ^C


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[logo]

Hi James,

> Am 10.08.2017 um 20:51 schrieb James H. H. Lampert :
> 
> On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote:
> 
>> Note: for "telnet", you will need a telnet client installed; this is not
>> necessarily standard on non-Windows workstations.
>> And the reason for telnet is that it is about the simplest client that
>> can be used, that shows when something comes back, but does not
>> automatically follow "redirects" and that kind of stuff.
> 
> From my Mac:
> (102 is the problem box. 105 is a WinDoze box that is completely reachable on 
> 7070 throughout the LAN, running Tomcat without a default app, and 100 is an 
> AS/400 that runs a service on 80, and serves a simple page, "there are no web 
> pages here," on browser requests.)
> 
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080
>> 192.168.1.102:8080: nodename nor servname provided, or not known
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070
>> 192.168.1.105:7070: nodename nor servname provided, or not known
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80
>> 192.168.1.100:80: nodename nor servname provided, or not known
> 
telnet  , no “:" in between!

Best regards

Peter

> --
> JHHL
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[James H. H. Lampert]

On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote:


Note: for "telnet", you will need a telnet client installed; this is not
necessarily standard on non-Windows workstations.
And the reason for telnet is that it is about the simplest client that
can be used, that shows when something comes back, but does not
automatically follow "redirects" and that kind of stuff.


From my Mac:
(102 is the problem box. 105 is a WinDoze box that is completely 
reachable on 7070 throughout the LAN, running Tomcat without a default 
app, and 100 is an AS/400 that runs a service on 80, and serves a simple 
page, "there are no web pages here," on browser requests.)



Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080
192.168.1.102:8080: nodename nor servname provided, or not known
Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070
192.168.1.105:7070: nodename nor servname provided, or not known
Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80
192.168.1.100:80: nodename nor servname provided, or not known


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[tomcat]

Addendum :
James,
this may also be of interest to you :
https://backdrift.org/tcp-ping-ping-tcp-port

On 10.08.2017 08:46, André Warnier (tomcat) wrote:

On 10.08.2017 02:32, James H. H. Lampert wrote:

This is weird. I've never seen this before.

Then again, I don't think I've installed Tomcat on Linux from a tarball before: 
the
previous CentOS installation was, if I remember right, via Yum, and the one 
Debian
installation I've done was via apt-get.

But I can apparently no longer reach the Yum repository from our CentOS 5 
boxes, so I went
with the tarball.

It launches. The port opens. It shows up in a netstat. And I can reach it at 
either
127.0.0.1:8080 or port 8080 at the box's own IP address.

 From the box it's running on.

But if I try to reach it from other boxes on the same LAN, I get "Firefox can't 
establish
a connection" whether I use the box's name (from boxes that have it in their 
host table),
or its IP address.

I can ping the box. And I can reach Samba shares on it. And I can ssh to it.


Ping works at the IP low level, so it means that there is an IP path to the 
server, but it
does not say anything about TCP/UDP "open ports".
Samba and SSH working, means that TCP/UDP packets addressed to their respective 
server
ports get through.
Firefox not working must mean that something is blocking port 8080.

Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) 
"port not
reachable", or show a blank screen. If the former, there /is/ something 
blocking access to
port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is 
accessible,
and your problem is somewhere else.

Note: for "telnet", you will need a telnet client installed; this is not 
necessarily
standard on non-Windows workstations.
And the reason for telnet is that it is about the simplest client that can be 
used, that
shows when something comes back, but does not automatically follow "redirects" 
and that
kind of stuff.




The only firewall on the Lan is a TP-Link N750, and if it has any settings in 
place to
block traffic within the LAN, I can't find them.

I've got three different Tomcat 7 servers all running on the LAN, and can reach 
them
easily.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

[tomcat]

On 10.08.2017 02:32, James H. H. Lampert wrote:

This is weird. I've never seen this before.

Then again, I don't think I've installed Tomcat on Linux from a tarball before: 
the
previous CentOS installation was, if I remember right, via Yum, and the one 
Debian
installation I've done was via apt-get.

But I can apparently no longer reach the Yum repository from our CentOS 5 
boxes, so I went
with the tarball.

It launches. The port opens. It shows up in a netstat. And I can reach it at 
either
127.0.0.1:8080 or port 8080 at the box's own IP address.

 From the box it's running on.

But if I try to reach it from other boxes on the same LAN, I get "Firefox can't 
establish
a connection" whether I use the box's name (from boxes that have it in their 
host table),
or its IP address.

I can ping the box. And I can reach Samba shares on it. And I can ssh to it.


Ping works at the IP low level, so it means that there is an IP path to the server, but it 
does not say anything about TCP/UDP "open ports".
Samba and SSH working, means that TCP/UDP packets addressed to their respective server 
ports get through.

Firefox not working must mean that something is blocking port 8080.

Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) "port not 
reachable", or show a blank screen. If the former, there /is/ something blocking access to 
port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is accessible, 
and your problem is somewhere else.


Note: for "telnet", you will need a telnet client installed; this is not necessarily 
standard on non-Windows workstations.
And the reason for telnet is that it is about the simplest client that can be used, that 
shows when something comes back, but does not automatically follow "redirects" and that 
kind of stuff.





The only firewall on the Lan is a TP-Link N750, and if it has any settings in 
place to
block traffic within the LAN, I can't find them.

I've got three different Tomcat 7 servers all running on the LAN, and can reach 
them easily.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org