Re: [2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 8/11/17, 2:08 AM, Kreuser, Peter wrote: PPS: James: I still can't get over it, that you run Tomcat on AS400, my first contact to production systems back in '90. That's not difficult at all. As long as a sufficiently high level of Java (the JV1 Licensed Program) is installed, it runs beautifully; just use JAR to unZIP it, and it'll run practically straight out of the box. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
I'm glad that we get so well over serious problems. Made my day :-) ! PS: André: Sorry for the top post. PPS: James: I still can't get over it, that you run Tomcat on AS400, my first contact to production systems back in '90. -Ursprüngliche Nachricht- Von: André Warnier (tomcat) [mailto:a...@ice-sa.com] Gesendet: Freitag, 11. August 2017 10:45 An: users@tomcat.apache.org Betreff: [OT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box. On 11.08.2017 00:27, James H. H. Lampert wrote: > After looking up the man page (and while I *know* where the term comes > from, I *still* think there ought to be "woman," "boy," and "girl" > pages [and maybe "cat" and "dog" pages] as well!) Note that there may be no "woman" command, but that one can do "man | more". Similarly, there is no "boy" command, but one can do "man | less". There is no "girl" command, but the Linux developers have tried to ease the pain of that by providing "talk", "chat" and "nice" (and even "tee", for the mature generation). As for the animal world, there is indeed a "cat" command. And there may not be any "dog" command, but there are "tail" and "head", which might be seen as more generic. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 11.08.2017 00:27, James H. H. Lampert wrote: After looking up the man page (and while I *know* where the term comes from, I *still* think there ought to be "woman," "boy," and "girl" pages [and maybe "cat" and "dog" pages] as well!) Note that there may be no "woman" command, but that one can do "man | more". Similarly, there is no "boy" command, but one can do "man | less". There is no "girl" command, but the Linux developers have tried to ease the pain of that by providing "talk", "chat" and "nice" (and even "tee", for the mature generation). As for the animal world, there is indeed a "cat" command. And there may not be any "dog" command, but there are "tail" and "head", which might be seen as more generic. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote: try : iptables -L and then : man iptables (only for the brave) After looking up the man page (and while I *know* where the term comes from, I *still* think there ought to be "woman," "boy," and "girl" pages [and maybe "cat" and "dog" pages] as well!) and the Wikipedia article, I reasoned that this seemed like something CentOS (being a Red Hat derivative) would have a GUI front-end for, and sure enough, it's right where I expected it to be, from the Gnome desktop, System/Administration/Security Level and Firewall. And as soon as I opened up 8080, it worked just fine. -- JHHL And now that I think of it, any text file is a "cat page." - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote: try : iptables -L and then : man iptables (only for the brave) BINGIE! On another CentOS 5 box, on which we have Tomcat running, and completely reachable, "iptables -L" returns: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination But on the "problem" box, it returns: Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywherestate NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:microsoft-ds REJECT all -- anywhere anywherereject-with icmp-host-prohibited I have no idea what any of this means. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 10.08.2017 21:32, James H. H. Lampert wrote: On 8/10/17, 12:02 PM, l...@kreuser.name wrote: telnet , no “:" in between! As a character that is one of Gilda Radner's most memorable legacies would say, "Oh. That's very different." Indeed. And kind of disorganised too.. quote From my Mac: (102 is the problem box. 105 is a WinDoze box that is completely reachable on 7070 throughout the LAN, running Tomcat without a default app, and 100 is an AS/400 that runs a service on 80, and serves a simple page, "there are no web pages here," on browser requests.) unquote New transcript: Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80 Trying 192.168.1.100... Connected to venus. Escape character is '^]'. Now you're supposed to enter (and it probably shows no echo, so blind) : GET / HTTP/1.1 Host: localhost and it will display something (your simple page, but raw) >> ^] telnet> ^C Jamess-Mac-mini:~ jamesl$ man telnet (good idea) Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070 Trying 192.168.1.105... Connected to 192.168.1.105. Escape character is '^]'. same thing here, although without a default app, you may get a 404 error page ^] telnet> ^C Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080 wrong IP.. Trying 192.168.0.102... telnet: connect to address 192.168.0.102: Operation timed out telnet: Unable to connect to remote host Told ya. probably lost somewhere in the wrong network. Jamess-Mac-mini:~ jamesl$ telnet europa 7070 Trying 192.168.1.102... telnet: connect to address 192.168.1.102: Connection refused telnet: Unable to connect to remote host Ok, this is relevant to the issue at hand. So indeed it appears (to the client) as if there is nothing listening on that host/port, or there is something rejecting connections there. Like a firewall or IPtables as someone suggested earlier. A guess : the OS may be configured so that by default it blocks most incoming connection requests (to most ports), and only selectively enables a port when you install a service on it through the official package manager (because the official package also contains something to do that). Lately, OS'es have a tendency to become paranoid like that.. (that's the fault of all them Russians trying to hack Americans, Ukrainians trying to hack Russians, American Democrats trying to hack Trump's Twitter account, American Republicans trying to hack the Democrats' email servers, North Koreans trying to hack Pakistanese, and Nigerians and Chinese trying to hack everyone) try : iptables -L and then : man iptables (only for the brave) Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80 Trying 69.16.229.207... Connected to fountainpennetwork.com. Escape character is '^]'. ^] telnet> ^C That's ok, but does not seem relevant. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 8/10/17, 12:02 PM, l...@kreuser.name wrote: telnet , no “:" in between! As a character that is one of Gilda Radner's most memorable legacies would say, "Oh. That's very different." New transcript: Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80 Trying 192.168.1.100... Connected to venus. Escape character is '^]'. ^] telnet> ^C Jamess-Mac-mini:~ jamesl$ man telnet Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070 Trying 192.168.1.105... Connected to 192.168.1.105. Escape character is '^]'. ^] telnet> ^C Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080 Trying 192.168.0.102... telnet: connect to address 192.168.0.102: Operation timed out telnet: Unable to connect to remote host Jamess-Mac-mini:~ jamesl$ telnet europa 7070 Trying 192.168.1.102... telnet: connect to address 192.168.1.102: Connection refused telnet: Unable to connect to remote host Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80 Trying 69.16.229.207... Connected to fountainpennetwork.com. Escape character is '^]'. ^] telnet> ^C -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
Hi James, > Am 10.08.2017 um 20:51 schrieb James H. H. Lampert: > > On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote: > >> Note: for "telnet", you will need a telnet client installed; this is not >> necessarily standard on non-Windows workstations. >> And the reason for telnet is that it is about the simplest client that >> can be used, that shows when something comes back, but does not >> automatically follow "redirects" and that kind of stuff. > > From my Mac: > (102 is the problem box. 105 is a WinDoze box that is completely reachable on > 7070 throughout the LAN, running Tomcat without a default app, and 100 is an > AS/400 that runs a service on 80, and serves a simple page, "there are no web > pages here," on browser requests.) > >> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080 >> 192.168.1.102:8080: nodename nor servname provided, or not known >> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070 >> 192.168.1.105:7070: nodename nor servname provided, or not known >> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80 >> 192.168.1.100:80: nodename nor servname provided, or not known > telnet , no “:" in between! Best regards Peter > -- > JHHL > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote: Note: for "telnet", you will need a telnet client installed; this is not necessarily standard on non-Windows workstations. And the reason for telnet is that it is about the simplest client that can be used, that shows when something comes back, but does not automatically follow "redirects" and that kind of stuff. From my Mac: (102 is the problem box. 105 is a WinDoze box that is completely reachable on 7070 throughout the LAN, running Tomcat without a default app, and 100 is an AS/400 that runs a service on 80, and serves a simple page, "there are no web pages here," on browser requests.) Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080 192.168.1.102:8080: nodename nor servname provided, or not known Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070 192.168.1.105:7070: nodename nor servname provided, or not known Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80 192.168.1.100:80: nodename nor servname provided, or not known -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
Addendum : James, this may also be of interest to you : https://backdrift.org/tcp-ping-ping-tcp-port On 10.08.2017 08:46, André Warnier (tomcat) wrote: On 10.08.2017 02:32, James H. H. Lampert wrote: This is weird. I've never seen this before. Then again, I don't think I've installed Tomcat on Linux from a tarball before: the previous CentOS installation was, if I remember right, via Yum, and the one Debian installation I've done was via apt-get. But I can apparently no longer reach the Yum repository from our CentOS 5 boxes, so I went with the tarball. It launches. The port opens. It shows up in a netstat. And I can reach it at either 127.0.0.1:8080 or port 8080 at the box's own IP address. From the box it's running on. But if I try to reach it from other boxes on the same LAN, I get "Firefox can't establish a connection" whether I use the box's name (from boxes that have it in their host table), or its IP address. I can ping the box. And I can reach Samba shares on it. And I can ssh to it. Ping works at the IP low level, so it means that there is an IP path to the server, but it does not say anything about TCP/UDP "open ports". Samba and SSH working, means that TCP/UDP packets addressed to their respective server ports get through. Firefox not working must mean that something is blocking port 8080. Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) "port not reachable", or show a blank screen. If the former, there /is/ something blocking access to port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is accessible, and your problem is somewhere else. Note: for "telnet", you will need a telnet client installed; this is not necessarily standard on non-Windows workstations. And the reason for telnet is that it is about the simplest client that can be used, that shows when something comes back, but does not automatically follow "redirects" and that kind of stuff. The only firewall on the Lan is a TP-Link N750, and if it has any settings in place to block traffic within the LAN, I can't find them. I've got three different Tomcat 7 servers all running on the LAN, and can reach them easily. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.
On 10.08.2017 02:32, James H. H. Lampert wrote: This is weird. I've never seen this before. Then again, I don't think I've installed Tomcat on Linux from a tarball before: the previous CentOS installation was, if I remember right, via Yum, and the one Debian installation I've done was via apt-get. But I can apparently no longer reach the Yum repository from our CentOS 5 boxes, so I went with the tarball. It launches. The port opens. It shows up in a netstat. And I can reach it at either 127.0.0.1:8080 or port 8080 at the box's own IP address. From the box it's running on. But if I try to reach it from other boxes on the same LAN, I get "Firefox can't establish a connection" whether I use the box's name (from boxes that have it in their host table), or its IP address. I can ping the box. And I can reach Samba shares on it. And I can ssh to it. Ping works at the IP low level, so it means that there is an IP path to the server, but it does not say anything about TCP/UDP "open ports". Samba and SSH working, means that TCP/UDP packets addressed to their respective server ports get through. Firefox not working must mean that something is blocking port 8080. Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) "port not reachable", or show a blank screen. If the former, there /is/ something blocking access to port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is accessible, and your problem is somewhere else. Note: for "telnet", you will need a telnet client installed; this is not necessarily standard on non-Windows workstations. And the reason for telnet is that it is about the simplest client that can be used, that shows when something comes back, but does not automatically follow "redirects" and that kind of stuff. The only firewall on the Lan is a TP-Link N750, and if it has any settings in place to block traffic within the LAN, I can't find them. I've got three different Tomcat 7 servers all running on the LAN, and can reach them easily. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org