Re: Tomcat fine within the LAN, but invisible from without

Fri, 17 Sep 2004 05:19:00 -0700

LOL.... it seems shorewall is getting very popular.... however, the x.x.x.your_public_ip part is unnecesary, the "net" part at the beginning of the rule tells shorewall to use the public ip of the firewall for the DNAT procedure

John Villar
Gerente de Proyectos
Computadores Flor Hard Soft 2058 C.A.
www.florhard.com



Big Chiz escribió:

it can be alot of factors. if its a  fw problem, e.g if you only have
one public ip forwading it to your local host then you should have
something like this in your shorewall/rules

DNAT  net  loc:192.168.1.5 tcp 8080 - x.x.x.your_public_ip



On Fri, 17 Sep 2004 00:29:55 -0500, Lee Hoffner
<[EMAIL PROTECTED]> wrote:


For some reason, I'm not getting replies to my posts, although I see them at
http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/

Weird!

Anyway, in regard to those replies:


you can also add www.mydomain.com to your hosts file to test accessing
the web server within your lan, if that failed check your dns or if it
resolves to a public ip then check your fw


On Thu, 16 Sep 2004 13:03:14 -0700, Hassan Schroeder
<[EMAIL PROTECTED]> wrote:


Lee Hoffner wrote:



I've untarred and setup Tomcat 4.1.30 on my server and can get to


index.jsp


just fine on my web server's 192.168.x.x:8080 address, but I get a


timeout


error if I try to browse to www.mydomain.com:8080.


Sounds like a basic networking problem --

1) does host/dig/nslookup resolve 'www.mydomain.com' to your address?

2) if you're really trying this from "outside" your LAN, what's the
  firewall/routing setup? (hint: try it from "inside" first!)

HTH,
--
Hassan Schroeder ----------------------------- [EMAIL PROTECTED]


I don't have a DNS server here, just a /etc/hosts file. www.mydomain.com is
listed in the hosts file at 192.168.1.5
nslookup finds www.mydomain.com at the public IP provided by my ISP.
Shorewall has the rule:
Action                          ACCEPT
Source Zone                     Net
Destination Zone                <Any>
Protocol                                TCP
Source Ports                    Any
Destination Ports               8080
DNAT or REDIRECT        None

Trying to access the domain:8080 from within this LAN results in a timeout.
Trying to access the domain:8080 from an office elsewhere results in an alert
that the connection was refused.

I'm mystified. I'd be grateful for any help. Thank you!




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to