-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dieter,
Dieter Schicker wrote: > Now I set up an iptables firewall (with fwbuilder) with the following > open ports: > 8080 (http), 8005 (shutdown?), 8009 (ajp connector) and all lo traffic > is allowed. What about outgoing allowed ports? > With this configuration I have the following behavior: Tomcat needs 3 > minutes to shut down and another 3 minutes to start up again. If it runs > it runs perfectly ... I'm not sure about shutdown, but if your server (or application) is configured to use, say, an XML document with a SYSTEM ID that points to an outside URL (for instance: http://java.sun.com/dtd/web-app_2_3.dtd), the XML parser might be attempting to access that URL. If your firewall is preventing outgoing HTTP connections (good old port 80), it might waste a lot of time re-trying before it finally gives up and reads non-validated XML). I would change your iptables configuration to set all outgoing rejected requests to LOG as well as reject, and then you can watch the iptables log (usually the "kernel" log on Debian IIRC) for requests to foreign hosts on port 80. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHAsQE9CaO5/Lv0PARAkrSAKCa6D0xMiG6zo4SdP5r3FVbEN30+ACgonNN UuRz6pB8z+UUciozFLGv3eY= =N69G -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]