RHEL 3.0, Tomcat 4.x and IPTables
Greetings all, I had posted earlier about an issue with Tomcat hanging, and also holding Apache processes hostage. I have narrowed the problem down to some kind of conflict with Tomcat/JVM and IPTables on RedHat Enterprise Linux 3.0 ES. When Tomcat hangs, what happens is, half the page is returned to the browser and the status bar sits at waiting for domain.com. As Soon as I issue service iptables stop the page finishes loading, and I cannot make any other pages half-load. Any apache process that were tied up waiting on tomcat stay hung though, and I have to either manually kill those PIDS or issue a SIGHUP to Apache. When only a few are hung, I kill them, as to not interrupt downloads for other users. However, when 92 are hung, I just SIGHUP apache. Obviously, this is an issue with not being able to run a firewall, as we don't have a hardware firewall in place. Does anyone know what kind of interference/issue IPTables would be causing Tomcat? I will note, this one website is the only Host on this instance. We do also have another tomcat instance which hosts 3 other domains, and those never hang. I am starting to think it might be some of the customers code, though I am not sure what it would be as I am certainly not a Java guru. I have asked him if he contacts outside services in his code, but he has not replied yet. I doubt it is this as I have started the firewall with ports 0-32767 open and it still hangs. Could this be some kind of memory collision between IPTables and Tomcat? As well, this setup worked flawlessly under RH 9.0 and RH 7.3. Just looking for ideas here, as this honestly makes no sense to me. thanks! -Sean Finkel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RHEL 3.0, Tomcat 4.x and IPTables
Sean Finkel wrote: Greetings all, I had posted earlier about an issue with Tomcat hanging, and also holding Apache processes hostage. I have narrowed the problem down to some kind of conflict with Tomcat/JVM and IPTables on RedHat Enterprise Linux 3.0 ES. When Tomcat hangs, what happens is, half the page is returned to the browser and the status bar sits at waiting for domain.com. As Soon as I issue service iptables stop the page finishes loading, and I cannot make any other pages half-load. Any apache process that were tied up waiting on tomcat stay hung though, and I have to either manually kill those PIDS or issue a SIGHUP to Apache. When only a few are hung, I kill them, as to not interrupt downloads for other users. However, when 92 are hung, I just SIGHUP apache. Obviously, this is an issue with not being able to run a firewall, as we don't have a hardware firewall in place. Does anyone know what kind of interference/issue IPTables would be causing Tomcat? I will note, this one website is the only Host on this instance. We do also have another tomcat instance which hosts 3 other domains, and those never hang. I am starting to think it might be some of the customers code, though I am not sure what it would be as I am certainly not a Java guru. I have asked him if he contacts outside services in his code, but he has not replied yet. I doubt it is this as I have started the firewall with ports 0-32767 open and it still hangs. Could this be some kind of memory collision between IPTables and Tomcat? As well, this setup worked flawlessly under RH 9.0 and RH 7.3. Just looking for ideas here, as this honestly makes no sense to me. thanks! -Sean Finkel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I would take a small machine and make a firewall out of that. You pose yourself more of a security risk having your app server stuck on the same machine as your security. I assume you are running your mail services and all on the same machine. Probably not a good idea. Anyways, other than that are you getting any messages in /var/log files? Maybe there is something being shared causing an issue. On the Redhat lists there has been discussion about this. It has something to do with i686 kernel vs i586. Search the redhat help lists about this. As people haven't exactly fixed the issue, but there are work arounds available in the archives. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RHEL 3.0, Tomcat 4.x and IPTables
On 02 September 2004, Sean Finkel said: When Tomcat hangs, what happens is, half the page is returned to the browser and the status bar sits at waiting for domain.com. As Soon as I issue service iptables stop the page finishes loading, and I cannot make any other pages half-load. Any apache process that were tied up waiting on tomcat stay hung though, and I have to either manually kill those PIDS or issue a SIGHUP to Apache. When only a few are hung, I kill them, as to not interrupt downloads for other users. However, when 92 are hung, I just SIGHUP apache. Sounds like you need to list your firewall rules: iptables -nL If you don't know how to interpret the output, the netfilter howto is only a click away (http://www.netfilter.org/documentation/). Or post it here and maybe someone can help. ;-) Greg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RHEL 3.0, Tomcat 4.x and IPTables
On Thu, Sep 02, 2004 at 11:14:35AM -0400, Wade Chandler wrote: : I would take a small machine and make a firewall out of that. You pose : yourself more of a security risk having your app server stuck on the : same machine as your security. I assume you are running your mail : services and all on the same machine. Probably not a good idea. True, but having a per-host firewall in addition to an overall network firewall isn't such a bad idea. Security in layers and all that rot. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]