Ladies and Gentlemen:
As I said earlier today, I have
# Generated by iptables-save v1.4.18 on Mon Jan 6 21:17:22 2020
*filter
:INPUT ACCEPT [5018099:5766179544]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [400:2863742410]
COMMIT
# Completed on Mon Jan 6 21:17:22 2020
# Generated by iptables
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 12/4/16 3:30 PM, Christopher Schultz wrote:
> All,
>
> I'm aware of various techniques to allow Tomcat to serve from port
> 80 without using root, but I've never actually tried using them
> before.
>
> I'm trying to u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm aware of various techniques to allow Tomcat to serve from port 80
without using root, but I've never actually tried using them before.
I'm trying to use iptables on a bare-metal Linux server running kernel
3.2 and I'm having no luck
Hi,
just in case someone has the same problem. It's obviously a problem with
the fwbuilder software. I know used firehol to build the rules and
everything works fine.
What about doing /etc/init.d/iptables stop when the firewall is
running. Does Tomcat then start and stop more quickly
Thanks a lot for all your valuable answers! Unfortunately none of them
helped me.
Let me give you an example of this strange behavior (tomcat starting
very slowly [3min.]).
iptables Ruleset:
-
Chain INPUT (policy DROP)
target prot opt
Sorry, of course the accept bla bla goes into a separate line!
Dieter Schicker wrote:
Thanks a lot for all your valuable answers! Unfortunately none of them
helped me.
Let me give you an example of this strange behavior (tomcat starting
very slowly [3min.]).
iptables Ruleset
when I restart the whole Debian machine and do not start the
firewall tomcat starts fast.
What about doing /etc/init.d/iptables stop when the firewall is
running. Does Tomcat then start and stop more quickly?
I find it hard to believe that the presence of the iptables kernel
module is causing
Hi,
this is my first mail to this list so please forgive me if it's the
wrong list.
Here's my problem:
I'm running tomcat 5.5.23 on Debian Etch (4.0) with Linux kernel
2.6.18-4-xen-amd6.
Now I set up an iptables firewall (with fwbuilder) with the following
open ports:
8080 (http), 8005 (shutdown
Quoting Dieter Schicker [EMAIL PROTECTED]:
With this configuration I have the following behavior: Tomcat needs 3
minutes to shut down and another 3 minutes to start up again. If it runs
it runs perfectly ...
Any ideas?
It can occurs if you are working with a localhost url... If you do,
Dieter Schicker wrote:
Hi,
this is my first mail to this list so please forgive me if it's the
wrong list.
Here's my problem:
I'm running tomcat 5.5.23 on Debian Etch (4.0) with Linux kernel
2.6.18-4-xen-amd6.
Now I set up an iptables firewall (with fwbuilder) with the following
open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dieter,
Dieter Schicker wrote:
Now I set up an iptables firewall (with fwbuilder) with the following
open ports:
8080 (http), 8005 (shutdown?), 8009 (ajp connector) and all lo traffic
is allowed.
What about outgoing allowed ports
Yes sir! This simple solution worked in the first try!!!
Thanks man!
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
-Original Message-
From: Gaël Lams [mailto:[EMAIL PROTECTED]
Sent: Friday, October 20
Im running a tomcat in port 80 without httpd
I want redirect packages from 80 to 8080 because tomcat is running as
tomcat user (cant run as other non root under port 1025) and I tried the
IPTABLES redirection aproach but doesnt work
I performed the same setup to have tomcat running on 8080
I'm running IP tables with the addition that it's possible for the apps to talk
on port 80.
This is the script I'm using:
#!/bin/sh
IPTABLES=/sbin/iptables
EXTERNAL_IP=external IP # The IP-address of the external
interface of the firewall
EXTERNAL_INTERFACE=eth0
Parsons Technical Services wrote:
So, if I read correctly you have no problems running you apps as root?
??? Sorry if I gave that impression; I run Tomcat
standalone as a non-privileged user, doing port
forwarding with iptables.
I thus depend only on iptables, a Sun JRE and Tomcat
Paul,
PS if you know how to configure iptables to also
forward internal requests to localhost:8080 please
pass it on!
Linux's iptables can certainly re-route localhost ports as well as
incoming ports. You just need additional configuration.
See the post from Johannes from a few hours ago. He
it tempts us to run services
as root, or to use tricksy workarounds.
Linux should make this switch-offable (without
having to recompile the kernel).
The only problem I've found with standalone Tomcat
plus iptables port forwarding (apart from the need
to understand iptables :-)) is that web apps can't
this post is way off topic.
Doug
- Original Message -
From: Paul Singleton [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Thursday, October 19, 2006 7:21 PM
Subject: Re: IPTABLES
Christopher Schultz wrote:
Apache httpd is configured out of the box to start up
my config
Fedora 5
Tomcat 5517
Java Sun 1508
Im running a tomcat in port 80 without httpd
I want redirect packages from 80 to 8080 because tomcat is running as
tomcat user (cant run as other non root under port 1025) and I tried the
IPTABLES redirection aproach but doesnt work
I tried
Rodrigo,
I tried the IPTABLES redirection aproach but doesnt work.
Did you get an error message? Or, does the configuration appear to work
(i.e. no errors) but then doesn't actually end up working?
Try using the LOG rule to dump output into the kernel log, and observe
that. Logging can help
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: IPTABLES
flamebait: Yet another reason to front Tomcat with Apache: access to
port 80. I'll have to add that to my laundry list of why I like to use
Apache in front of Tomcat. ;) /flamebait
Why doesn't httpd have the same
Chuck,
P.S. Apache is an organization of open-source developers; httpd is the
web server product of that organization.
Forgive me... s/(Apache)/\1 httpd/g
flamebait: Yet another reason to front Tomcat with Apache: access to
port 80. I'll have to add that to my laundry list of why I like to
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: IPTABLES
Without some really nasty code, Tomcat is unable to do the same
thing, so we're forced to do silly things like internal port
forwarding, etc.
Didn't realize that jsvc was considerd really nasty, since I suspect
a specialized interface
for jsvc that allows for this kind of thing.
So, I suppose the answer to this guy's question is, why are you trying
to fiddle with iptables when you could use jsvc?
Oh, and I retract my statement about using Apache httpd to front Tomcat.
I still have other reasons ;)
-chris
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: IPTABLES
So, I suppose the answer to this guy's question is, why are
you trying to fiddle with iptables when you could use jsvc?
Different strokes for different folks. If you don't need to run Tomcat
as a daemon, and don't
Rodrigo,
Since it appears that you have not gotten an answer, I will take a stab at
this.
I am running CentOS 4 on one of my boxes and I used this method. I think you
are running into the same issue I did with iptables. Open the iptables file
in /etc/sysconfig. DO NOT edit it here. Just look
Hi,
I've run a Tomcat-server and it worked fine. Now I've installed
iptables and I'm getting some trouble. Wich port do I have to open
for tomcat? Only the 8080 doesn't seem to be enough. What else?
Best Regards,
Sebastian Funk
From: Sebastian Funk [mailto:[EMAIL PROTECTED]
Subject: Tomcat and iptables?
I've run a Tomcat-server and it worked fine. Now I've installed
iptables and I'm getting some trouble. Wich port do I have to open
for tomcat? Only the 8080 doesn't seem to be enough. What else?
Whatever you
Look at the connectors you have enabled in server.xml. All those should
be included. The shutdown port does not need to be included since it
binds to localhost.
-- David
Sebastian Funk wrote:
Hi,
I've run a Tomcat-server and it worked fine. Now I've installed
iptables and I'm getting
Hi,
Thanks to all, now I entered the ports 8082, 8009, 8443 and 8005 (for
shutdown) and now Tomcat works, but I can't shutdown. There comes as
usual:
Using CATALINA_BASE: /home/tomcat/tomcat
Using CATALINA_HOME: /home/tomcat/tomcat
Using CATALINA_TMPDIR:
Sebastian-
send us the logs specifically stdout_MMDD.log
Martin-
- Original Message -
From: Sebastian Funk [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Friday, December 16, 2005 11:52 AM
Subject: Re: Tomcat and iptables?
Hi,
Thanks to all, now I entered
@tomcat.apache.org
Sent: Friday, December 16, 2005 11:52 AM
Subject: Re: Tomcat and iptables?
Hi,
Thanks to all, now I entered the ports 8082, 8009, 8443 and 8005
(for shutdown) and now Tomcat works, but I can't shutdown. There
comes as usual:
Using CATALINA_BASE: /home/tomcat/tomcat
Using
Add in the follow
iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG
Then do
dmesg -c 2 /dev/null;
Now do a shutdown then
dmesg | grep 127.0.0.1
or just
dmesg
if you are running a cluster
What ever comes out is what you are blocking on the local machine I
would suggest you do
iptables -I
: Friday, December 16, 2005 11:52 AM
Subject: Re: Tomcat and iptables?
Hi,
Thanks to all, now I entered the ports 8082, 8009, 8443 and 8005
(for shutdown) and now Tomcat works, but I can't shutdown. There
comes as usual:
Using CATALINA_BASE: /home/tomcat/tomcat
Using CATALINA_HOME: /home
: Friday, December 16, 2005 11:52 AM
Subject: Re: Tomcat and iptables?
Hi,
Thanks to all, now I entered the ports 8082, 8009, 8443 and 8005
(for shutdown) and now Tomcat works, but I can't shutdown. There
comes as usual:
Using CATALINA_BASE: /home/tomcat/tomcat
Using CATALINA_HOME: /home
35 matches
Mail list logo