I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

James H. H. Lampert
This is weird. I've never seen this before.

Then again, I don't think I've installed Tomcat on Linux from a tarball
before: the previous CentOS installation was, if I remember right, via
Yum, and the one Debian installation I've done was via apt-get.

But I can apparently no longer reach the Yum repository from our CentOS
5 boxes, so I went with the tarball.

It launches. The port opens. It shows up in a netstat. And I can reach
it at either 127.0.0.1:8080 or port 8080 at the box's own IP address.

 From the box it's running on.

But if I try to reach it from other boxes on the same LAN, I get
"Firefox can't establish a connection" whether I use the box's name
(from boxes that have it in their host table), or its IP address.

I can ping the box. And I can reach Samba shares on it. And I can ssh to it.

The only firewall on the Lan is a TP-Link N750, and if it has any
settings in place to block traffic within the LAN, I can't find them.

I've got three different Tomcat 7 servers all running on the LAN, and
can reach them easily.

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

André Warnier (tomcat)
On 10.08.2017 02:32, James H. H. Lampert wrote:

> This is weird. I've never seen this before.
>
> Then again, I don't think I've installed Tomcat on Linux from a tarball before: the
> previous CentOS installation was, if I remember right, via Yum, and the one Debian
> installation I've done was via apt-get.
>
> But I can apparently no longer reach the Yum repository from our CentOS 5 boxes, so I went
> with the tarball.
>
> It launches. The port opens. It shows up in a netstat. And I can reach it at either
> 127.0.0.1:8080 or port 8080 at the box's own IP address.
>
>  From the box it's running on.
>
> But if I try to reach it from other boxes on the same LAN, I get "Firefox can't establish
> a connection" whether I use the box's name (from boxes that have it in their host table),
> or its IP address.
>
> I can ping the box. And I can reach Samba shares on it. And I can ssh to it.

Ping works at the IP low level, so it means that there is an IP path to the server, but it
does not say anything about TCP/UDP "open ports".
Samba and SSH working, means that TCP/UDP packets addressed to their respective server
ports get through.
Firefox not working must mean that something is blocking port 8080.

Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) "port not
reachable", or show a blank screen. If the former, there /is/ something blocking access to
port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is accessible,
and your problem is somewhere else.

Note: for "telnet", you will need a telnet client installed; this is not necessarily
standard on non-Windows workstations.
And the reason for telnet is that it is about the simplest client that can be used, that
shows when something comes back, but does not automatically follow "redirects" and that
kind of stuff.


>
> The only firewall on the Lan is a TP-Link N750, and if it has any settings in place to
> block traffic within the LAN, I can't find them.
>
> I've got three different Tomcat 7 servers all running on the LAN, and can reach them easily.
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

André Warnier (tomcat)
Addendum :
James,
this may also be of interest to you :
https://backdrift.org/tcp-ping-ping-tcp-port

On 10.08.2017 08:46, André Warnier (tomcat) wrote:

> On 10.08.2017 02:32, James H. H. Lampert wrote:
>> This is weird. I've never seen this before.
>>
>> Then again, I don't think I've installed Tomcat on Linux from a tarball before: the
>> previous CentOS installation was, if I remember right, via Yum, and the one Debian
>> installation I've done was via apt-get.
>>
>> But I can apparently no longer reach the Yum repository from our CentOS 5 boxes, so I went
>> with the tarball.
>>
>> It launches. The port opens. It shows up in a netstat. And I can reach it at either
>> 127.0.0.1:8080 or port 8080 at the box's own IP address.
>>
>>  From the box it's running on.
>>
>> But if I try to reach it from other boxes on the same LAN, I get "Firefox can't establish
>> a connection" whether I use the box's name (from boxes that have it in their host table),
>> or its IP address.
>>
>> I can ping the box. And I can reach Samba shares on it. And I can ssh to it.
>
> Ping works at the IP low level, so it means that there is an IP path to the server, but it
> does not say anything about TCP/UDP "open ports".
> Samba and SSH working, means that TCP/UDP packets addressed to their respective server
> ports get through.
> Firefox not working must mean that something is blocking port 8080.
>
> Try "telnet ip_of_the_server 8080". It will either also tell you (after a while) "port not
> reachable", or show a blank screen. If the former, there /is/ something blocking access to
> port 8080 on the server. If the latter, then ip/port ip_of_the_server:8080 is accessible,
> and your problem is somewhere else.
>
> Note: for "telnet", you will need a telnet client installed; this is not necessarily
> standard on non-Windows workstations.
> And the reason for telnet is that it is about the simplest client that can be used, that
> shows when something comes back, but does not automatically follow "redirects" and that
> kind of stuff.
>
>
>>
>> The only firewall on the Lan is a TP-Link N750, and if it has any settings in place to
>> block traffic within the LAN, I can't find them.
>>
>> I've got three different Tomcat 7 servers all running on the LAN, and can reach them
>> easily.
>>
>> --
>> JHHL
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

Kreuser, Peter
Hi all,

>-----Ursprüngliche Nachricht-----
>Von: André Warnier (tomcat) [mailto:[hidden email]]
>Gesendet: Donnerstag, 10. August 2017 11:34
>An: [hidden email]
>Betreff: Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

>Addendum :
>James,
>this may also be of interest to you :
>https://backdrift.org/tcp-ping-ping-tcp-port

well then you could also go with nmap or netcat (nc).

I would check the host firewall and iptables -L . That may be misconfigured.

Maybe that is also the reason why you can't reach the repos anymore.

Best regards

Peter


>On 10.08.2017 08:46, André Warnier (tomcat) wrote:
> On 10.08.2017 02:32, James H. H. Lampert wrote:
>> This is weird. I've never seen this before.
>>
>> Then again, I don't think I've installed Tomcat on Linux from a
>> tarball before: the previous CentOS installation was, if I remember
>> right, via Yum, and the one Debian installation I've done was via apt-get.
>>
>> But I can apparently no longer reach the Yum repository from our
>> CentOS 5 boxes, so I went with the tarball.
>>
>> It launches. The port opens. It shows up in a netstat. And I can
>> reach it at either
>> 127.0.0.1:8080 or port 8080 at the box's own IP address.
>>
>>  From the box it's running on.
>>
>> But if I try to reach it from other boxes on the same LAN, I get
>> "Firefox can't establish a connection" whether I use the box's name
>> (from boxes that have it in their host table), or its IP address.
>>
>> I can ping the box. And I can reach Samba shares on it. And I can ssh to it.
>
> Ping works at the IP low level, so it means that there is an IP path
> to the server, but it does not say anything about TCP/UDP "open ports".
> Samba and SSH working, means that TCP/UDP packets addressed to their
> respective server ports get through.
> Firefox not working must mean that something is blocking port 8080.
>
> Try "telnet ip_of_the_server 8080". It will either also tell you
> (after a while) "port not reachable", or show a blank screen. If the
> former, there /is/ something blocking access to port 8080 on the
> server. If the latter, then ip/port ip_of_the_server:8080 is accessible, and your problem is somewhere else.
>
> Note: for "telnet", you will need a telnet client installed; this is
> not necessarily standard on non-Windows workstations.
> And the reason for telnet is that it is about the simplest client that
> can be used, that shows when something comes back, but does not
> automatically follow "redirects" and that kind of stuff.
>
>
>>
>> The only firewall on the Lan is a TP-Link N750, and if it has any
>> settings in place to block traffic within the LAN, I can't find them.
>>
>> I've got three different Tomcat 7 servers all running on the LAN, and
>> can reach them easily.
>>
>> --
>> JHHL
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

James H. H. Lampert
In reply to this post by André Warnier (tomcat)
On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote:

> Note: for "telnet", you will need a telnet client installed; this is not
> necessarily standard on non-Windows workstations.
> And the reason for telnet is that it is about the simplest client that
> can be used, that shows when something comes back, but does not
> automatically follow "redirects" and that kind of stuff.

 From my Mac:
(102 is the problem box. 105 is a WinDoze box that is completely
reachable on 7070 throughout the LAN, running Tomcat without a default
app, and 100 is an AS/400 that runs a service on 80, and serves a simple
page, "there are no web pages here," on browser requests.)

> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080
> 192.168.1.102:8080: nodename nor servname provided, or not known
> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070
> 192.168.1.105:7070: nodename nor servname provided, or not known
> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80
> 192.168.1.100:80: nodename nor servname provided, or not known

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

logo
Hi James,

> Am 10.08.2017 um 20:51 schrieb James H. H. Lampert <[hidden email]>:
>
> On 8/9/17, 11:46 PM, André Warnier (tomcat) wrote:
>
>> Note: for "telnet", you will need a telnet client installed; this is not
>> necessarily standard on non-Windows workstations.
>> And the reason for telnet is that it is about the simplest client that
>> can be used, that shows when something comes back, but does not
>> automatically follow "redirects" and that kind of stuff.
>
> From my Mac:
> (102 is the problem box. 105 is a WinDoze box that is completely reachable on 7070 throughout the LAN, running Tomcat without a default app, and 100 is an AS/400 that runs a service on 80, and serves a simple page, "there are no web pages here," on browser requests.)
>
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.102:8080
>> 192.168.1.102:8080: nodename nor servname provided, or not known
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105:7070
>> 192.168.1.105:7070: nodename nor servname provided, or not known
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100:80
>> 192.168.1.100:80: nodename nor servname provided, or not known
>
telnet <address> <port>, no “:" in between!

Best regards

Peter

> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

James H. H. Lampert
On 8/10/17, 12:02 PM, [hidden email] wrote:
> telnet <address> <port>, no “:" in between!

As a character that is one of Gilda Radner's most memorable legacies
would say, "Oh. That's very different."

New transcript:

> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80
> Trying 192.168.1.100...
> Connected to venus.
> Escape character is '^]'.
> ^]
> telnet> ^C
> Jamess-Mac-mini:~ jamesl$ man telnet
> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070
> Trying 192.168.1.105...
> Connected to 192.168.1.105.
> Escape character is '^]'.
>
> ^]
> telnet> ^C
> Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080
> Trying 192.168.0.102...
> telnet: connect to address 192.168.0.102: Operation timed out
> telnet: Unable to connect to remote host
> Jamess-Mac-mini:~ jamesl$ telnet europa 7070
> Trying 192.168.1.102...
> telnet: connect to address 192.168.1.102: Connection refused
> telnet: Unable to connect to remote host
> Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80
> Trying 69.16.229.207...
> Connected to fountainpennetwork.com.
> Escape character is '^]'.
> ^]
> telnet> ^C

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

André Warnier (tomcat)
On 10.08.2017 21:32, James H. H. Lampert wrote:
> On 8/10/17, 12:02 PM, [hidden email] wrote:
>> telnet <address> <port>, no “:" in between!
>
> As a character that is one of Gilda Radner's most memorable legacies would say, "Oh.
> That's very different."

Indeed. And kind of disorganised too..

quote
 From my Mac:
(102 is the problem box. 105 is a WinDoze box that is completely reachable on 7070
throughout the LAN, running Tomcat without a default app, and 100 is an AS/400 that runs a
service on 80, and serves a simple page, "there are no web pages here," on browser requests.)
unquote

>
> New transcript:
>
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.100 80
>> Trying 192.168.1.100...
>> Connected to venus.
>> Escape character is '^]'.

Now you're supposed to enter (and it probably shows no echo, so blind) :

GET / HTTP/1.1<return>
Host: localhost<return>
<return>

and it will display something (your simple page, but raw)

 >> ^]
>> telnet> ^C
>> Jamess-Mac-mini:~ jamesl$ man telnet
(good idea)

>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.1.105 7070
>> Trying 192.168.1.105...
>> Connected to 192.168.1.105.
>> Escape character is '^]'.
>>

same thing here, although without a default app, you may get a 404 error page

>> ^]
>> telnet> ^C
>> Jamess-Mac-mini:~ jamesl$ telnet 192.168.102 8080

wrong IP..

>> Trying 192.168.0.102...
>> telnet: connect to address 192.168.0.102: Operation timed out
>> telnet: Unable to connect to remote host

Told ya. probably lost somewhere in the wrong network.

>> Jamess-Mac-mini:~ jamesl$ telnet europa 7070
>> Trying 192.168.1.102...
>> telnet: connect to address 192.168.1.102: Connection refused
>> telnet: Unable to connect to remote host

Ok, this is relevant to the issue at hand.
So indeed it appears (to the client) as if there is nothing listening on that host/port,
or there is something rejecting connections there.
Like a firewall or IPtables as someone suggested earlier.

A guess : the OS may be configured so that by default it blocks most incoming connection
requests (to most ports), and only selectively enables a port when you install a service
on it through the official package manager (because the official package also contains
something to do that).
Lately, OS'es have a tendency to become paranoid like that..
(that's the fault of all them Russians trying to hack Americans, Ukrainians trying to hack
Russians, American Democrats trying to hack Trump's Twitter account, American Republicans
trying to hack the Democrats' email servers, North Koreans trying to hack Pakistanese, and
Nigerians and Chinese trying to hack everyone)

try : iptables -L

and then : man iptables
(only for the brave)


>> Jamess-Mac-mini:~ jamesl$ telnet www.fountainpennetwork.com 80
>> Trying 69.16.229.207...
>> Connected to fountainpennetwork.com.
>> Escape character is '^]'.
>> ^]
>> telnet> ^C
>

That's ok, but does not seem relevant.


> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

James H. H. Lampert
On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote:
> try : iptables -L
>
> and then : man iptables
> (only for the brave)

BINGIE!

On another CentOS 5 box, on which we have Tomcat running, and completely
reachable, "iptables -L" returns:
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination

But on the "problem" box, it returns:

> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     esp  --  anywhere             anywhere
> ACCEPT     ah   --  anywhere             anywhere
> ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
> ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns
> ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds
> REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

I have no idea what any of this means.

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

James H. H. Lampert
In reply to this post by André Warnier (tomcat)
On 8/10/17, 1:19 PM, André Warnier (tomcat) wrote:

> try : iptables -L
>
> and then : man iptables
> (only for the brave)

After looking up the man page (and while I *know* where the term comes
from, I *still* think there ought to be "woman," "boy," and "girl" pages
[and maybe "cat" and "dog" pages] as well!) and the Wikipedia article, I
reasoned that this seemed like something CentOS (being a Red Hat
derivative) would have a GUI front-end for, and sure enough, it's right
where I expected it to be, from the Gnome desktop,
System/Administration/Security Level and Firewall.

And as soon as I opened up 8080, it worked just fine.

--
JHHL

And now that I think of it, any text file is a "cat page."

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[OT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

André Warnier (tomcat)
On 11.08.2017 00:27, James H. H. Lampert wrote:
> After looking up the man page (and while I *know* where the term comes from, I *still*
> think there ought to be "woman," "boy," and "girl" pages [and maybe "cat" and "dog" pages]
> as well!)

Note that there may be no "woman" command, but that one can do "man | more".
Similarly, there is no "boy" command, but one can do "man | less".
There is no "girl" command, but the Linux developers have tried to ease the pain of that
by providing "talk", "chat" and "nice" (and even "tee", for the mature generation).
As for the animal world, there is indeed a "cat" command. And there may not be any "dog"
command, but there are  "tail" and "head", which might be seen as more generic.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...