0

I've just installed Tomcat6 on my Debian Linux server (with OpenJDK), which also has an Apache server installed on the same machine.

I haven't strayed from the default settings, so it would be setup on port 8080. When I try to access the webserver at http://hostname:8080/ I get a Timeout error.

Here's what I've done so far:

  1. I've verified that the tomcat6 service is running

  2. I've checked the following w3m http://localhost:8080/ on the server and it works fine.

  3. I've done a tcpdump port 8080 while attempting to access it from my client and was unable to trace any packets to the server.

Any help would be greatly appreciated.

EDIT

I've got iptables enabled, and the following ports are allowed to pass 22, 80, 8080. All other ports are blocked. Do I need any additional ports to be enabled in order for Tomcat to work?

EDIT: Including iptables firewall rules

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn\'t use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 8080 -j ACCEPT

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix \"iptables denied: \" --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT
FloatingRock
  • 103
  • 4
  • any firewall (in the server or in front of it) that could be blocking port 8080? – Renan Apr 17 '13 at 20:55
  • @Renan I have `iptables` enabled but it's set to allow ports 22, 80 and 8080. – FloatingRock Apr 17 '13 at 20:58
  • Did you try to telnet to the server:port from the client to test firewall? If it hangs it's probably firewall issue, if you are on Windows check the Windows firewall this gets people sometimes when testing – Schrute Apr 21 '13 at 02:44

1 Answers1

0

Wait! ... you tomcat is bound to localhost ONLY on 8080, that is the reason why you can't access it from outside.

netstat -an | grep 8080

Does this confirms that the port is bound to 127.0.0.1 only? Why is it not binding to your IP address interface? Is your non-local interface up? Can you ping this machine from another machine using its IP address?

Nikolas Sakic
  • 492
  • 2
  • 8
  • The output from the command `netstat -an | grep 8080` is the following: `tcp6 0 0 :::8080 :::* LISTEN` – FloatingRock Apr 18 '13 at 05:37
  • I doubt the port is blocked; I've allowed traffic from all external sources to these ports. I've included my iptables rules in the question – FloatingRock Apr 18 '13 at 05:39
  • You are not bound to IPv4 interface. You are bound to IPv6 interface. Can you change your server.xml and make it bind to IPv4 address? – Nikolas Sakic Apr 18 '13 at 17:44
  • Thanks Nicolas .. I'll check that again in a couple of hours - once the DDoS attack it's currently weathering has subsided. – FloatingRock Apr 18 '13 at 19:47
  • Any idea how I can do that change @Nikolas (from IPv6 to IPv4 in `server.xml`)? I've tried a number of things and I'm kinda stuck :( – FloatingRock Apr 23 '13 at 14:51
  • Nevermind .. Found it [here](http://pario.no/2011/12/09/disable-ipv6-on-ubuntu-11-10/) – FloatingRock Apr 23 '13 at 15:42