Invoke Tomcat 7 in Lan

Latest response

Hello everyone,
I used redhat is a server contain tomcat 7 run web server. (http://www.dsgnwrld.com/am/tomcat/tomcat-7/v7.0.56/bin/apache-tomcat-7.0.56.tar.gz)
But i have a trouble, when I start server, and run, http://localhost:8080, i can access Tomcat, when I use another client in Lan access my tomcat in Redhat, I can't invoke server.
I try to disable firewall, but i still can't access.
Please help me.

le
Log in to join the conversation

Responses

james.radtke@siriusxm.com's picture Guru 6863 points
23 October 2014 1:28 AM

Please reply with

ifconfig -a
netstat -rn
iptables -L
netstat -anp | grep 8080
getenforce
le Community Member 35 points
23 October 2014 1:39 AM 
[admin@localhost bin]$ ifconfig -a

eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.109.137 netmask 255.255.255.0 broadcast 192.168.109.255
inet6 fe80::20c:29ff:fe07:a6d3 prefixlen 64 scopeid 0x20
ether 00:0c:29:07:a6:d3 txqueuelen 1000 (Ethernet)
RX packets 1615 bytes 1725690 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 357 bytes 38886 (37.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 88 bytes 79748 (77.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 88 bytes 79748 (77.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

netstat -rn

[admin@localhost bin]$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.109.2 0.0.0.0 UG 0 0 0 eno16777736
192.168.109.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736

[admin@localhost bin]$ sudo iptables -L
[sudo] password for admin:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

[admin@localhost bin]$ netstat -anp | grep 8080

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::8080 :::* LISTEN 3539/java
[admin@localhost bin]$

[admin@localhost bin]$ getenforce

Enforcing
[admin@localhost bin]$

james.radtke@siriusxm.com's picture Guru 6863 points
23 October 2014 1:49 AM

You can enclose your code output with 3 tildes
"~~~"
code here
"~~~"

2 things I notice:
* IPtables is still active/configured (which might be fine - but I am not good enough to look at that output to know)
* It appears that the 8080 is listening on ipv6, but not ipv4

Hopefully someone else will notice this thread and can also assist.

le Community Member 35 points
23 October 2014 2:10 AM

Thanks. I installed in wm-ware. I installed 2 linux OS: ubuntu and reahat, in Ubuntu, I can invoke normal, in Redhat can't invoke.
From windows, I can't ping into Redhat, else is OK

james.radtke@siriusxm.com's picture Guru 6863 points
23 October 2014 3:12 AM

if I was stuck at this point, I would try

service iptables stop
service ip6tables stop
setenforce Permissive

and then test again, starting with being able to ping. I still think it's odd that there is no 8080 connection for tcp (just tcp6). I would consider disabling IPv6 for Tomcat to test as well. http://www.fourproc.com/2012/04/20/force-tomcat-to-use-ipv4-on-server-with-both-ipv6-and-ipv4-configured.html

Again - this particular issue is bit out of my comfort-zone. So, please research my suggestions and let's hope someone else jumps in ;-)

le Community Member 35 points
23 October 2014 3:30 AM 
[admin@localhost bin]$ setenforce permissive
setenforce:  setenforce() failed
[admin@localhost bin]$ setenforce Permissive
setenforce:  setenforce() failed
[admin@localhost bin]$

I can't run setenforce Permissive statement

james.radtke@siriusxm.com's picture Guru 6863 points
23 October 2014 3:41 AM

Sorry Ngoc - I should have mentioned that you would need to do that as root (or with sudo).

le Community Member 35 points
23 October 2014 4:04 AM

Thanks, but still not access :(

ir. Jan Gerrit Kootstra's picture Guru 6222 points
23 October 2014 8:02 AM

Ngoc,

To check the basics.

~~~sudo hostname
~~~ping -c5 hostname

What do these commands give?

Which url do you give on another desktop?

Kind regards,

Jan Gerrit Kootstra

le Community Member 35 points
23 October 2014 8:34 AM 
[admin@localhost bin]$ sudo hostname
[sudo] password for admin: 
localhost.localdomain

[admin@localhost bin]$ ping -c5 hostname
ping: unknown host hostname
[admin@localhost bin]$ ping -c5 localhost.localdomain
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=33.6 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.052 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.041 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.053 ms

--- localhost ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.041/6.774/33.686/13.456 ms
[admin@localhost bin]$

From redhat, I can call tomcat from another server

ir. Jan Gerrit Kootstra's picture Guru 6222 points
23 October 2014 9:25 AM

Hi Ngoc,

hostname = localhost with ip-address 127.0.0.1 can never been contacted from another server.

You need an unique hostname which is connected to the ip-address 192.168.109.137.
The dns server or Active Directory has to be able to resolve the name and ip-address.

Kind regards,

Jan Gerrit

ir. Jan Gerrit Kootstra's picture Guru 6222 points
23 October 2014 9:26 AM

you best add to /etc/hosts

192.168.109.137 new-hostname

le Community Member 35 points
23 October 2014 10:05 AM

Thanks Jan, I had tried it.
But I think change hosts can't access tomcat, that's alias for red hat, another pc can't read redhat's hosts

Now, from windows, I can ping into redhat

C:\Users\Han>ping 192.168.109.137

Pinging 192.168.109.137 with 32 bytes of data:
Reply from 192.168.109.137: bytes=32 time<1ms TTL=64
Reply from 192.168.109.137: bytes=32 time<1ms TTL=64
Reply from 192.168.109.137: bytes=32 time<1ms TTL=64
Reply from 192.168.109.137: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.109.137:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Han>
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.