Re: firewall problems killing tomcat and apache
Mumia W.. on 15/03/08 05:25, wrote:
On 03/14/2008 07:22 AM, Adam Hardy wrote:
I'm setting up a server which is a DNS server and broadband gateway
for a small LAN, having two NICs with one connected to the DSL modem.
It's got dnsmasq and iptables. I'm saying that because I think it's
the firewall causing the problem, but I don't know for sure or why.
I am trying to run apache and tomcat servers to serve content and apps
for the internal LAN, and not externally.
Apache runs fine, but tomcat is very slow to load (3 mins) when it
should be 1 or 2 seconds. It is also not possible to shut tomcat down
- it makes the 'tomcat5.5 stop' command hang.
I know tomcat needs ports 8009, 8080 and 8443 by default, and I
studied my iptables script (build by fwbuilder) but it looks fine.
Hopefully this is a common problem, but I've included my iptables
output below just in case.
Thanks for any advice,
I'm not a firewalling expert, but I've always found it quite helpful to
allow connections from the localhost to go through the firewall, e.g.:
/sbin/iptables -A INPUT -i lo -j ACCEPT
Some programs require access to DNS or other local services, and tomcat
may be one of them. I remember Netscape used to do IPC through TCP/IP
connections to localhost.
The first rule I've got is accepts RELATED and ESTABLISHED states for lo doesn't
it? Correct me if 0.0.0.0/0 isn't lo. (or is it the IP equivalent of 'everything'?)
A bit further down I accept state NEW for the same.
Is there anything more for that?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state
DROP 0 -- 220.127.116.11 0.0.0.0/0
DROP 0 -- 192.168.0.2 0.0.0.0/0
DROP 0 -- 192.168.0.0/24 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
Cid46260D13.0 0 -- 192.168.0.0/24 0.0.0.0/0 state NEW
Cid46260D1E.0 udp -- 0.0.0.0/0 0.0.0.0/0 udp multiport
dports 68,67 state NEW
Cid46260D1E.2 0 -- 0.0.0.0/0 255.255.255.255 state NEW
Cid46260D34.0 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Cid46260D34.0 udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT 0 -- 192.168.0.0/24 0.0.0.0/0 state NEW
Cid462610E7.1 0 -- 0.0.0.0/0 192.168.0.0/24 state NEW
DROP 0 -- 0.0.0.0/0 18.104.22.168
DROP 0 -- 0.0.0.0/0 192.168.0.2
DROP 0 -- 0.0.0.0/0 0.0.0.0/0