Firewall trouble when deploying Tomcat at CentOS

firewall iptables centos tomcat

I am trying to deploy a Tomcat server in a CentOS environment, but it is not receiving requests.

Executing startup.sh works properly and the logs show that tomcat is running

16-Dec-2016 13:36:58.440 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [http-nio-8080]
16-Dec-2016 13:36:58.444 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [ajp-nio-8009]
16-Dec-2016 13:36:58.445 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 14803 ms

When running netstat to check listening ports, it is shown as listening

$netstat -atnp|grep LISTEN

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      3321/java

In order to skip the firewall, I added a custom rule at iptables.

$iptables -nL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50060
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50030
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50105
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50090
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50075
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:50070
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:123
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I added the rule on top in order to avoid the mistake of adding it after the general reject. Iptables is active as service returns the following:

$service iptables status
Redirecting to /bin/systemctl status  iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Fri 2016-12-16 13:09:47 EST; 1h 45min ago
Main PID: 728 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service

However, request are not reaching Tomcat, as the localhost access logs are empty.

Firewalld is not interferring with the connection because it claims to be disabled:

$firewall-cmd --state
not running

Is there other firewall settings that I am missing?


Solution 1:

I think what is going on here is you are mixing your technologies.

Try:

service iptables stop

See you still get the same response

If you do then you need to remove either iptables or firewalld

Related

alert when a server is out of load balancer
Mono's XSP4 on OSX gives Access Forbidden (error 500) for any .aspx or .asp file
Link servers to RD Licencing server
Setup LDAP services for SSO vCenter
How can I verify Windows DNS forwarders are working?
Postfix Mail server rejecting sending mail from wordpress site
Safely delete the contents of 'workspace' and 'jobs' in Jenkins
Mirroring all router traffic (openwrt) to a snort sensor?
Why is compression not recommended in OpenVPN?
Windows Media Player 12 thinks tracks from the same album are from seperate albums
Protecting a cell, but allowing the drop down list to work
disable spell check when sending code in Outlook