Can't connect to Tomcat9 outside - linux

I can't connect to tomcat9 from outside (by ip)
i disabled tcp6 (add to /etc/sysctl.conf) following
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
netstat -nlp output:
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 7460/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 7460/java
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 7460/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1118/nginx
server.xml Connector block:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
address="0.0.0.0" />
I also tried to add useIPVHosts="true" to <Connector> and resolveHosts="true" to <Valve> block in server.xml, but still nothing.
I'll be thankful for all of your answers)

From what you have provided, your Tomcat server is running on a laptop in your home network. Your friend is trying to access this over the internet but is not able to. Assuming your configuration for Tomcat is correct we can narrow it down to a couple areas.
Your server is not accessible via the internet:
You cannot just provide a public IP to your laptop and expect it to work on the internet. Home networks are setup in a way to preserve public IP addresses which are paid for by big companies (Comcast, Verizon, etc.). Your router will be assigned a public IP address accessible from the internet and all of your internal nodes (phone, computer, laptop etc.) will have an internal (192.168.x.x) address assigned to them available via NAT handled by the router itself. In order to access your internal nodes via the internet you will have to login to your router and enable some port forwarding. You should also enable dynamic DNS which routers should allow you to use (http://yourserver.something.something instead of router IP). For port forwarding in your router, you should have an option to set (for example) port 50001 --> IPofTomcat port 8080. Your friend would then access your webpage via your routerIP/50001/jspname.jsp
You could potentially get a static IP from your ISP but then you are looking at monthly fee's (go with port forwarding and dynamicDNS). Your router should be able to handle reserved IP's as well.
Firewall issues:
Ensure that there are no inbound/outbound rules that can affect traffic on your server/router. I doubt your router would have these by default (not really a good thing ;) ), but this is something to consider if you know port forwarding is setup and working correctly.
Additional comments:
I am going to say this just for general knowledge if other people go to this post. Ensure these steps are accomplished prior to hosting an at-home web-server.
Change default passwords for everything! That includes Apache, router, local accounts. Harden every password in your network especially if you are opening up communication to host a web-server.
Apply any and all software updates/patches to your tomcat server.
Good idea to change default ports if this will only be used by a few friends)
Ensure your directory is locked down (jspname.jsp resides in)
Make a backup prior to going live.
Monitor access logs on router/server regularly.

Related

Why can't this port be accessed outside of the local machine?

I have a node.js server running on an EC2 instance. I can connect to my index.html page by visiting 12.345.678.900:2112 (not the actual site, just an example). Later on, I open a socket connection that is listening on port 3113. When I'm on the machine itself, I can access the webpage through the localhost (localhost:3113/foo). When I try to access it outside the local machine through 12.345.678.900:3113/foo, I can't access it. The socket connection is successful and the server is listening on 3113 when I run netstat, but it just doesn't allow me to access the page. I have a feeling my ports may be blocked, but from what I tell it shouldn't be. I don't have this problem when I run this server on my local machine however.
Incoming Connections
Solution:
Since curl was telling me port 3113 wasn't open, but it wasn't being blocked on AWS I looked through my code and realized that I opened port 3113 but then closed it soon after, which meant that while I was getting a log statement telling me the port was open since it was closed almost immediately I wasn't able to access the port.
When you setup TCP listening port, you had to specify IP address and port number. If your server is listening on 127.0.0.1:3113, then it won't be accessible from its external IP address. You can also specify the special 0.0.0.0 as the IP address, which indicates that you want to listen on that port in "all" IP addresses (for some definition of "all").
If your machine have multiple network interfaces (e.g. multiple network cards, or virtualised network interface), then it's possible to have the same ip address actually being on different networks and you'll have to specify the specific network interface when you listen to them. But if you did set up something unusual like that, you probably already know about these networking stuffs already. Note that if you have Docker or virtual machines, they may also creates virtual network interface for each containers/VM.
On AWS/EC2, your machine may also have internal IP address that's only accessible from your VPC and an Elastic IP which can be accessed directly from the outside world. You didn't say which "external" IP address you were using.
Finally, you may have firewall installed on the server. ipfw or iptable may have rules blocking external listening port.

Website not showing on lan but shows on host computer

I made a nginx server at 192.168.1.106 and I can access it from the host computer but it doesn't show when I access it on a computer in the same network. But I can ssh into the server from a different computer using the same address. I checked my firewall to make sure it isn't blocking anything.
How do I access the server form a different computer?
> iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).

How to bind port to localhost?

I have an hadoop defaultFs application run in port 8020, as show with sudo netstat -tulpn | grep :8020, where 10.44.142.19 is the internal address,
tcp 0 0 10.44.142.19:8020 0.0.0.0:* LISTEN 31680/java
I also opened this port in iptables
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8020
But this port is still blocked.
I guess is the problem of ip address, where 10.44.142.19 should be 127.0.0.1, because I am visiting it from external, right?
How could I solve this? Thanks in advanced.
ok if you are coming in from the WAN you need to use your ip from your modem. google "whats my ip" If you are behind a router, your router will give you an ip of something like, 192.168.10.101 type that in goto your sever over a LAN.
:8020 at the end if that is your port you are directing to.
firewall must be down for that port to come from the outside, and your web server must be setup to make the files and folders you want to disturb or make available with permission of at least read for your web servers user or group, in permissions.
each system is a little different so you have to tweek things as you go.

Node server fails to listen to public IP

I am trying to get my Node.js server to listen to a public IP so that I can access it on a different network than my home network.
I've purchased a domain and used a DNS host - right now I'm using No-IP and have downloaded their client to push my IP to their servers.
When I set the IP on No-IP configuration to my local IP I can use the domain name and hit my server on another computer on my network. But if I change this to my public IP and use the domain, the request hangs for about 10 seconds and then fails. I've set up port forwarding (I believe correctly) and opened inbound / outbound traffic on the port I'm listening to (not 80 right now). I even pulled my firewall completely.
I tried changing server.listen(4444) to server.listen(4444, '0.0.0.0') as I've seen all over the web. But this doesn't work.
Anyone have ideas out there? I feel like maybe my ISP is blocking it somehow? I'm fairly new to networking, so maybe I'm missing something critical?
Thanks!
server.listen(4444) should be fine. As long as you don't have multiple active network connections in your server, you don't need to specify an IP address. Port forwarding from your router (if configured correctly) will direct the request that came from to public IP address to the actual local IP address of your host.
Note that for port forwarding to work reliably, you will have to give your host a fixed private IP address (not a DHCP assigned address) so the IP address will not vary. Then, you configure port forwarding to that fixed IP address.
Then, you need to do some network debugging. From a computer outside your own network (e.g. something out on the internet), you should do a couple commands to your public DNS name:
ping yourserver.net
tracert yourserver.net
If your DNS entry is not working, ping should tell you immediately that it didn't find yourserver.net.
If the DNS entry is working, but the IP address can't be reached, then ping will tell you that the server is unreachable. At that point, you will know you have a networking issue with connecting to your public IP address from the internet.
If ping is initially finding your server, but packets aren't flowing properly, then either the ping results or the tracert results should give you an idea where to look next.
If ping and tracert are finding your public IP and packets are flowing to/from it, but you still can't connect to it with the browser, then you either don't have the IP address set correctly (so you're not connecting to the right server) or your node.js server isn't listening appropriately or you aren't using the right ip/port in the browser that represents the actual node.js process. If you suspect this to be the case, then back up and make sure you have everything working purely on your own private network where the browser tries to connect directly to the local IP address and port. When that is working, you will know the node.js server is working appropriately and you can move back to working on the public IP.
FYI, if you tell us what the public DNS name and public IP address is, we here can do a few steps of this debugging from our computers.
It may be that your router can only forward a port to a computer on your network, but not change the port when forwarding. If that's the case, then you have these options:
Put everything on port 4444. Have your server listen to 4444, specify 4444 in the port forwarding in the router and then put 4444 in the URL like http://thecastle.ninja:4444.
Set up the port forwarding for port 80, put your server on port 80. Change the port forwarding to port 80. Change your server to listen to port 80 (if your server is Unix, you will need elevated privileges to listen to port 80 directly). You should then be able to use a URL like http://thecastle.ninja.
Set up the port forwarding for port 80, put your server on port 4444 and use ip table settings to route 80 to 4444 on your server. This allows your server to run in the less privileged 4444 port, but lets the end-user use the default port 80. I have a node.js server on a Linux Raspberry Pi configured this way. You should then be able to use a URL like http://thecastle.ninja
Run a proxy on your server that will route port 80 to port 4444. This is probably more than you need, but nginx is a popular one and it can do port forwarding on the server.

Keepalive, routing issue, "no destination available"

I am setting up a failover server for our website using keepalive.
I have been following this tutorial that feets exactly my needs:
- http://blog.profitbricks.de/failover-und-loadbalancing-loesung-bei-profitbricks/
For a couple of days, everything worked well with keepalive and the virtual ip.
Suddently, the VIP is unreachable on port 80 but still reachable on port 443.
Facts:
ip addr show => i do see the VIP only in one of the frontends.
From the frontend itself, if i query it using it's public IP (the
non vip one) it does work on port 443 and 80.
From anywhere if i use the virtual ip and https, i can reach our application and i do see it in the http server logs.
In syslog i have weird messages like this one for every test i do that use port 80 on the VIP ==> /var/log/kern.log <== Nov 18 15:00:07 localhost kernel:
[14045.457450] IPVS: rr: TCP 'the virtual ip':80 - no destination
available
Hopefully it is not in production yet and if you can help me on that i would be really thankful :)
In case someone search for the terms in this question:
The port 443 was reachable because the server that had the VIP was correct and there was no load balancing on port 443.
The port 80 was unreachable because i didn't setup the iptables correctly on one of the two servers and load balancing was supposed to be done using NAT (bypass_ipvs.sh).
Conclusion: if you need failover and no loadbalancing (which is uncommon) then the mentionned configuration is too much and not adapted.

Resources