From: Gianni Pucciani <gp.puccio@tin.it>
To: Rob Sterenborg <rob@sterenborg.info>
Cc: Netfilter <netfilter@lists.netfilter.org>
Subject: Re: opening connection for Tomcat
Date: Thu, 08 Apr 2004 22:13:01 +0200 [thread overview]
Message-ID: <4075B24D.1020601@tin.it> (raw)
In-Reply-To: <1081446600.2453.63.camel@katala.sterenborg.info>
Ok, I've fixed the problem: it seems that the address 0.0.0.0 is no good.
Many thanks
Gianni
Rob Sterenborg wrote:
>On Thu, 2004-04-08 at 18:30, Alexis wrote:
>
>
>>you must change to OUTPUT the first rule at least. you're filtering all
>>outgoing packets.
>>
>>
>>
>
>In these rules I only see policy ACCEPT for the OUTPUT chain, so IMHO
>there's no filtering there.
>
>
>
>>>Hi all,
>>>I was in trouble opening a port for services with tomcat:
>>>Is this rule right? I'm behind an adsl router that forward every
>>>connection on port 8080 to <myprivateip>.
>>>
>>>iptables -P INPUT DROP
>>>iptables -P OUTPUT ACCEPT
>>>iptables -P FORWARD DROP
>>>
>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>iptables -A INPUT -p tcp -d <myprivateip> --dport 8080 -s 0.0.0.0 -m
>>>state --state NEW -j ACCEPT
>>>
>>>
>
>Is your Tomcat listening on 8080/tcp ? (netstat -an|grep 8080)
>Are you sure that your router is forwarding all connections ?
>
>Check with a logging rule between the -m state and the -p tcp rules to
>see what's going on (if there is) :
>
>iptables -A INPUT -j LOG --log-prefix "_ipt:check"
>
>
>Gr,
>Rob
>
>
>
>
>
>
next prev parent reply other threads:[~2004-04-08 20:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-08 15:13 opening connection for Tomcat Gianni Pucciani
2004-04-08 16:01 ` ro0ot
2004-04-08 16:30 ` Alexis
2004-04-08 17:50 ` Rob Sterenborg
2004-04-08 18:08 ` Alexis
2004-04-08 20:13 ` Gianni Pucciani [this message]
2004-04-08 21:53 ` Antony Stone
2004-04-08 23:18 ` Frank Gruellich
2004-04-09 6:28 ` Gianni Pucciani
2004-04-09 6:56 ` giorgio.zarrelli
2004-04-09 22:59 ` Antony Stone
2004-04-09 7:23 ` Rob Sterenborg
2004-04-09 13:50 ` Alexis
2004-04-09 1:05 ` Alexis
2004-04-08 17:55 ` Gianni Pucciani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4075B24D.1020601@tin.it \
--to=gp.puccio@tin.it \
--cc=netfilter@lists.netfilter.org \
--cc=rob@sterenborg.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox