I've recentrly installed a Tomcat server in our Solaris 8 servers, and while it's properly configured and running already, I can't access the port from outside the network segment the server is on.
I.e., we have 4 servers in the same segment (consecutive IP addresses), and if I try to connect to my Tomcat server from a browser inside any of this servers using http://xxx.xxx.xxx.xxx: port/tomcat-webapp it will successfully establish a connection and display the app. However, if I do it from an off-segment machine, it won't establish the connection.
I ran nmap from my local machine to scan said server, and the ports I'm interested in opening are shown as "filtered". The other thing is, if I try to connect to a port on that same server with no listening daemon, the browser will almost-instatly spit out the connection error, as it won't actually connect (stays at "connecting..." status). However, on the aforementioned port (7080) it will say "Connecting..." then "Waiting for xxx.xxx.xxx.xxx..."...and it stays there for some time until it breaks.
So, I'm guessing that the port is actually opened and ready for service, but somehow it's being filtered/restricted from access outside the segment.
Any ideas on how can I find what's the problem? Unfortunately, the previous sysadmin didn't leave any docs about this (I know...), so I have no idea if theres a firewall up or not. I tried running the "iptables" command, and it says it doesn't exist, so I'm guessing this is not the firewall that's blocking the port.
What other tools/commands/config files should I check out to trace the offending program and "unfilter" the port?
you most likely will need to talk to your net admin(s) about this. if you have security officers, they will need to address this as its most likely the port (i'm guessing 8080 here) that is being blocked. i doubt its a vlan issue especially if you can remotely connect to the device
Uhmm..you see, the problem is...I'm everything...sysadmin, netadmin aaaand....dba.... I know...but we have to get by as it is.
This being said, I have no idea how/why is the port blocked and how to unblock it, so if you have any pointers on where to start looking, it would be of great help. Also, I know some ports are open, and what I did was move my tomcat server to listen to the port 80 and it's working now, but I can't let it stay there.
Could you point me in the right direction please? I checked the inetd.conf, the /etc/services and as far as I know there's no firewall, at least none that I know of.
not a host level firewall but rather a network layer firewall. some firewall is sitting between your two network segments and analyzing traffic. its blocking port 8080 (or whatever you have tomcat listening on) and allowing 80. why not keep it at 80?
also, from the external segment, run a traceroute to the tomcat server ip and post the output.
Ok, so, how could I check if there's a network-layer firewall?
Here's the traceroute...it's in Spanish, where it says "Tiempo de espera agotado para esta solicitud" basically means a timeout happened, so as you can see, I can only trace the connection up to a certain point, but it's probably because of the network settings of the company I work for, 'cause doing a traceroute to Google yields almost the same results (i.e. timeout after 7 hops).
Anyway, here's the traceroute in case it helps:
C:\Documents and Settings\Administrador>tracert 200.xxx.xxx.xxx
Traza a la direcci�n xxxxxxxxxxxxxxxxxxxxxx [200.xxx.xxx.xxx]
sobre un m�ximo de 30 saltos:
1 27 ms 1 ms 1 ms 10.108.xxx.xxx
2 1 ms 1 ms <1 ms 10.190.xxx.xxx
3 1 ms 1 ms 1 ms 10.190.xxx.xxx
4 29 ms 18 ms 18 ms 10.111.xxx.xxx
5 20 ms 19 ms 19 ms 10.79.xxx.xxx
6 19 ms 19 ms 19 ms 10.79.xxx.xxx
7 19 ms 19 ms 18 ms 10.77.xxx.xxx
8 * * * Tiempo de espera agotado para esta solicitud.
9 * * * Tiempo de espera agotado para esta solicitud.
10 * * * Tiempo de espera agotado para esta solicitud.
11 * * * Tiempo de espera agotado para esta solicitud.
12 * * * Tiempo de espera agotado para esta solicitud.
13 * * * Tiempo de espera agotado para esta solicitud.
14 * * * Tiempo de espera agotado para esta solicitud.
15 * * * Tiempo de espera agotado para esta solicitud.
16 * * * Tiempo de espera agotado para esta solicitud.
17 * * * Tiempo de espera agotado para esta solicitud.
18 * * * Tiempo de espera agotado para esta solicitud.
19 * * * Tiempo de espera agotado para esta solicitud.
20 * * * Tiempo de espera agotado para esta solicitud.
21 * * * Tiempo de espera agotado para esta solicitud.
22 * * * Tiempo de espera agotado para esta solicitud.
23 * * * Tiempo de espera agotado para esta solicitud.
24 * * * Tiempo de espera agotado para esta solicitud.
25 * * * Tiempo de espera agotado para esta solicitud.
26 * * * Tiempo de espera agotado para esta solicitud.
27 * * * Tiempo de espera agotado para esta solicitud.
28 * * * Tiempo de espera agotado para esta solicitud.
29 * * * Tiempo de espera agotado para esta solicitud.
30 * * * Tiempo de espera agotado para esta solicitud.
Traza completa.