LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-14-2014, 03:50 PM   #16
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Rep: Reputation: 127Reputation: 127

"But on Linux systems, the only way you can get a server to successfully use port 80 is to run it as root."
Well, I have setup lots of web-servers, on none apache runs as root & they all listen to port 80.
But let's forget about that right now, it's a different discussion. We have an actual problem to solve.
(Adding, reading your latest post: Maybe you're right about the safest way to run Tomcat, can't say, can't debate - I haven't studied that one in detail.)

Let's get it clear:
1. Webserver runs a java application under tomcat, it listens on port 8080.
2. Your firewall has a NAT rule: WAN port 80 -> webserver port 8080.
3. Only from one customers office there is no access.
Make this very clear: You always use an URL like "http://www.myweb.com" that is, port is never specified.
Correct?
Then the problem simply has to be with that customers firewall or computer. Is it a laptop? Then take it outside the office and try again.

Juniper you say, they are very reliable. (Had it been a cheap 50$ thing I would have blamed it immediately.)
If you can't get any logs or actual config out, maybe you could ask the firewall/network admins what traffic is allowed?
Depending on what company it is and what staff they have, you might simply present them your problem.
 
Old 03-14-2014, 03:56 PM   #17
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Rep: Reputation: 127Reputation: 127
But this is very puzzling!
Quote:
In order to make everything work, I had to open port 80 *and* port 8080. If I left port 8080 closed, I was not getting the responses to the http requests (I was getting server timeout failures). Now, I can send requests to both ports and access the site.
Where did you open port 8080 - not on the firewall I presume?
If you really had to open 8080 on firewall then we have a misconfiguration that could cause erratic behaviour.
 
Old 03-14-2014, 04:24 PM   #18
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
If you forward a port using the iptables REDIRECT target like this:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
...the traffic flow between the client and the server will be between a random TCP port on the client to port 80 on the server. The INPUT chain in the filter table will have to allow inbound packets to both port 80 and port 8080.

When you use the REDIRECT target, replies from port 8080 on the server are intercepted by the iptables NAT engine and the source port number is altered from 8080 to 80. Otherwise, the client wouldn't accept the packets; it believes it's communicating with port 80 on the server, not port 8080.

However, if you use a web server to issue a 301 or 302 HTTP redirect when the client accesses port 80, the client will start a new connection to port 8080. In that case, a firewall (on the client side) blocking port 8080 will prevent the client from reaching the site.

BTW, there are ways to run Tomcat on port 80 without giving it root privileges. One popular approach is to use authbind.

Last edited by Ser Olmy; 03-14-2014 at 04:32 PM.
 
1 members found this post helpful.
  


Reply

Tags
http, port, port forwarding


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Yet another port forwarding question essdeeay Linux - Networking 4 04-11-2006 08:28 PM
Port Forwarding Question leedsmunich Linux - Networking 1 10-03-2005 10:17 AM
Port Forwarding Question caps_phisto Linux - Networking 1 07-10-2005 11:33 PM
Port forwarding question GUIPenguin Linux - Networking 1 10-12-2004 02:30 PM
port forwarding question larry Linux - Networking 2 06-10-2004 11:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration