Blocked out Port 8080 and Port 3306

Support for security such as Firewalls and securing linux
Post Reply
sonam
Posts: 1
Joined: 2015/12/29 03:11:31

Blocked out Port 8080 and Port 3306

Post by sonam » 2015/12/29 03:23:41

i am fairly new to centos. i am trying to configure tomcat 7 and mysql on my centos 6.7 device but i am unable to access the same from outside network/other ISP. my iptables are configured to allow both port 8080 and port 3306 but i am unable to access it. i tried checking using yougetsignal.com
i can however access through ssh and view my website (port 22 and port 80)


my iptables have the following configuration:

Code: Select all

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i em2 -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -m comment --comment "Tomcat Server Port"
-A INPUT -p tcp -m state -m tcp --dport 3306 --state NEW -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i em2 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


netstat -nlP

Code: Select all

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 x.x.x.x:3306           0.0.0.0:*                   LISTEN      2392/mysqld         
tcp        0      0 0.0.0.0:50378               0.0.0.0:*                   LISTEN      1918/rpc.statd      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1755/rpcbind        
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      6466/perl           
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      6898/sshd           
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1988/cupsd          
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2508/master         
tcp        0      0 :::36740                    :::*                        LISTEN      1918/rpc.statd      
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      12005/java          
tcp        0      0 :::8009                     :::*                        LISTEN      12005/java          
tcp        0      0 :::5900                     :::*                        LISTEN      13491/vino-server   
tcp        0      0 :::111                      :::*                        LISTEN      1755/rpcbind        
tcp        0      0 :::8080                     :::*                        LISTEN      12005/java          
tcp        0      0 :::80                       :::*                        LISTEN      2548/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      6898/sshd           
tcp        0      0 ::1:631                     :::*                        LISTEN      1988/cupsd          
tcp        0      0 ::1:25                      :::*                        LISTEN      2508/master  
please help me.

Whoever
Posts: 1131
Joined: 2013/09/06 03:12:10

Re: Blocked out Port 8080 and Port 3306

Post by Whoever » 2015/12/29 07:59:52

DNS problem? What happens when you try to access it from outside by IP address, not site name?

Exactly what do you get? Blank page, timeout? etc.?

User avatar
dmunk
Posts: 37
Joined: 2016/03/16 03:33:49

Re: Blocked out Port 8080 and Port 3306

Post by dmunk » 2016/03/17 04:55:19

Looks like tomcat is sitting on ipv6 man. That being said, iptables is ipv4 and ip6tables is ipv6. Just look at the logic. Take a look at your tomcat server config and set your listner(s) to be ipv4 and bounce it. I bet that clears up your problem.

User avatar
dmunk
Posts: 37
Joined: 2016/03/16 03:33:49

Re: Blocked out Port 8080 and Port 3306

Post by dmunk » 2016/03/17 04:57:26

Try this and you will see what I am talking about.

Code: Select all

lsof - i|grep LI


EDIT :

Change the following in /etc/tomcat/server.xml :

Code: Select all

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" address="::1"/>
TO

Code: Select all

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" address="127.0.0.1"/>
Location of server.xml may be in another spot for you, depends on if you pulled tomcat in as a tar ball or if you used the repo. Think the repo default will be at /etc/tomcat/server.xml.

Post Reply

Return to “CentOS 6 - Security Support”