tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <tomcat-u...@johnturner.com>
Subject Re: Tomcat not working behind a NAT?
Date Thu, 24 Jul 2003 20:16:46 GMT

That isn't how NAT works.  Tomcat doesn't know anything about the 204.* 
address if the router is doing the NAT properly.  The address Tomcat 
will see for the request is the router's internal Ip address.

John

Erin Dalzell wrote:

> Ah yes, but I think tomcat does "know" what address was used to connect to
> it. If I connect to tomcat via 204.1.1.1, doesn't tomcat then think that
> that is its ip address and when it tries to open an IP connection to itself,
> it uses that IP address? If that were the case, then when it tried to make
> the connection it would fail as the NAT doesn't like connections that go out
> and then back in.
> 
> That make any sense?
> 
> emd 
> 
> ----
> Erin Dalzell
> eXpresso Product Specialist
> Epic Data
> 604.207.7699
> 
> 
> -----Original Message-----
> From: Eric J. Pinnell [mailto:eric@iCky.org]
> Sent: Thursday, July 24, 2003 12:52 PM
> To: Tomcat Users List
> Subject: Re: Tomcat not working behind a NAT?
> 
> 
> Hi,
> 
> I was unaware that tomcat connects to itself on a high port.  Never the
> less, Tomcat should be completely unaware of the 204.1.1.1 address.  If
> your NAT is totally transparent the only place that IP lives is on the
> external interface of your firewall/NAT device.  I don't see how that IP
> could sneak back there.
> 
> Unless, and I'm going to guess here, your application is looking at the
> URI of the request and doing something with it.  In that case you should
> use IP numbers and have internal vs. external DNS (or /etc/hosts) set up
> with the different IP numbers (one for the inside value and one with the
> 10.x.x.x inside value).  So that way if it tries to connect to the same
> URI that was in the request it will get the right 10.x.x.x IP number.
> 
> I don't know if that helped or not.
> 
> -e
> 
> 
> On Thu, 24 Jul 2003, Erin Dalzell wrote:
> 
> 
>>Hi there,
>>
>>We have just discovered that our tomcat web app is not working correctly
>>behind a NAT. Our actual web app works fine, but when we try to access our
>>management pages via http. It doesn't work. Any static pages are served up
>>correctly through our defined tomcat port (6300), but any dynamic content
>>(to several different servlets) don't work.
>>
>>When we run a sniffer, it looks like tomcat tries to communicate with
> 
> itself
> 
>>on a very high (and random) port. For example, if our tomcat is accessible
>>locally as 10.10.10.10 and externally as 204.1.1.1 and we access from
>>withing our network (10.10.x.x) everything works fine and tomcat is able
> 
> to
> 
>>talk to itself on port 45000. But if I access it from an external site,
>>tomcat tries to communicate with itself on the 204.1.1.1 address and the
> 
> NAT
> 
>>doesn't like it.
>>
>>So, I have a few questions:
>>	1) why doesn't tomcat (we are using version 4) use localhost to
>>communicate with itself?
>>	2) anyone else seen this problem?
>>	3) can the high port be configured?
>>
>>Thoughts?
>>
>>Thanks
>>
>>emd
>>
>>----
>>Erin Dalzell
>>eXpresso Product Specialist
>>Epic Data
>>604.207.7699
>>
>>
>>This email and any attachments are intended only for use by the addressees
>>named in this email and may contain legally privileged and/or confidential
>>information.  If you are not the intended recipient of this email, you are
>>hereby notified that any use, dissemination, distribution or copying of
> 
> this
> 
>>e-mail or any attachments is strictly prohibited.  If you have received
> 
> this
> 
>>email in error, please immediately notify me by return email and by phone
> 
> at
> 
>>604-273-9146, permanently delete the original and any copy of this email
> 
> and
> 
>>any attachments from your systems and destroy any printouts of them.
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> This email and any attachments are intended only for use by the addressees
> named in this email and may contain legally privileged and/or confidential
> information.  If you are not the intended recipient of this email, you are
> hereby notified that any use, dissemination, distribution or copying of this
> e-mail or any attachments is strictly prohibited.  If you have received this
> email in error, please immediately notify me by return email and by phone at
> 604-273-9146, permanently delete the original and any copy of this email and
> any attachments from your systems and destroy any printouts of them.
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message