tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric J. Pinnell" <>
Subject Re: Tomcat not working behind a NAT?
Date Thu, 24 Jul 2003 19:52:09 GMT

I was unaware that tomcat connects to itself on a high port.  Never the
less, Tomcat should be completely unaware of the address.  If
your NAT is totally transparent the only place that IP lives is on the
external interface of your firewall/NAT device.  I don't see how that IP
could sneak back there.

Unless, and I'm going to guess here, your application is looking at the
URI of the request and doing something with it.  In that case you should
use IP numbers and have internal vs. external DNS (or /etc/hosts) set up
with the different IP numbers (one for the inside value and one with the
10.x.x.x inside value).  So that way if it tries to connect to the same
URI that was in the request it will get the right 10.x.x.x IP number.

I don't know if that helped or not.


On Thu, 24 Jul 2003, Erin Dalzell wrote:

> Hi there,
> We have just discovered that our tomcat web app is not working correctly
> behind a NAT. Our actual web app works fine, but when we try to access our
> management pages via http. It doesn't work. Any static pages are served up
> correctly through our defined tomcat port (6300), but any dynamic content
> (to several different servlets) don't work.
> When we run a sniffer, it looks like tomcat tries to communicate with itself
> on a very high (and random) port. For example, if our tomcat is accessible
> locally as and externally as and we access from
> withing our network (10.10.x.x) everything works fine and tomcat is able to
> talk to itself on port 45000. But if I access it from an external site,
> tomcat tries to communicate with itself on the address and the NAT
> doesn't like it.
> So, I have a few questions:
> 	1) why doesn't tomcat (we are using version 4) use localhost to
> communicate with itself?
> 	2) anyone else seen this problem?
> 	3) can the high port be configured?
> Thoughts?
> Thanks
> emd
> ----
> Erin Dalzell
> eXpresso Product Specialist
> Epic Data
> 604.207.7699
> This email and any attachments are intended only for use by the addressees
> named in this email and may contain legally privileged and/or confidential
> information.  If you are not the intended recipient of this email, you are
> hereby notified that any use, dissemination, distribution or copying of this
> e-mail or any attachments is strictly prohibited.  If you have received this
> email in error, please immediately notify me by return email and by phone at
> 604-273-9146, permanently delete the original and any copy of this email and
> any attachments from your systems and destroy any printouts of them.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message