tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric J. Pinnell" <>
Subject RE: Tomcat not working behind a NAT?
Date Fri, 25 Jul 2003 17:04:44 GMT
I still think you are barking up the wrong tree here.  If I had to guess I
would say that 95% of all internet faceing Tomcat servers are behind
some kind of NAT device.

One thing to consider.  NAT only translates the IP in the IP header and
doesn't change the data payload.  So if you are, for whatever reason,
using an IP address that is getting sent along in the payload and trying
to redirect to it or whatever, NAT won't change that.

Kinda how SQLNet doesn't like NAT devices.  Because the users IP is
embedded in the payload as part of the protocol.  So it goofs up when the
IP header and the IP in the payload don't match.

But what you are thinking below is the first thing I would do.  Make sure
the machine on the outside see's the correct hostname/IP number and the
machine on the inside see's that same hostname as the inside IP address.
You can do that via the hosts file if you like.


On Fri, 25 Jul 2003, Erin Dalzell wrote:

> For this particular Servlet call we are not accessing any databases.
> DTDs? Not really familiar with those...I will check.
> I don't think we are trying to resolve hosts.
> Here is something we got from our client:
> --
> The sniffer log showed the NATed address in one of the http requests ...
> following along the line of tomcat not using a localhost for addressing
> requests even if they're local to the system ...
> What options are there to specify the address for tomcat under which to
> start ? It must perform a lookup on DNS to translate the address, can we use
> the /etc/hosts file to create a 'fixed' address that won't be affected by
> DNS ? This may not resolve it either ... as which one would you actually put
> in to allow both 'local' access vs 'outside' access ...
> --
> ----
> Erin Dalzell
> eXpresso Product Specialist
> Epic Data
> 604.207.7699
> -----Original Message-----
> From: Tim Funk []
> Sent: Thursday, July 24, 2003 5:46 PM
> To: Tomcat Users List
> Subject: Re: Tomcat not working behind a NAT?
> It shouldn't use high ports.
> Are you running any database services or other services?
> Are your dtd's not correct and its trying actually pull foriegn assets via
> http?
> Are you trying to resolve hosts in your access log? (or similar)
> Use your sniffer to see the type of request being performed on the hight
> port.
> -Tim
> Erin Dalzell wrote:
> > Hi there,
> >
> > We have just discovered that our tomcat web app is not working correctly
> > behind a NAT. Our actual web app works fine, but when we try to access our
> > management pages via http. It doesn't work. Any static pages are served up
> > correctly through our defined tomcat port (6300), but any dynamic content
> > (to several different servlets) don't work.
> >
> > When we run a sniffer, it looks like tomcat tries to communicate with
> itself
> > on a very high (and random) port. For example, if our tomcat is accessible
> > locally as and externally as and we access from
> > withing our network (10.10.x.x) everything works fine and tomcat is able
> to
> > talk to itself on port 45000. But if I access it from an external site,
> > tomcat tries to communicate with itself on the address and the
> > doesn't like it.
> >
> > So, I have a few questions:
> > 	1) why doesn't tomcat (we are using version 4) use localhost to
> > communicate with itself?
> > 	2) anyone else seen this problem?
> > 	3) can the high port be configured?
> >
> > Thoughts?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> This email and any attachments are intended only for use by the addressees
> named in this email and may contain legally privileged and/or confidential
> information.  If you are not the intended recipient of this email, you are
> hereby notified that any use, dissemination, distribution or copying of this
> e-mail or any attachments is strictly prohibited.  If you have received this
> email in error, please immediately notify me by return email and by phone at
> 604-273-9146, permanently delete the original and any copy of this email and
> any attachments from your systems and destroy any printouts of them.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message