tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: tomcat iptables problem
Date Tue, 02 Oct 2007 22:19:48 GMT
Hash: SHA1


Dieter Schicker wrote:
> Now I set up an iptables firewall (with fwbuilder) with the following
> open ports:
> 8080 (http), 8005 (shutdown?), 8009 (ajp connector) and all lo traffic
> is allowed.

What about outgoing allowed ports?

> With this configuration I have the following behavior: Tomcat needs 3
> minutes to shut down and another 3 minutes to start up again. If it runs
> it runs perfectly ...

I'm not sure about shutdown, but if your server (or application) is
configured to use, say, an XML document with a SYSTEM ID that points to
an outside URL (for instance:,
the XML parser might be attempting to access that URL. If your firewall
is preventing outgoing HTTP connections (good old port 80), it might
waste a lot of time re-trying before it finally gives up and reads
non-validated XML).

I would change your iptables configuration to set all outgoing rejected
requests to LOG as well as reject, and then you can watch the iptables
log (usually the "kernel" log on Debian IIRC) for requests to foreign
hosts on port 80.

Hope that helps,
- -chris
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message