pfcit
asked on
listening on ports other than 80
i have redhat 9.0 fedora installation.
i have apache running and internet users can see my web pages.
i have the sun java systems server running and internet users can not access my applications
Within my LAN I can access everything.
i changed apache to listen on port 81 and set up a listener for my java apps. on port 80
then i went to a an internet point out side my lan and i was able to access the java apps
but not the web sites running under apache.
My network settings should not have changed since the installation.
The only other thing that may be causing a problem because i am not completely sure
how it should be configured is my proxy server (privoxy) it listens on port 8118 i.e.
listen-address :8118
this is just so workstations on my lan can access the internet.
I need to know what and how to change to let outsiders access other ports .
Thanks,
paul.
i have apache running and internet users can see my web pages.
i have the sun java systems server running and internet users can not access my applications
Within my LAN I can access everything.
i changed apache to listen on port 81 and set up a listener for my java apps. on port 80
then i went to a an internet point out side my lan and i was able to access the java apps
but not the web sites running under apache.
My network settings should not have changed since the installation.
The only other thing that may be causing a problem because i am not completely sure
how it should be configured is my proxy server (privoxy) it listens on port 8118 i.e.
listen-address :8118
this is just so workstations on my lan can access the internet.
I need to know what and how to change to let outsiders access other ports .
Thanks,
paul.
ASKER
thanks alot.
tell me more about the more elegant way
can you point me to some reasonably concise documentation on this.
paul.
tell me more about the more elegant way
can you point me to some reasonably concise documentation on this.
paul.
ASKER
karan, how can i allocate points to you? i cannot see any links on this page that let one do this.?
hi,
the more elegant way (elegant because you are only modifying 1 line.) is to modify the iptables config file in the /etc/sysconfig directory and add the appropiate parts into the file. if u observer the file for a moment, you will see the general layout of the file and add the appropiate command there and then, you wont need to create a new file to be executed at startup. also, you could use a:
iptables-save > /etc/sysconfig/iptables
and be done. ensure that you have actually create the rule i specified before dumping the rule set into the file. it will be applied automatically the next time you start.
and about assigning the points: see a button called "Accept" next to my comment. click on that, then assign a appropiate grade, then you are done.
cheers,
karan
the more elegant way (elegant because you are only modifying 1 line.) is to modify the iptables config file in the /etc/sysconfig directory and add the appropiate parts into the file. if u observer the file for a moment, you will see the general layout of the file and add the appropiate command there and then, you wont need to create a new file to be executed at startup. also, you could use a:
iptables-save > /etc/sysconfig/iptables
and be done. ensure that you have actually create the rule i specified before dumping the rule set into the file. it will be applied automatically the next time you start.
and about assigning the points: see a button called "Accept" next to my comment. click on that, then assign a appropiate grade, then you are done.
cheers,
karan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks karen,
i will have to investigate the config files you mention but not to day.
i typed in your suggested iptables command. it didn't like the --dport parameter so
i changed the -p paramter value from all to tcp and it accepted it went to a library
to access the internet and it did not let me in on that port. my url is:
http://www.hca.ath.cx which will bring up a website on the apache server (port 80)
but port 8686 which i opened with
iptables -A INPUT -p tcp -i eth0 --dport 8686 -j ACCEPT
http://www.hca.ath.cx:8686 which my j2ee server is listening onstill seems to be blocked.
it should present a sample j2ee app called bookstore as it does within my lan.
i think this proxy i have privoxy only monitors outgoing requests but i am not sure.
i suppose i have a challange for the weekend. would be nice to have a second internet line
to test it though.
i will have to investigate the config files you mention but not to day.
i typed in your suggested iptables command. it didn't like the --dport parameter so
i changed the -p paramter value from all to tcp and it accepted it went to a library
to access the internet and it did not let me in on that port. my url is:
http://www.hca.ath.cx which will bring up a website on the apache server (port 80)
but port 8686 which i opened with
iptables -A INPUT -p tcp -i eth0 --dport 8686 -j ACCEPT
http://www.hca.ath.cx:8686 which my j2ee server is listening onstill seems to be blocked.
it should present a sample j2ee app called bookstore as it does within my lan.
i think this proxy i have privoxy only monitors outgoing requests but i am not sure.
i suppose i have a challange for the weekend. would be nice to have a second internet line
to test it though.
hi.... one thing.
i think i know what is happening here. but i hv to run to college. so i will get back to u later.
karan
i think i know what is happening here. but i hv to run to college. so i will get back to u later.
karan
The default configured gateway on ur machine is blocking u from allowing other ports be accessible over the internetl.
try this:
iptables -A INPUT -p all -i eth0 --dport 81 -j ACCEPT
where:
eth0 is the interface connected to the internet.
81 is the other port u want to allow acces to.
however a more elegant way would be to modify the redhat configured firewall and allow for packets to be accepted.
Cheers,
Karan