在RHEL5上安装了tomcat6, 启动之后,本机可以访问,但从其他机器访问不了,原来是iptables的问题。
1.环境:
vmware workstation 7.1.2 build-301548
Redhat Enterprise Linux 5.5
apache-tomcat-6.0.30
jdk1.6.0_22
2.问题描述:
在RHEL5上安装了tomcat6, 启动之后,本机可以访问,但从其他机器访问不了。
3.RHEL5安装后默认的ittables规则:
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
4.解决办法:
删除当前INPUT链上的规则
iptables -F INPUT
增加两条INPUT链上规则,针对tcp的80和8080端口(8080是tomcat的默认端口)
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 8080 -j ACCEPT
5.关于iptables的配置参考:
iptables指南1.1.19
http://www.frozentux.net/iptables-tutorial/cn/iptables-tutorial-cn-1.1.19.html
如何使用netfilter/iptables构建防火墙
http://linux.ccidnet.com/art/737/20040317/96576_1.html
iptables简要应用说明
http://gotop.blog2.cnool.net/Article/2009/03/26/329994.html
centos iptables配置方法转
http://hi.baidu.com/tian%C2%BD%C0%DA/blog/item/e488ab12522eca8e6538db9d.html
iptables开放22 53 80端口
http://www.chengyongxu.com/blog/iptables%E5%BC%80%E6%94%BE225380%E7%AB%AF%E5%8F%A3/