在RHEL5上安装了tomcat6, 启动之后,本机可以访问,但从其他机器访问不了,原来是iptables的问题。
1.环境:
vmware workstation 7.1.2 build-301548
RedHat Enterprise Linux 5.5
apache-tomcat-6.0.30
jdk1.6.0_22
2.问题描述:
在RHEL5上安装了tomcat6, 启动之后,本机可以访问,但从其他机器访问不了。
3.RHEL5安装后默认的ittables规则:
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
4.解决办法:
删除当前INPUT链上的规则
iptables -F INPUT
增加两条INPUT链上规则,针对tcp的80和8080端口(8080是tomcat的默认端口)
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 8080 -j ACCEPT