You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Crowther <Pe...@melandra.com> on 2005/03/08 10:06:31 UTC
[OT] RE: same port used in both directions?
[Marked as OT because not Tomcat-specific]
> From: Mark Leone [mailto:midnightjava@cox.net]
> I have Tomcat 5.5.7 behind a router/firewall, with port 443 and 8080
> forwarded through the firewall. I can make connections from
> outside the
> firewall to port 8080, but not port 443 (it times out). I can access
> port 443 on my server if I browse to my server's LAN address or if I
> browse to my router's WAN address (i.e. loopback mode).
That feels like a firewall config problem - are there any input filters
on the WAN interface that are preventing 443 from ever being accepted
from an external address? That would give the behaviour you describe.
As for the ISP filtering 443, that would be very unusual. Can you test
by putting another computer on the outside of the firewall with an
appropriate address?
> My ISP blocks some ports, but not 443. What port is used for
> the server
> response to a request made on port 443? Is it also 443 or something
> else. I'm wondering if my ISP is blocking it.
It's 443. HTTP and HTTPS are well-behaved protocols, unlike nasty stuff
like FTP in active mode.
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [OT] RE: same port used in both directions?
Posted by Mark Leone <mi...@cox.net>.
Thanks for the suggestions. It turned out to be the sw firewall my corp
VPN client requires. I set a couple "intruders" to trusted, and the
HTTPS session worked fine from work.
Cox advertises no static IP, but they actually reserve the IP based on
MAC address, so you end up with a static IP as long as you expose the
same MAC port. They do indeed block port 80, but they allow 443 through.
Although since I have a hime account, they wouldn't approve if I stood
up a service that was getting a lot of hits, they seem willing to
tolerate hosting a server for my personal use.
Thanks again for the suggestions, and my apologies to the list for going
a bit OT.
Parsons Technical Services wrote:
> Three more things:
>
> You did set Tomcat to listen on 443 and not 8443?
>
> Turn off you monitor and unless it's noisy she may not notice it's on.
>
> If you are on a personal Cox account at home, there is a good chance
> that Cox has 443 blocked as well as 80. Unless you have a static IP
> with Cox they do not allow hosting and often filter the inbound
> traffic. Move it to port 8443 and try it.
>
> Doug
> ----- Original Message ----- From: "Mark Leone" <mi...@cox.net>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Tuesday, March 08, 2005 9:25 AM
> Subject: Re: [OT] RE: same port used in both directions?
>
>
>> It's a very simple firewall, integrated with a wireless router. I
>> specify which inbound ports to allow through and which LAN address
>> they go to. I'm allowing all port 443 traffic. No filters provided
>> for outbound, so I assume they're all open.
>>
>> I run ZoneAlarm sw firewall, which I have configured to allow client
>> connections to Tomcat server. And port 8080 is getting through, and
>> my version of ZoneAlarm filters only on IP address, not the full
>> socket. However, your comments remind me that I have another sw
>> firewall as part of my corporate VPN client. It's a squirly one, and
>> I'll bet it's causing the problem. I'll disable it and try the HTTPS
>> session again.
>>
>> I have to go to work to test it, and hopefully my wife won't shut
>> down my computer while I'm at work as she did yesterday. :)
>>
>> Thanks for your suggestion.
>>
>>
>> Peter Crowther wrote:
>>
>>> [Marked as OT because not Tomcat-specific]
>>>
>>>
>>>> From: Mark Leone [mailto:midnightjava@cox.net] I have Tomcat 5.5.7
>>>> behind a router/firewall, with port 443 and 8080 forwarded through
>>>> the firewall. I can make connections from outside the firewall to
>>>> port 8080, but not port 443 (it times out). I can access port 443
>>>> on my server if I browse to my server's LAN address or if I browse
>>>> to my router's WAN address (i.e. loopback mode).
>>>>
>>>
>>> That feels like a firewall config problem - are there any input filters
>>> on the WAN interface that are preventing 443 from ever being accepted
>>> from an external address? That would give the behaviour you describe.
>>> As for the ISP filtering 443, that would be very unusual. Can you test
>>> by putting another computer on the outside of the firewall with an
>>> appropriate address?
>>>
>>>
>>>> My ISP blocks some ports, but not 443. What port is used for the
>>>> server response to a request made on port 443? Is it also 443 or
>>>> something else. I'm wondering if my ISP is blocking it.
>>>>
>>>
>>> It's 443. HTTP and HTTPS are well-behaved protocols, unlike nasty
>>> stuff
>>> like FTP in active mode.
>>>
>>> - Peter
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [OT] RE: same port used in both directions?
Posted by Parsons Technical Services <pa...@earthlink.net>.
Three more things:
You did set Tomcat to listen on 443 and not 8443?
Turn off you monitor and unless it's noisy she may not notice it's on.
If you are on a personal Cox account at home, there is a good chance that
Cox has 443 blocked as well as 80. Unless you have a static IP with Cox they
do not allow hosting and often filter the inbound traffic. Move it to port
8443 and try it.
Doug
----- Original Message -----
From: "Mark Leone" <mi...@cox.net>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, March 08, 2005 9:25 AM
Subject: Re: [OT] RE: same port used in both directions?
> It's a very simple firewall, integrated with a wireless router. I specify
> which inbound ports to allow through and which LAN address they go to. I'm
> allowing all port 443 traffic. No filters provided for outbound, so I
> assume they're all open.
>
> I run ZoneAlarm sw firewall, which I have configured to allow client
> connections to Tomcat server. And port 8080 is getting through, and my
> version of ZoneAlarm filters only on IP address, not the full socket.
> However, your comments remind me that I have another sw firewall as part
> of my corporate VPN client. It's a squirly one, and I'll bet it's causing
> the problem. I'll disable it and try the HTTPS session again.
>
> I have to go to work to test it, and hopefully my wife won't shut down my
> computer while I'm at work as she did yesterday. :)
>
> Thanks for your suggestion.
>
>
> Peter Crowther wrote:
>
>>[Marked as OT because not Tomcat-specific]
>>
>>
>>>From: Mark Leone [mailto:midnightjava@cox.net] I have Tomcat 5.5.7 behind
>>>a router/firewall, with port 443 and 8080 forwarded through the firewall.
>>>I can make connections from outside the firewall to port 8080, but not
>>>port 443 (it times out). I can access port 443 on my server if I browse
>>>to my server's LAN address or if I browse to my router's WAN address
>>>(i.e. loopback mode).
>>>
>>
>>That feels like a firewall config problem - are there any input filters
>>on the WAN interface that are preventing 443 from ever being accepted
>>from an external address? That would give the behaviour you describe.
>>As for the ISP filtering 443, that would be very unusual. Can you test
>>by putting another computer on the outside of the firewall with an
>>appropriate address?
>>
>>
>>>My ISP blocks some ports, but not 443. What port is used for the server
>>>response to a request made on port 443? Is it also 443 or something else.
>>>I'm wondering if my ISP is blocking it.
>>>
>>
>>It's 443. HTTP and HTTPS are well-behaved protocols, unlike nasty stuff
>>like FTP in active mode.
>>
>> - Peter
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [OT] RE: same port used in both directions?
Posted by Mark Leone <mi...@cox.net>.
It's a very simple firewall, integrated with a wireless router. I
specify which inbound ports to allow through and which LAN address they
go to. I'm allowing all port 443 traffic. No filters provided for
outbound, so I assume they're all open.
I run ZoneAlarm sw firewall, which I have configured to allow client
connections to Tomcat server. And port 8080 is getting through, and my
version of ZoneAlarm filters only on IP address, not the full socket.
However, your comments remind me that I have another sw firewall as part
of my corporate VPN client. It's a squirly one, and I'll bet it's
causing the problem. I'll disable it and try the HTTPS session again.
I have to go to work to test it, and hopefully my wife won't shut down
my computer while I'm at work as she did yesterday. :)
Thanks for your suggestion.
Peter Crowther wrote:
>[Marked as OT because not Tomcat-specific]
>
>
>
>>From: Mark Leone [mailto:midnightjava@cox.net]
>>I have Tomcat 5.5.7 behind a router/firewall, with port 443 and 8080
>>forwarded through the firewall. I can make connections from
>>outside the
>>firewall to port 8080, but not port 443 (it times out). I can access
>>port 443 on my server if I browse to my server's LAN address or if I
>>browse to my router's WAN address (i.e. loopback mode).
>>
>>
>
>That feels like a firewall config problem - are there any input filters
>on the WAN interface that are preventing 443 from ever being accepted
>from an external address? That would give the behaviour you describe.
>As for the ISP filtering 443, that would be very unusual. Can you test
>by putting another computer on the outside of the firewall with an
>appropriate address?
>
>
>
>>My ISP blocks some ports, but not 443. What port is used for
>>the server
>>response to a request made on port 443? Is it also 443 or something
>>else. I'm wondering if my ISP is blocking it.
>>
>>
>
>It's 443. HTTP and HTTPS are well-behaved protocols, unlike nasty stuff
>like FTP in active mode.
>
> - Peter
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org