-1

I have an apache tomcat installed on CentOS linux on a VPS. I have opened port 8080 in iptables so that it will be visit-able from outside. My problem is that when I go to address example.com:8080 it shows nothing and connection times out. But when I write the command service iptables restart in terminal it will work for a short while after it and again when I go to the address example.com:8080 the connection times out.
Thanks in advance.

EDITED
Current iptables configuration file in /etc/sysconfig/iptables 

# Firewall configuration written by system-config-firewall   
# Manual customization of this file is not recommended   
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth+ -p tcp --dport 25 -j REDIRECT --to-port 8025
COMMIT
*filter
:INPUT ACCEPT [0:0]
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8044 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

UPDATED
Telnet response in not responding state.
telnet ip.address 8080 Response

Connecting To that.ip.address...Could not open connection to the host, on port 8080:
 Connect failed
Iman
  • 101
  • 5
  • Can you confirm that you're running the listener (`netstat -in|grep 8080`) and tell us what your rules are (`iptables -L -n -v`)? – MadHatter Aug 06 '15 at 14:11
  • @MadHatter if it response while restarting `iptables`, that means port 8080 is listens, it's clearly firewall that prevents his access to tomcat. – alexus Aug 06 '15 at 14:14
  • I'd buy that, except that `iptables` rules don't rot and suddenly change what they permit **either**. So his problem doesn't exist - *except that it does*. It's always a good idea to check the basics in examples like this (actually, it's a pretty good rule *all* the time). – MadHatter Aug 06 '15 at 14:15
  • @MadHatter `netstat -in|grep 8080` has no output. But I'm sure that tomcat is running. – Iman Aug 06 '15 at 14:34
  • I'm very sorry, that was a typo on my part. Try `netstat -an|grep 8080`. I do apologise. Can you also confirm that the VPS has a public IP address, or is there some other port-forwarding device in the loop? – MadHatter Aug 06 '15 at 14:45
  • @iman disable firewall temporary, just to rule it out all together `service iptables stop`, if port 8080 starts to responds it's firewall, if not then whatever runs on port 8080 is at fault. – alexus Aug 06 '15 at 14:52
  • @alexus When I disable firewall it works. – Iman Aug 06 '15 at 15:28
  • @MadHatter the output is tcp 0 0 :::8080 :::* LISTEN – Iman Aug 06 '15 at 15:29
  • Just in case the state engine is treading on your feet, try changing `-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT` to `-A INPUT -p tcp --dport 8080 -j ACCEPT`. Also, you didn't answer about public IP addresses. – MadHatter Aug 06 '15 at 15:34
  • @MadHatter Sorry i forgot,it has a public ip address. – Iman Aug 06 '15 at 15:40
  • @MadHatter It responded for about five minutes and stopped responding. – Iman Aug 06 '15 at 15:48
  • And that public IP address is the one you're contacting? Could you cut-and-paste into your question the command and output of `telnet that.ip.address 8080` **when you're in the stopped-responding situation**? – MadHatter Aug 06 '15 at 16:11
  • @MadHatter Updated my question. – Iman Aug 06 '15 at 16:19
  • Thanks for posting the real IP, it helps. I notice that I also can't connect to port 22, and that port 25 is *amazingly* slow to respond. Is there any chance that you're simply overloading this VPS? Do you just restart `iptables` to get it to respond (and if so how, given that you can't ssh in) or are you restarting **the entire VPS**? – MadHatter Aug 06 '15 at 16:21
  • @MadHatter It was a mistake :). What do you mean by overriding VPS? I just restart iptables using ssh. – Iman Aug 06 '15 at 16:26
  • Over**loading**, not over**riding**. And how, given that you can't `ssh` in? Could we see your live ruleset (`iptables -L -n -v`), just to check it's taken? – MadHatter Aug 06 '15 at 16:32
  • Oh sorry. I can ssh in. – Iman Aug 06 '15 at 16:33

1 Answers1

0

try man iptables and be careful not to lock yourself out, also get yourself familiar with following:

How To Setup a Basic IP Tables Configuration on Centos 6 | DigitalOcean

probably following is missing:

iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
alexus
  • 13,112
  • 32
  • 117
  • 174