Hello,
I've applied the various iptables rules as per the installation guide and
VPS securing (see attached iptables.txt file), while docker has added many
'chains' I don't understand. iptables is new to me.
Everything works until I apply the rule iptables -A INPUT -j DROP
After that, tomcat/catalina does not start. I have these commands in a bash
script:
sudo /etc/init.d/mysql restart
sudo /etc/init.d/coturn restart
sudo /etc/init.d/docker restart
sudo docker restart kms
sudo /etc/init.d/tomcat34 restart
This is what I see this in the terminal:
NOTE: Picked up JDK_JAVA_OPTIONS:
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.io=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Aug 24, 2021 10:23:35 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Could not contact [localhost:8005] (base port [8005] and offset
[0]). Tomcat may not be running.
Aug 24, 2021 10:23:35 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Error stopping Catalina
java.net.ConnectException: Connection timed out (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at
java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at
java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/java.net.Socket.connect(Socket.java:558)
at java.base/java.net.Socket.<init>(Socket.java:454)
at java.base/java.net.Socket.<init>(Socket.java:231)
at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:667)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:391)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:481)
I have attached the iptables configuration in a text file.
Do I need to open port 8005 as well?
Thank you all,
Lee
Chain INPUT (policy ACCEPT 3113 packets, 1161K bytes)
pkts bytes target prot opt in out source destination
48060 37M ACCEPT tcp -- any any anywhere anywhere
tcp dpt:5443
5008 358K ACCEPT tcp -- any any anywhere anywhere
tcp dpt:8888
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:3478
8694 8287K ACCEPT udp -- any any anywhere anywhere
udp dpt:3478
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:5443
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:8888
521 72169 ACCEPT udp -- any any anywhere anywhere
multiport dports 49152:65535
16693 2391K ACCEPT tcp -- any any anywhere anywhere
tcp dpt:webmin
64 3664 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:domain
380 27914 ACCEPT udp -- any any anywhere anywhere
udp dpt:domain
350 23871 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:http
7707 547K ACCEPT tcp -- any any anywhere anywhere
tcp dpt:5824
882 93614 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:https
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- any any anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere
anywhere
0 0 ACCEPT all -- any docker0 anywhere anywhere
ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- any docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 5288 packets, 4080K bytes)
pkts bytes target prot opt in out source destination
1060 403K ACCEPT udp -- any any anywhere anywhere
udp dpts:49152:65535
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !docker0 docker0 anywhere
172.17.0.2 tcp dpt:8888
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere
anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
2101 131K RETURN all -- any any anywhere anywhere
