> -----Original Message----- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> <Connector address="10.4.1.20" port="443" maxHttpHeaderSize="8192" > > > > Could it be as simple as having set the "address" attribute? > > +1 >
-1 The "address" attribute is a standard parameter of the <connector> and should have no bearing on the issue, other than informing the connector to ONLY listen on the IPv4 address/port combination specified. This is exactly what is happening as confirmed by netstat. In addition, everything about this Amazon instance is IPv4, from the external IP address, to the internal addressing, to the DNS lookup of the hostname. Therefore, the client should only be accessing via the IPv4 mechanism. In addition, the host supports several Tomcat instances and hosts, so the "address" attribute is required. As a further note, this is the exact same <connector> configuration which works on the same server for Tomcat 6. C:\Users\Administrator>netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1244 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 792 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1944 TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:8086 0.0.0.0:0 LISTENING 14676 TCP 0.0.0.0:8087 0.0.0.0:0 LISTENING 1592 TCP 0.0.0.0:8088 0.0.0.0:0 LISTENING 7596 TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING 4100 TCP 0.0.0.0:8090 0.0.0.0:0 LISTENING 19600 TCP 10.4.1.20:80 0.0.0.0:0 LISTENING 19600 TCP 10.4.1.20:443 0.0.0.0:0 LISTENING 19600 Interestingly, even though IPv6 is unchecked in the Windows network properties, the stack is still available and if the address is unspecified, you will get some IPv6 connections configured. TCP [::]:135 [::]:0 LISTENING 792 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:3389 [::]:0 LISTENING 1944 TCP [::]:5985 [::]:0 LISTENING 4 TCP [::]:8086 [::]:0 LISTENING 14676 TCP [::]:8087 [::]:0 LISTENING 1592 TCP [::]:8088 [::]:0 LISTENING 7596 TCP [::]:8089 [::]:0 LISTENING 4100 > BTW, setting attribute preverIPv4Stack=true on server side doesn't mean > anything for the client. The client will try to connect with the > protocol he prefers. The client may also fall back to other protocol > (e.g. if IPv6 connection fails several times, try with IPv4). I wasn't sure if the preferIPv4Stack would impact this, but I do know that I need it in order to connect to the SMTP server located on the host via localhost when using Java 7. (that might be more to do with the SMTP config) > > I see that access log is not configured. Is there a reason for that? > > Without access log you can't tell if the remote request reaches Tomcat > or not. So, for start, I suggest you configure access log for Tomcat 7 > and report back if something is logged after you try to connect from > the remote host. Note that Tomcat may postpone writes to the log files, > so make sure you stop Tomcat before you check your logs. > > If there is no record of remote requests in Tomcat 7 access logs, I > suggest you analyze what is going on with Wireshark or some other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, > 2. is falling back, > 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful and that > the destionation IP adress is IPv4 "10.4.1.20", you may say that the > request should have reached Tomcat. > > -Ognjen > I can certainly add an access log. It wasn't there since this is a test instance. The client is essentially timing out when connecting via the "external IP". I wouldn't expect this to happen, as NAT usually just works. The overall point of this post is that the only things changed in the setup is the versions of Tomcat/APR/Java being used. I'm wondering if I'm missing something in the config, because I would expect that NAT would just work. Jeff --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
