mysql - java.net.ConnectException: Connection timed out, Tomcat 7 and iptables -


i experiencing weird problem..

basically our java developer said in java application services access db write on error:

java.net.connectexception: connection timed out

java.net.connectexception: connection timed out @ java.net.plainsocketimpl.socketconnect(native method) @ java.net.plainsocketimpl.doconnect(plainsocketimpl.java:351) @ java.net.plainsocketimpl.connecttoaddress(plainsocketimpl.java:213) @ java.net.plainsocketimpl.connect(plainsocketimpl.java:200) @ java.net.sockssocketimpl.connect(sockssocketimpl.java:366) @ java.net.socket.connect(socket.java:529) @ java.net.socket.connect(socket.java:478) @ sun.net.networkclient.doconnect(networkclient.java:163) @ sun.net.www.http.httpclient.openserver(httpclient.java:394) @ sun.net.www.http.httpclient.openserver(httpclient.java:529) @ sun.net.www.http.httpclient.<init>(httpclient.java:233) @ sun.net.www.http.httpclient.new(httpclient.java:306) @ sun.net.www.http.httpclient.new(httpclient.java:323) @ sun.net.www.protocol.http.httpurlconnection.getnewhttpclient(httpurlconnection.java:970) @ sun.net.www.protocol.http.httpurlconnection.plainconnect(httpurlconnection.java:911) @ sun.net.www.protocol.http.httpurlconnection.connect(httpurlconnection.java:836) @ sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1172) @ rab.server.system.rpc.mailservicecomponents.sendfeedback(mailservicecomponents.java:259) @ rab.server.homepage.rpc.homepageserviceimpl.createfeedback(homepageserviceimpl.java:61) @ sun.reflect.generatedmethodaccessor31.invoke(unknown source) @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:25) @ java.lang.reflect.method.invoke(method.java:597) @ com.google.gwt.user.server.rpc.rpc.invokeandencoderesponse(rpc.java:569) @ com.google.gwt.user.server.rpc.remoteserviceservlet.processcall(remoteserviceservlet.java:208) @ com.google.gwt.user.server.rpc.remoteserviceservlet.processpost(remoteserviceservlet.java:248) @ com.google.gwt.user.server.rpc.abstractremoteserviceservlet.dopost(abstractremoteserviceservlet.java:62) @ javax.servlet.http.httpservlet.service(httpservlet.java:641) @ javax.servlet.http.httpservlet.service(httpservlet.java:722) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:305) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:210) @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:225) @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:169) @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:472) @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:168) @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:98) @ org.apache.catalina.valves.accesslogvalve.invoke(accesslogvalve.java:927) @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:118) @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:407) @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:999) @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:565) @ org.apache.tomcat.util.net.jioendpoint$socketprocessor.run(jioendpoint.java:309) @ java.util.concurrent.threadpoolexecutor$worker.runtask(threadpoolexecutor.java:886) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:908) @ java.lang.thread.run(thread.java:662)

instead services read db, work charm...

after attempts, tried disabled firewall, worked. tried load basic configuration:

:~# cat /etc/iptables.test.rules  *filter  # allows loopback (lo0) traffic , drop traffic 127/8 doesn't use lo0 -a input -i lo -j accept -a input ! -i lo -d 127.0.0.0/8 -j reject  # accepts established inbound connections -a input -m state --state established,related -j accept  # allows outbound traffic # modify allow traffic -a output -j accept  # allows http , https connections anywhere (the normal ports websites) -a input -p tcp --dport 8080 -j accept -a input -p tcp --dport 80 -j accept -a input -p tcp --dport 443 -j accept  # allows ssh connections script kiddies # -dport number same 1 set in sshd_config file -a input -p tcp -m state --state new --dport 22 -j accept  # should read on iptables rules , consider whether ssh access  # desired. allow access     ips.  # allow ping -a input -p icmp -m icmp --icmp-type 8 -j accept  # log iptables denied calls (access via 'dmesg' command) -a input -m limit --limit 5/min -j log --log-prefix "iptables denied: " --log-level 7  # reject other inbound - default deny unless explicitly allowed policy: -a input -j reject -a forward -j reject  commit

and worked too. now, problem after loaded basic configuration, our server factory start complained because in configuration, have rules monitoring , backupping services (and many..). after attempts modifying rules check problem lies.. discovered critical difference between mine , policy in output (accept vs drop).

so here am, need find right rule add them config, keeping output policy on drop.

i underline tomcat 7 serving webapp , mysql listening follow:

~# netstat -lnp | grep mysql tcp        0      0 127.0.0.1:3306          0.0.0.0:*               listen      19356/mysqld     unix  2      [ acc ]     stream     hÖrt         669292   19356/mysqld        /var/run/mysqld/mysqld.sock

i tried add config many things example:

 iptables -a output -d 127.0.0.1/32 -p tcp --sport 1024:65535 --dport 3306 -j accept

and many other, without success...

any idea?


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more