Thanks John. The WebLogic is listening on the localhost interface as what was also mentioned here[1]. My problem now is how to make that WebLogic instance listen to eth0, or can I make an iptable rule to redirect all 7028 traffic to localhost?
[1] http://serverfault.com/a/290006 On Sat, Oct 20, 2012 at 11:29 PM, John Homer H Alvero <[email protected]>wrote: > on lpdza1, whats the output of netstat -tunlp ? check if the port is > listening on the correct interface. > > > > On Sat, Oct 20, 2012 at 9:39 PM, Anuerin Diaz <[email protected]> wrote: > > They are using bridged networking. I am using Xen and starting to think > > maybe I should have used Virtual box instead. :| > > > > ciao! > > > > On Oct 20, 2012 8:26 PM, "Heherson Pagcaliwagan" <[email protected]> > wrote: > >> > >> How is your networking setup? Are the nodes using bridged networking or > >> simpla NAT? > >> > >> Out of curiosity, what's the virt solution you are using?(i.e. kvm, lc, > >> openvz, vmware, virtualbox, ...) > >> > >> --herson > >> > >> On Oct 20, 2012, at 6:15 PM, Anuerin Diaz <[email protected]> wrote: > >> > >> Hi, > >> > >> I have 2 virtualized CentOS machines (lpdza1 and lpdza2) where I am > >> setting up clustered WebLogic nodes. The current problem I have is > that I > >> cannot make the port 7028 in lpdza1 accept external connections. > Connection > >> from within lpdza1 works but I need lpdza2 to be able to access the > admin > >> port (7028). I have tried alternately disabling iptables and > ip6tables, as > >> well as flushing and stopping them to no avail. I have also tried > >> configuring and disabling them from the desktop GUI > >> (Administration->Securtiy and Firewall settings, > >> Administration->Services->restart). I have tried accessing from other > >> virtual machines (Ubuntu, WindowsXP) to isolate that it is not a > problem on > >> the second machine (lpdza2). > >> > >> What am I missing? Below is the sequence of commands I executed which > is > >> based from http://wiki.centos.org/HowTos/Network/IPTables. > >> > >> ====================== > >> > >> [root@lpdza1 ~]# iptables -L > >> Chain INPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain FORWARD (policy ACCEPT) > >> target prot opt source destination > >> > >> Chain OUTPUT (policy ACCEPT) > >> target prot opt source destination > >> > >> [root@lpdza1 ~]# netstat -an | grep 7028 > >> tcp 0 0 ::ffff:127.0.0.1:7028 :::* > >> LISTEN > >> > >> [root@lpdza1 ~]# service iptables status > >> Table: filter > >> Chain INPUT (policy ACCEPT) > >> num target prot opt source destination > >> > >> Chain FORWARD (policy ACCEPT) > >> num target prot opt source destination > >> > >> Chain OUTPUT (policy ACCEPT) > >> num target prot opt source destination > >> > >> > >> [root@lpdza1 ~]# iptables -P INPUT ACCEPT > >> [root@lpdza1 ~]# iptables -F > >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT > >> [root@lpdza1 ~]# iptables -P INPUT DROP > >> [root@lpdza1 ~]# iptables -P FORWARD DROP > >> [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -m state --state > >> NEW,ESTABLISHED,RELATED -j ACCEPT > >> > >> [root@lpdza1 ~]# /sbin/service iptables save > >> [root@lpdza1 ~]# /sbin/service iptables reload > >> [root@lpdza1 ~]# /sbin/service iptables start > >> > >> [root@lpdza1 ~]# iptables -L -v > >> Chain INPUT (policy DROP 0 packets, 0 bytes) > >> pkts bytes target prot opt in out source > >> destination > >> 468 35641 ACCEPT tcp -- any any anywhere > >> anywhere tcp dpt:ssh > >> 13 708 ACCEPT tcp -- any any anywhere > >> anywhere tcp dpt:7028 > >> 22 1299 ACCEPT all -- lo any anywhere > >> anywhere > >> 733 124K ACCEPT all -- eth0 any anywhere > >> anywhere > >> 0 0 ACCEPT all -- any any anywhere > >> anywhere state NEW,RELATED,ESTABLISHED > >> > >> Chain FORWARD (policy DROP 0 packets, 0 bytes) > >> pkts bytes target prot opt in out source > >> destination > >> > >> Chain OUTPUT (policy ACCEPT 1094 packets, 168K bytes) > >> pkts bytes target prot opt in out source > >> destination > >> > >> > >> [root@lpdza1 ~]# ip6tables -P INPUT ACCEPT > >> [root@lpdza1 ~]# ip6tables -F > >> [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT > >> [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 7028 -j ACCEPT > >> [root@lpdza1 ~]# ip6tables -P INPUT DROP > >> [root@lpdza1 ~]# ip6tables -P FORWARD DROP > >> [root@lpdza1 ~]# ip6tables -P OUTPUT ACCEPT > >> [root@lpdza1 ~]# ip6tables -A INPUT -i lo -j ACCEPT > >> [root@lpdza1 ~]# ip6tables -A INPUT -i eth0 -j ACCEPT > >> [root@lpdza1 ~]# ip6tables -A INPUT -m state --state > >> NEW,ESTABLISHED,RELATED -j ACCEPT > >> > >> [root@lpdza1 ~]# /sbin/service ip6tables save > >> [root@lpdza1 ~]# /sbin/service ip6tables reload > >> [root@lpdza1 ~]# /sbin/service ip6tables start > >> > >> [root@lpdza1 ~]# iptables -P INPUT ACCEPT > >> [root@lpdza1 ~]# iptables -F > >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT > >> [root@lpdza1 ~]# iptables -P INPUT DROP > >> [root@lpdza1 ~]# iptables -P FORWARD DROP > >> [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT > >> [root@lpdza1 ~]# iptables -A INPUT -m state --state > >> NEW,ESTABLISHED,RELATED -j ACCEPT > >> > >> [root@lpdza1 ~]# /sbin/service iptables save > >> [root@lpdza1 ~]# /sbin/service iptables reload > >> [root@lpdza1 ~]# /sbin/service iptables start > >> > >> > >> # test from first CentOS machine > >> > >> [root@lpdza1 ~]# nc -zv -w 2 lpdza1 22 > >> Connection to lpdza1 22 port [tcp/ssh] succeeded! > >> [root@lpdza1 ~]# nc -zv -w 2 lpdza1 7028 > >> Connection to lpdza1 7028 port [tcp/*] succeeded! > >> > >> #switch to second CentOS machine > >> [adiaz@lpdza2 ~]$ ping -c 1 lpdza1 > >> PING lpdza1 (192.168.122.185) 56(84) bytes of data. > >> 64 bytes from lpdza1 (192.168.122.185): icmp_seq=1 ttl=64 time=0.567 ms > >> > >> [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 22 > >> Connection to lpdza1 22 port [tcp/ssh] succeeded! > >> [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 7028 > >> nc: connect to lpdza1 port 7028 (tcp) failed: Connection refused > >> > >> ====================== > >> > >> Any pointers is very much appreciated. Thank you. > >> > >> ciao! > >> > >> -- > >> "Programming, an artform that fights back" > >> > >> Anuerin G. Diaz > >> Registered Linux User #246176 > >> http://ramfree17.net/capsule , when you absolutely have nothing else > >> better to do > >> > >> _________________________________________________ > >> Philippine Linux Users' Group (PLUG) Mailing List > >> http://lists.linux.org.ph/mailman/listinfo/plug > >> Searchable Archives: http://archives.free.net.ph > >> > >> > >> _________________________________________________ > >> Philippine Linux Users' Group (PLUG) Mailing List > >> http://lists.linux.org.ph/mailman/listinfo/plug > >> Searchable Archives: http://archives.free.net.ph > > > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- "Programming, an artform that fights back" Anuerin G. Diaz Registered Linux User #246176 Friendly Linux Board @ http://mandrivausers.org/index.php http://ramfree17.net/capsule , when you absolutely have nothing else better to do
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
