I tried this iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 7028 -j DNAT --to-destination 127.0.0.1
which transformed this [root@lpdza2 ~]# nc -z -v -w 2 lpdza1 7028 nc: connect to lpdza1 port 7028 (tcp) failed: Connection refused to [root@lpdza2 ~]# nc -z -v -w 2 lpdza1 7028 nc: connect to lpdza1 port 7028 (tcp) timed out: Operation now in progress Maybe I also need to have another rule for the response. :) Thanks also to Ben Sarmiento for answering some of my questions. Ill also try looking for the binding configuration for WebLogic as I will need to add a lot of rules as this setup will use a lot of rules when I am done with the whole install and configuration. ciao! On Sat, Oct 20, 2012 at 11:34 PM, Anuerin Diaz <[email protected]> wrote: > Thanks John. The WebLogic is listening on the localhost interface as what > was also mentioned here[1]. My problem now is how to make that WebLogic > instance listen to eth0, or can I make an iptable rule to redirect all 7028 > traffic to localhost? > > [1] http://serverfault.com/a/290006 > > > > On Sat, Oct 20, 2012 at 11:29 PM, John Homer H Alvero <[email protected] > > wrote: > >> on lpdza1, whats the output of netstat -tunlp ? check if the port is >> listening on the correct interface. >> >> >> >> On Sat, Oct 20, 2012 at 9:39 PM, Anuerin Diaz <[email protected]> >> wrote: >> > They are using bridged networking. I am using Xen and starting to think >> > maybe I should have used Virtual box instead. :| >> > >> > ciao! >> > >> > On Oct 20, 2012 8:26 PM, "Heherson Pagcaliwagan" <[email protected]> >> wrote: >> >> >> >> How is your networking setup? Are the nodes using bridged networking or >> >> simpla NAT? >> >> >> >> Out of curiosity, what's the virt solution you are using?(i.e. kvm, lc, >> >> openvz, vmware, virtualbox, ...) >> >> >> >> --herson >> >> >> >> On Oct 20, 2012, at 6:15 PM, Anuerin Diaz <[email protected]> wrote: >> >> >> >> Hi, >> >> >> >> I have 2 virtualized CentOS machines (lpdza1 and lpdza2) where I am >> >> setting up clustered WebLogic nodes. The current problem I have is >> that I >> >> cannot make the port 7028 in lpdza1 accept external connections. >> Connection >> >> from within lpdza1 works but I need lpdza2 to be able to access the >> admin >> >> port (7028). I have tried alternately disabling iptables and >> ip6tables, as >> >> well as flushing and stopping them to no avail. I have also tried >> >> configuring and disabling them from the desktop GUI >> >> (Administration->Securtiy and Firewall settings, >> >> Administration->Services->restart). I have tried accessing from other >> >> virtual machines (Ubuntu, WindowsXP) to isolate that it is not a >> problem on >> >> the second machine (lpdza2). >> >> >> >> What am I missing? Below is the sequence of commands I executed >> which is >> >> based from http://wiki.centos.org/HowTos/Network/IPTables. >> >> >> >> ====================== >> >> >> >> [root@lpdza1 ~]# iptables -L >> >> Chain INPUT (policy ACCEPT) >> >> target prot opt source destination >> >> >> >> Chain FORWARD (policy ACCEPT) >> >> target prot opt source destination >> >> >> >> Chain OUTPUT (policy ACCEPT) >> >> target prot opt source destination >> >> >> >> [root@lpdza1 ~]# netstat -an | grep 7028 >> >> tcp 0 0 ::ffff:127.0.0.1:7028 :::* >> >> LISTEN >> >> >> >> [root@lpdza1 ~]# service iptables status >> >> Table: filter >> >> Chain INPUT (policy ACCEPT) >> >> num target prot opt source destination >> >> >> >> Chain FORWARD (policy ACCEPT) >> >> num target prot opt source destination >> >> >> >> Chain OUTPUT (policy ACCEPT) >> >> num target prot opt source destination >> >> >> >> >> >> [root@lpdza1 ~]# iptables -P INPUT ACCEPT >> >> [root@lpdza1 ~]# iptables -F >> >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -P INPUT DROP >> >> [root@lpdza1 ~]# iptables -P FORWARD DROP >> >> [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -m state --state >> >> NEW,ESTABLISHED,RELATED -j ACCEPT >> >> >> >> [root@lpdza1 ~]# /sbin/service iptables save >> >> [root@lpdza1 ~]# /sbin/service iptables reload >> >> [root@lpdza1 ~]# /sbin/service iptables start >> >> >> >> [root@lpdza1 ~]# iptables -L -v >> >> Chain INPUT (policy DROP 0 packets, 0 bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> 468 35641 ACCEPT tcp -- any any anywhere >> >> anywhere tcp dpt:ssh >> >> 13 708 ACCEPT tcp -- any any anywhere >> >> anywhere tcp dpt:7028 >> >> 22 1299 ACCEPT all -- lo any anywhere >> >> anywhere >> >> 733 124K ACCEPT all -- eth0 any anywhere >> >> anywhere >> >> 0 0 ACCEPT all -- any any anywhere >> >> anywhere state NEW,RELATED,ESTABLISHED >> >> >> >> Chain FORWARD (policy DROP 0 packets, 0 bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> >> >> Chain OUTPUT (policy ACCEPT 1094 packets, 168K bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> >> >> >> >> [root@lpdza1 ~]# ip6tables -P INPUT ACCEPT >> >> [root@lpdza1 ~]# ip6tables -F >> >> [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT >> >> [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 7028 -j ACCEPT >> >> [root@lpdza1 ~]# ip6tables -P INPUT DROP >> >> [root@lpdza1 ~]# ip6tables -P FORWARD DROP >> >> [root@lpdza1 ~]# ip6tables -P OUTPUT ACCEPT >> >> [root@lpdza1 ~]# ip6tables -A INPUT -i lo -j ACCEPT >> >> [root@lpdza1 ~]# ip6tables -A INPUT -i eth0 -j ACCEPT >> >> [root@lpdza1 ~]# ip6tables -A INPUT -m state --state >> >> NEW,ESTABLISHED,RELATED -j ACCEPT >> >> >> >> [root@lpdza1 ~]# /sbin/service ip6tables save >> >> [root@lpdza1 ~]# /sbin/service ip6tables reload >> >> [root@lpdza1 ~]# /sbin/service ip6tables start >> >> >> >> [root@lpdza1 ~]# iptables -P INPUT ACCEPT >> >> [root@lpdza1 ~]# iptables -F >> >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -P INPUT DROP >> >> [root@lpdza1 ~]# iptables -P FORWARD DROP >> >> [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT >> >> [root@lpdza1 ~]# iptables -A INPUT -m state --state >> >> NEW,ESTABLISHED,RELATED -j ACCEPT >> >> >> >> [root@lpdza1 ~]# /sbin/service iptables save >> >> [root@lpdza1 ~]# /sbin/service iptables reload >> >> [root@lpdza1 ~]# /sbin/service iptables start >> >> >> >> >> >> # test from first CentOS machine >> >> >> >> [root@lpdza1 ~]# nc -zv -w 2 lpdza1 22 >> >> Connection to lpdza1 22 port [tcp/ssh] succeeded! >> >> [root@lpdza1 ~]# nc -zv -w 2 lpdza1 7028 >> >> Connection to lpdza1 7028 port [tcp/*] succeeded! >> >> >> >> #switch to second CentOS machine >> >> [adiaz@lpdza2 ~]$ ping -c 1 lpdza1 >> >> PING lpdza1 (192.168.122.185) 56(84) bytes of data. >> >> 64 bytes from lpdza1 (192.168.122.185): icmp_seq=1 ttl=64 time=0.567 ms >> >> >> >> [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 22 >> >> Connection to lpdza1 22 port [tcp/ssh] succeeded! >> >> [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 7028 >> >> nc: connect to lpdza1 port 7028 (tcp) failed: Connection refused >> >> >> >> ====================== >> >> >> >> Any pointers is very much appreciated. Thank you. >> >> >> >> ciao! >> >> >> >> -- >> >> "Programming, an artform that fights back" >> >> >> >> Anuerin G. Diaz >> >> Registered Linux User #246176 >> >> http://ramfree17.net/capsule , when you absolutely have nothing else >> >> better to do >> >> >> >> _________________________________________________ >> >> Philippine Linux Users' Group (PLUG) Mailing List >> >> http://lists.linux.org.ph/mailman/listinfo/plug >> >> Searchable Archives: http://archives.free.net.ph >> >> >> >> >> >> _________________________________________________ >> >> Philippine Linux Users' Group (PLUG) Mailing List >> >> http://lists.linux.org.ph/mailman/listinfo/plug >> >> Searchable Archives: http://archives.free.net.ph >> > >> > >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > "Programming, an artform that fights back" > > Anuerin G. Diaz > Registered Linux User #246176 > Friendly Linux Board @ http://mandrivausers.org/index.php > > http://ramfree17.net/capsule , when you absolutely have nothing else > better to do > -- "Programming, an artform that fights back" Anuerin G. Diaz Registered Linux User #246176 Friendly Linux Board @ http://mandrivausers.org/index.php http://ramfree17.net/capsule , when you absolutely have nothing else better to do
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
