RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
>From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] >Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from >outside > >> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] >> Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections >> from outside >> >> It would be nice that things work as documented/expected. > >You might have to take that up with Microsoft, since indications are that's >where the problem may reside. +2 *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections > from outside > > It would be nice that things work as documented/expected. You might have to take that up with Microsoft, since indications are that's where the problem may reside. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Well, I for one care, because it's one more work-around I'll have to pass along to every customer of ours that upgrades to a new Windows server. It's not a real issue in my personal environment, since all hosted customers are configured with hard IPs, but most of our customer base install without worrying about the IP address aspect of it. (Thought now that I think back on it, I may have already addressed this in our installer by forcing address="0.0.0.0".) It would be nice that things work as documented/expected. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Saturday, May 08, 2010 9:03 AM To: Tomcat Users List Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Also, does anyone care, or is this something where we'll just try to track the issue each time someone asks ? *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Yes, the DLL is included in 5.5.29 now. It no longer downloads, since the downloaded version was ancient. Now you get the one that was current when the release was built. Much better I think. Jeff -Original Message- From: Eyrignoux Marc [mailto:eyrig...@yahoo.fr] Sent: Friday, May 07, 2010 4:36 PM To: Tomcat Users List Subject: Re : Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Hi Jeff, Good guess: I had always the native libraries installed on Tomcat 5.5.29. For Tomcat 5.5.17, it depends: for the 2 firsts installs, I installed the native libraries. But the dll wouldn't download for the next ones, so I pressed "cancell", and they didn't install. Anyway, the connection with Tomcat 5.5.17 always worked from outside computers (with and without the native libraries). There was not this download problem with Tomcat 5.5.29: I guess the dll came within the install of Tomcat 5.5.29. I am not at work until monday, I will give you the version numbers then. Sorry for "c'est au pied du mur...": I pressed the wrong button. See you, Marc. Marc - Do you have the native libraries installed? What are their releases Tomcat 5.5.17 vs. 5.5.29? To find out, explore to the Tomcat 5.5\bin directory and right-click on tcnative-1.dll. Look at the Details tab and see what it has for "file version". Jeff -Original Message- From: Eyrignoux Marc [mailto:eyrig...@yahoo.fr] Sent: Friday, May 07, 2010 9:25 AM To: Tomcat Users List Subject: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Hi Charles, > You can try setting the address attribute of your elements to "0.0.0.0" to force IPv4. It works, thank you NB: Other people might experience the same problem. I don't know where it comes from, may be from an interaction between Windows Server 2008 and Tomcat 5.5.29 ? Thank you again, Marc. NB: for the other questions: - Nothing interesting in the logs - I use the same JDK for both 5.5.17 and 5.5.29: j2sdk1.5.0_16 - -Djava.net.preferIPv4Stack=true didn't help - my server.xml is the one installed by default with Tomcat, without any changes (but the "0.0.0.0" which I have just added). I don't paste it here since the problem is solved, and I don't want to spam you with long emails. > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Subject: RE: Re : Re : Tomcat 5.5.29 does not accept connections from > outside > > It appears to be listening only on IPv6, not IPv4. > > Check the logs for 5.5.29 to see if anything interesting is being > reported. > > Post your server.xml, preferably with comments removed and passwords > obfuscated. > > You can try setting the address attribute of your elements > to "0.0.0.0" to force IPv4. Also, are you using the same JVM for both 5.5.17 and 5.5.29? Do you have any command line parameters set? You can try setting: -Djava.net.preferIPv4Stack=true to see if that helps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ***
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
if we can determine the gating relationship(AND/OR/NOR/XOR/NOT) between these entities we might want to create a Karnaugh Map http://en.wikipedia.org/wiki/Karnaugh_map#Karnaugh_map Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Sat, 8 May 2010 16:02:52 +0200 > From: a...@ice-sa.com > To: users@tomcat.apache.org > Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from > outside > > Caldarale, Charles R wrote: > ... > > > > So with these versions, the Java blocking connector is listening on both > > IPv4 and IPv6, while the NIO and APR connectors are using only IPv4. This > > doesn't seem to make things much clearer... > > I am starting to regret my follow-up questions. > Life seemed so simple before. > > Attempting to get a grip, I gather that in order to determine which type > of listening socket Tomcat will open for its different types of > Connector's, there seems to be > > - a platform/OS element > - a JVM version element > - an element linked to the JVM startup options (-D xxx) > - an element linked to whether Tomcat is using APR or not > - an element linked to the Tomcat version (?) > - an element linked to whether a specific bind IP address is specified > in the Connector (with a particularity for the shutdown connector) > - an element linked to name-to-IP-address resolution (e.g. whether > localhost, in the hosts file, is specified as an IPv4-only, or > IPv6-only, or both). > > And separately, the way a client will try to connect, depends on the > client circumstances. > > Does anyone have kind of a "synthetic" view of this at the moment, or > should I go back through the whole thread to collect the info ? > > As a start, I guess that if the platform/OS does not support IPv6, then > it's simple no matter what else the settings are : IPv4 only. > The same would be true for the JVM, but is there some version before > which the JVM does not support IPv6 ? > (And I seem to remember also some comment about whether it was possible > or not to enable/disable the JVM's IPv4 or IPv6 support). > > Also, does anyone care, or is this something where we'll just try to > track the issue each time someone asks ? > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Caldarale, Charles R wrote: ... So with these versions, the Java blocking connector is listening on both IPv4 and IPv6, while the NIO and APR connectors are using only IPv4. This doesn't seem to make things much clearer... I am starting to regret my follow-up questions. Life seemed so simple before. Attempting to get a grip, I gather that in order to determine which type of listening socket Tomcat will open for its different types of Connector's, there seems to be - a platform/OS element - a JVM version element - an element linked to the JVM startup options (-D xxx) - an element linked to whether Tomcat is using APR or not - an element linked to the Tomcat version (?) - an element linked to whether a specific bind IP address is specified in the Connector (with a particularity for the shutdown connector) - an element linked to name-to-IP-address resolution (e.g. whether localhost, in the hosts file, is specified as an IPv4-only, or IPv6-only, or both). And separately, the way a client will try to connect, depends on the client circumstances. Does anyone have kind of a "synthetic" view of this at the moment, or should I go back through the whole thread to collect the info ? As a start, I guess that if the platform/OS does not support IPv6, then it's simple no matter what else the settings are : IPv4 only. The same would be true for the JVM, but is there some version before which the JVM does not support IPv6 ? (And I seem to remember also some comment about whether it was possible or not to enable/disable the JVM's IPv4 or IPv6 support). Also, does anyone care, or is this something where we'll just try to track the issue each time someone asks ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
> From: Caldarale, Charles R > Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections > from outside > > > that IPv4 addresses had somehow been mapped to a sub-range > > of IPv6 addresses, and that there was always some kind of > > "automatic IPv4 to IPv6 translation" going on in the background. > > Unfortunately, that's an optional part of the IPv6 RFC, and even when > available on a given platform, is usually off by default. The above is not quite correct - the option to map IPv4 addresses into IPv6 is usually *on* by default - except maybe on Windows. > > - if you are using APR for the HTTP Connector, then it is always IPv4 > > (or maybe only up to version X) > > No, APR has IPv6 capability, and it's on by default, at least in recent > versions. After some testing with varying tcnative-1.dll versions on Tomcat 5.5.25, it looks like behavior changed between 1.1.10 and 1.1.12. With 1.1.10 on my Vista 64 box, the APR connector listened _only_ on IPv4 - there were no IPv6 listens created. With 1.1.12 and above (including the current 1.1.20), APR listens only on IPv6; this should be ok as long as IPv4 connections are tunneled through IPv6, but it looks like that part isn't working in my (and the OP's) version of Windows. I didn't see any differences in the tcnative source between 1.1.10 and 1.1.12 that would account for this difference in behavior, so perhaps there were changes in the APR code proper in this time period. Just to muddy the waters a bit more, I checked how 6.0.26 works with tcnative 1.1.20, using the following connectors: The netstat -ano results (without the shutdown port) are: TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2592 TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 2592 TCP 0.0.0.0:8082 0.0.0.0:0 LISTENING 2592 TCP [::]:8080 [::]:0 LISTENING 2592 So with these versions, the Java blocking connector is listening on both IPv4 and IPv6, while the NIO and APR connectors are using only IPv4. This doesn't seem to make things much clearer... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re : Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Hi Jeff, Good guess: I had always the native libraries installed on Tomcat 5.5.29. For Tomcat 5.5.17, it depends: for the 2 firsts installs, I installed the native libraries. But the dll wouldn't download for the next ones, so I pressed "cancell", and they didn't install. Anyway, the connection with Tomcat 5.5.17 always worked from outside computers (with and without the native libraries). There was not this download problem with Tomcat 5.5.29: I guess the dll came within the install of Tomcat 5.5.29. I am not at work until monday, I will give you the version numbers then. Sorry for "c'est au pied du mur...": I pressed the wrong button. See you, Marc. Marc - Do you have the native libraries installed? What are their releases Tomcat 5.5.17 vs. 5.5.29? To find out, explore to the Tomcat 5.5\bin directory and right-click on tcnative-1.dll. Look at the Details tab and see what it has for "file version". Jeff -Original Message- From: Eyrignoux Marc [mailto:eyrig...@yahoo.fr] Sent: Friday, May 07, 2010 9:25 AM To: Tomcat Users List Subject: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Hi Charles, > You can try setting the address attribute of your elements to "0.0.0.0" to force IPv4. It works, thank you NB: Other people might experience the same problem. I don't know where it comes from, may be from an interaction between Windows Server 2008 and Tomcat 5.5.29 ? Thank you again, Marc. NB: for the other questions: - Nothing interesting in the logs - I use the same JDK for both 5.5.17 and 5.5.29: j2sdk1.5.0_16 - -Djava.net.preferIPv4Stack=true didn't help - my server.xml is the one installed by default with Tomcat, without any changes (but the "0.0.0.0" which I have just added). I don't paste it here since the problem is solved, and I don't want to spam you with long emails. > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Subject: RE: Re : Re : Tomcat 5.5.29 does not accept connections from > outside > > It appears to be listening only on IPv6, not IPv4. > > Check the logs for 5.5.29 to see if anything interesting is being > reported. > > Post your server.xml, preferably with comments removed and passwords > obfuscated. > > You can try setting the address attribute of your elements > to "0.0.0.0" to force IPv4. Also, are you using the same JVM for both 5.5.17 and 5.5.29? Do you have any command line parameters set? You can try setting: -Djava.net.preferIPv4Stack=true to see if that helps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Eyrignoux Marc wrote: C'est au pied du mur qu'on voit le mieux le mur. Mais l'arbre peut cacher la forêt. In this case however, I thing the follow-up discussion was very informative. ..that was think.. I'm not so good at ze English spelling when in French mode. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Eyrignoux Marc wrote: C'est au pied du mur qu'on voit le mieux le mur. Mais l'arbre peut cacher la forêt. In this case however, I thing the follow-up discussion was very informative. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re : Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
C'est au pied du mur qu'on voit le mieux le mur. - Message d'origine De : Jeffrey Janner À : Tomcat Users List Envoyé le : Ven 7 mai 2010, 20h 26min 07s Objet : RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Marc - Do you have the native libraries installed? What are their releases Tomcat 5.5.17 vs. 5.5.29? To find out, explore to the Tomcat 5.5\bin directory and right-click on tcnative-1.dll. Look at the Details tab and see what it has for "file version". Jeff -Original Message- From: Eyrignoux Marc [mailto:eyrig...@yahoo.fr] Sent: Friday, May 07, 2010 9:25 AM To: Tomcat Users List Subject: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Hi Charles, > You can try setting the address attribute of your elements to "0.0.0.0" to force IPv4. It works, thank you NB: Other people might experience the same problem. I don't know where it comes from, may be from an interaction between Windows Server 2008 and Tomcat 5.5.29 ? Thank you again, Marc. NB: for the other questions: - Nothing interesting in the logs - I use the same JDK for both 5.5.17 and 5.5.29: j2sdk1.5.0_16 - -Djava.net.preferIPv4Stack=true didn't help - my server.xml is the one installed by default with Tomcat, without any changes (but the "0.0.0.0" which I have just added). I don't paste it here since the problem is solved, and I don't want to spam you with long emails. > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Subject: RE: Re : Re : Tomcat 5.5.29 does not accept connections from > outside > > It appears to be listening only on IPv6, not IPv4. > > Check the logs for 5.5.29 to see if anything interesting is being > reported. > > Post your server.xml, preferably with comments removed and passwords > obfuscated. > > You can try setting the address attribute of your elements > to "0.0.0.0" to force IPv4. Also, are you using the same JVM for both 5.5.17 and 5.5.29? Do you have any command line parameters set? You can try setting: -Djava.net.preferIPv4Stack=true to see if that helps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections > from outside There are some interesting comments in Sun's docs here: http://java.sun.com/j2se/1.5.0/docs/guide/net/ipv6_guide/index.html "Special IPv6 Address Types "Unspecified address (:: corresponding to 0.0.0.0 in IPv4) "This is also called anylocal or wildcard address. If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic. We always try to bind to IPv6 anylocal address on a dual-stack machine unless a related system property is set to use IPv4 Stack. "When bound to ::, method ServerSocket.accept will accept connections from both IPv6 or IPv4 hosts. The Java platform API currently has no way to specify to accept connections only from IPv6 hosts." Also: "Normally, AF_INET6 sockets may be used for both IPv4 and IPv6 communications." And further: "IPv6 Networking Properties "java.net.preferIPv4Stack (default: false) "If IPv6 is available on the operating system, the underlying native socket will be an IPv6 socket. This allows Java(tm) applications to connect too, and accept connections from, both IPv4 andIPv6 hosts. "If an application has a preference to only use IPv4 sockets, then this property can be set to true. The implication is that the application will not be able to communicate with IPv6 hosts. "java.net.preferIPv6Addresses (default: false) "If IPv6 is available on the operating system, the default preference is to prefer an IPv4-mapped address over an IPv6 address. This is for backward compatibility reasons—for example, applications that depend on access to an IPv4-only service, or applications that depend on the %d.%d.%d.%d representation of an IP address. "This property can be set to try to change the preferences to use IPv6 addresses over IPv4 addresses. This allows applications to be tested and deployed in environments where the application is expected to connect to IPv6 services." The above article also claims that Windows is a single-stack platform, which was not my impression for current Windows versions (the article predates Vista and its follow-ons, e.g., Server 2008). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
I posted this before I saw Chuck's answers. I defer to him on most things, particularly the answer for Q5. -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Friday, May 07, 2010 2:50 PM To: Tomcat Users List; Tomcat Users List Subject: RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside André - Almost have it right. As I understand IPv6, yes there is supposed to be some mapping of IPv4 to IPv6 available, if you've got all the right stuff. I don't know enough about it to say when/where/how that takes place. However, Microsoft, in their infinite wisdom, give us two protocol stacks, each configurable separately. As of Server 2008 (and Window 7 & Vista), you are given both, and you can't remove either one. What I reported is what you actually see under a Windows Server 2008 installation. It definitely looks to me to the Tomcat and/or APR layer that's the culprit, not anything further down the list. But I'm a layman, not one of the Tomcat clergy, so I can't say for sure. The actual breakdown of things is as follows: 1) If not using native libraries/APR, then Tomcat listens on both IPv4 an IPv6 for a specific . 2) If using native libraries/APR, then Tomcat only listens on IPv6 unless you explicitly set up an IPv4 address parameter in the . If there is no IPv6 stack, then it will use IPv4 - but you can't uninstall IPv6 on a modern MS OS. You can disable it (uncheck it), but the system still has the stack loaded, and Tomcat still configures for IPv6. 3) The SHUTDOWN/Server connector enforces 127.0.0.1, which might be a problem if anyone sets up an IPv6-only configuration. Couldn't swear to that, since I have no intention of running IPv6-only anytime soon. 4) Review my netstat entries and you'll see that the AJP entry acts like any other connector according to 1) & 2) above. 5) No way to force one or the other that I've found. Jeff -Original Message- From: C Warnier [mailto:a...@ice-sa.com] Sent: Friday, May 07, 2010 1:54 PM To: Tomcat Users List Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Jeffrey Janner wrote: (a lot of useful stuff) Thanks for all this info. Honestly, I have not really looked deeply into IPv6 yet, and I am not sure I understand the implications very well. My naive idea was that this stuff was really cool, opened up a lot more address space, that IPv4 addresses had somehow been mapped to a sub-range of IPv6 addresses, and that there was always some kind of "automatic IPv4 to IPv6 translation" going on in the background. I guess it's not that simple, and I'll have to brush up on my IPv6 stuff. Another impression I'm getting now, is that Tomcat-wise, things are not very clear in that respect. Or maybe it's just the documentation which is lagging a bit. In all fairness, it is probably not the Tomcat layer that is the thing here, it is the Java JVM I guess, or maybe even deeper into the OS. If I summarise what I've seen so far, in dummy's terms : - if you are using APR for the HTTP Connector, then it is always IPv4 (or maybe only up to version X) - if you are using the non-APR HTTP Connector, then it is IPv6 by default, if this is the platform's default ? Except if you force IPv4 by specifying "0.0.0.0" as the address to listen on. - the SHUTDOWN connector (default port 8005) seems to be always IPv4, probably because internally it forces listen address 127.0.0.1 (Can this be a problem ?) - what about the AJP Connector ? Does that one also depend on whether you are using APR or not ? (I don't remember if for that one, you /can/ specify an address; I'll check) - is there a way to force the JVM to use one or the other ? I saw the -D parameter indicated by Chuck before, but the OP seemed to say it had no effect. On what does that depend ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. *** NOTI
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
André - Almost have it right. As I understand IPv6, yes there is supposed to be some mapping of IPv4 to IPv6 available, if you've got all the right stuff. I don't know enough about it to say when/where/how that takes place. However, Microsoft, in their infinite wisdom, give us two protocol stacks, each configurable separately. As of Server 2008 (and Window 7 & Vista), you are given both, and you can't remove either one. What I reported is what you actually see under a Windows Server 2008 installation. It definitely looks to me to the Tomcat and/or APR layer that's the culprit, not anything further down the list. But I'm a layman, not one of the Tomcat clergy, so I can't say for sure. The actual breakdown of things is as follows: 1) If not using native libraries/APR, then Tomcat listens on both IPv4 an IPv6 for a specific . 2) If using native libraries/APR, then Tomcat only listens on IPv6 unless you explicitly set up an IPv4 address parameter in the . If there is no IPv6 stack, then it will use IPv4 - but you can't uninstall IPv6 on a modern MS OS. You can disable it (uncheck it), but the system still has the stack loaded, and Tomcat still configures for IPv6. 3) The SHUTDOWN/Server connector enforces 127.0.0.1, which might be a problem if anyone sets up an IPv6-only configuration. Couldn't swear to that, since I have no intention of running IPv6-only anytime soon. 4) Review my netstat entries and you'll see that the AJP entry acts like any other connector according to 1) & 2) above. 5) No way to force one or the other that I've found. Jeff -Original Message- From: C Warnier [mailto:a...@ice-sa.com] Sent: Friday, May 07, 2010 1:54 PM To: Tomcat Users List Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Jeffrey Janner wrote: (a lot of useful stuff) Thanks for all this info. Honestly, I have not really looked deeply into IPv6 yet, and I am not sure I understand the implications very well. My naive idea was that this stuff was really cool, opened up a lot more address space, that IPv4 addresses had somehow been mapped to a sub-range of IPv6 addresses, and that there was always some kind of "automatic IPv4 to IPv6 translation" going on in the background. I guess it's not that simple, and I'll have to brush up on my IPv6 stuff. Another impression I'm getting now, is that Tomcat-wise, things are not very clear in that respect. Or maybe it's just the documentation which is lagging a bit. In all fairness, it is probably not the Tomcat layer that is the thing here, it is the Java JVM I guess, or maybe even deeper into the OS. If I summarise what I've seen so far, in dummy's terms : - if you are using APR for the HTTP Connector, then it is always IPv4 (or maybe only up to version X) - if you are using the non-APR HTTP Connector, then it is IPv6 by default, if this is the platform's default ? Except if you force IPv4 by specifying "0.0.0.0" as the address to listen on. - the SHUTDOWN connector (default port 8005) seems to be always IPv4, probably because internally it forces listen address 127.0.0.1 (Can this be a problem ?) - what about the AJP Connector ? Does that one also depend on whether you are using APR or not ? (I don't remember if for that one, you /can/ specify an address; I'll check) - is there a way to force the JVM to use one or the other ? I saw the -D parameter indicated by Chuck before, but the OP seemed to say it had no effect. On what does that depend ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections > from outside > > that IPv4 addresses had somehow been mapped to a sub-range > of IPv6 addresses, and that there was always some kind of > "automatic IPv4 to IPv6 translation" going on in the background. Unfortunately, that's an optional part of the IPv6 RFC, and even when available on a given platform, is usually off by default. When supported, most comm stacks appear to allow the IPv4 mapping on a socket-by-socket basis. > Another impression I'm getting now, is that Tomcat-wise, things are not > very clear in that respect. It really shouldn't be a Tomcat issue, just a JVM and platform one. > - if you are using APR for the HTTP Connector, then it is always IPv4 > (or maybe only up to version X) No, APR has IPv6 capability, and it's on by default, at least in recent versions. > - if you are using the non-APR HTTP Connector, then it is IPv6 by > default, if this is the platform's default ? No, it *should* be both IPv4 and IPv6, and under control of JVM system properties. The fact that we have an observed case or two where only IPv6 was active is very strange. > - the SHUTDOWN connector (default port 8005) seems to be always IPv4, > probably because internally it forces listen address 127.0.0.1 This is correct. > - what about the AJP Connector ? Does that one also depend on whether > you are using APR or not ? Probably suffers from the same constraints that the HTTP connectors do; same underlying code. > - is there a way to force the JVM to use one or the other ? Yes, via system property settings. > I saw the -D parameter indicated by Chuck before, but the OP seemed > to say it had no effect. On what does that depend ? An indication that the OP was likely using APR. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Jeffrey Janner wrote: (a lot of useful stuff) Thanks for all this info. Honestly, I have not really looked deeply into IPv6 yet, and I am not sure I understand the implications very well. My naive idea was that this stuff was really cool, opened up a lot more address space, that IPv4 addresses had somehow been mapped to a sub-range of IPv6 addresses, and that there was always some kind of "automatic IPv4 to IPv6 translation" going on in the background. I guess it's not that simple, and I'll have to brush up on my IPv6 stuff. Another impression I'm getting now, is that Tomcat-wise, things are not very clear in that respect. Or maybe it's just the documentation which is lagging a bit. In all fairness, it is probably not the Tomcat layer that is the thing here, it is the Java JVM I guess, or maybe even deeper into the OS. If I summarise what I've seen so far, in dummy's terms : - if you are using APR for the HTTP Connector, then it is always IPv4 (or maybe only up to version X) - if you are using the non-APR HTTP Connector, then it is IPv6 by default, if this is the platform's default ? Except if you force IPv4 by specifying "0.0.0.0" as the address to listen on. - the SHUTDOWN connector (default port 8005) seems to be always IPv4, probably because internally it forces listen address 127.0.0.1 (Can this be a problem ?) - what about the AJP Connector ? Does that one also depend on whether you are using APR or not ? (I don't remember if for that one, you /can/ specify an address; I'll check) - is there a way to force the JVM to use one or the other ? I saw the -D parameter indicated by Chuck before, but the OP seemed to say it had no effect. On what does that depend ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
André - I've numbered your questions below. Here's the possible answers: (1) Probable bug in handling connections when APR library is loaded. Not sure if bug is in Tomcat or APR code. (2) Connections were most likely being tried via IPv4 only, but connectors were set up for IPv6 only. (Best I could determine from reading the thread.) (3) Local browser made connection on IPv6 because it determined that destination was to localhost and used the appropriate loopback - which turned out to be IPv6. It may have attempted the IPv4 loopback, and not getting an answer switched to the IPv6. (4) Easy - create two , one with address="0.0.0.0" and the other with address="[::]", and both specifying port="8080". Or drop the native library APR and just have the one connector with no address value. Jeff -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, May 07, 2010 9:50 AM To: Tomcat Users List Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Eyrignoux Marc wrote: > > Hi Charles, > >> You can try setting the address attribute of your > elements to "0.0.0.0" to force IPv4. > > It works, thank you > NB: Other people might experience the same problem. I don't know where it > comes from, may be from an interaction between Windows Server 2008 and Tomcat > 5.5.29 ? > May I jump in to add somewhat to the question ? Thank you. Can someone explain this a little bit more in detail, or point to some rough explanation page somewhere ? Basically : (1) - why did that Tomcat 5.5.29 "listen only on IPv6" until it was forced to IPv4 by specifying "0.0.0.0" in the Connector ? (2) - why, when Tomcat is listening (only) on IPv6 [::]:8080, does it not accept telnet connections on port 8080 ? (3) - why, when Tomcat was listening (only) on IPv6 [::]:8080, did HTTP:8080 connections from a browser on localhost work, but not the ones from other stations ? (4) - can you set Tomcat to listen on /both/ IPv4 and IPv6 on port 8080 at the same time ? Thanks for any pointers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Marc - Do you have the native libraries installed? What are their releases Tomcat 5.5.17 vs. 5.5.29? To find out, explore to the Tomcat 5.5\bin directory and right-click on tcnative-1.dll. Look at the Details tab and see what it has for "file version". Jeff -Original Message- From: Eyrignoux Marc [mailto:eyrig...@yahoo.fr] Sent: Friday, May 07, 2010 9:25 AM To: Tomcat Users List Subject: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Hi Charles, > You can try setting the address attribute of your elements to "0.0.0.0" to force IPv4. It works, thank you NB: Other people might experience the same problem. I don't know where it comes from, may be from an interaction between Windows Server 2008 and Tomcat 5.5.29 ? Thank you again, Marc. NB: for the other questions: - Nothing interesting in the logs - I use the same JDK for both 5.5.17 and 5.5.29: j2sdk1.5.0_16 - -Djava.net.preferIPv4Stack=true didn't help - my server.xml is the one installed by default with Tomcat, without any changes (but the "0.0.0.0" which I have just added). I don't paste it here since the problem is solved, and I don't want to spam you with long emails. > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Subject: RE: Re : Re : Tomcat 5.5.29 does not accept connections from > outside > > It appears to be listening only on IPv6, not IPv4. > > Check the logs for 5.5.29 to see if anything interesting is being > reported. > > Post your server.xml, preferably with comments removed and passwords > obfuscated. > > You can try setting the address attribute of your elements > to "0.0.0.0" to force IPv4. Also, are you using the same JVM for both 5.5.17 and 5.5.29? Do you have any command line parameters set? You can try setting: -Djava.net.preferIPv4Stack=true to see if that helps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
0.0.0:49818 0.0.0.0:0 LISTENING TCP0.0.0.0:49819 0.0.0.0:0 LISTENING TCP127.0.0.1:8005 0.0.0.0:0 LISTENING TCP[::]:135 [::]:0 LISTENING TCP[::]:445 [::]:0 LISTENING TCP[::]:1311 [::]:0 LISTENING TCP[::]:1688 [::]:0 LISTENING TCP[::]:3389 [::]:0 LISTENING TCP[::]:5357 [::]:0 LISTENING TCP[::]:8009 [::]:0 LISTENING TCP[::]:8080 [::]:0 LISTENING TCP[::]:8087 [::]:0 LISTENING TCP[::]:49152 [::]:0 LISTENING TCP[::]:49153 [::]:0 LISTENING TCP[::]:49154 [::]:0 LISTENING TCP[::]:49155 [::]:0 LISTENING TCP[::]:49158 [::]:0 LISTENING TCP[::]:49159 [::]:0 LISTENING TCP[::]:49160 [::]:0 LISTENING TCP[::]:49177 [::]:0 LISTENING TCP[::]:49818 [::]:0 LISTENING TCP[::]:49819 [::]:0 LISTENING So my conclusion is that the APR library, at least at 1.1.16, only opens one connection per connector. Or perhaps Tomcat is only opening 1 connection when it takes the APR support code path. Jeff Note: I didn't try the no-native 64-bit because I have other production instances using the same Catalina_base/bin directory. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, May 07, 2010 9:50 AM To: Tomcat Users List Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside Eyrignoux Marc wrote: > > Hi Charles, > >> You can try setting the address attribute of your > elements to "0.0.0.0" to force IPv4. > > It works, thank you > NB: Other people might experience the same problem. I don't know where it > comes from, may be from an interaction between Windows Server 2008 and Tomcat > 5.5.29 ? > May I jump in to add somewhat to the question ? Thank you. Can someone explain this a little bit more in detail, or point to some rough explanation page somewhere ? Basically : - why did that Tomcat 5.5.29 "listen only on IPv6" until it was forced to IPv4 by specifying "0.0.0.0" in the Connector ? - why, when Tomcat is listening (only) on IPv6 [::]:8080, does it not accept telnet connections on port 8080 ? - why, when Tomcat was listening (only) on IPv6 [::]:8080, did HTTP:8080 connections from a browser on localhost work, but not the ones from other stations ? - can you set Tomcat to listen on /both/ IPv4 and IPv6 on port 8080 at the same time ? Thanks for any pointers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
RE: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections > from outside > > Can someone explain this a little bit more in detail, or point to some > rough explanation page somewhere ? Not really - this is a bit of a mystery. > - why did that Tomcat 5.5.29 "listen only on IPv6" until it was forced > to IPv4 by specifying "0.0.0.0" in the Connector ? The key question. > - why, when Tomcat is listening (only) on IPv6 [::]:8080, does it not > accept telnet connections on port 8080 ? Because the telnet client is likely making the request only on IPv4, since the DNS mechanism (or hosts file) probably only has IPv4 addresses in it. > - why, when Tomcat was listening (only) on IPv6 [::]:8080, did > HTTP:8080 connections from a browser on localhost work, but not > the ones from other stations ? The internal one would have connected on the IPv6 loopback ([::1]), while the outside ones most likely attempted only IPv4 connections. We don't even know if the OP's network supports IPv6 routing. > - can you set Tomcat to listen on /both/ IPv4 and IPv6 on port 8080 at > the same time ? This should be the default, and that's what 5.5.17 appears to have been doing. Why 5.5.29 doesn't exhibit the same behavior is TBD. I haven't downloaded 5.5.29 yet, but it's on my list for this weekend, to see what it does on my dual-stack machine. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Re : Re : Re : Tomcat 5.5.29 does not accept connections from outside
Eyrignoux Marc wrote: Hi Charles, You can try setting the address attribute of your elements to "0.0.0.0" to force IPv4. It works, thank you NB: Other people might experience the same problem. I don't know where it comes from, may be from an interaction between Windows Server 2008 and Tomcat 5.5.29 ? May I jump in to add somewhat to the question ? Thank you. Can someone explain this a little bit more in detail, or point to some rough explanation page somewhere ? Basically : - why did that Tomcat 5.5.29 "listen only on IPv6" until it was forced to IPv4 by specifying "0.0.0.0" in the Connector ? - why, when Tomcat is listening (only) on IPv6 [::]:8080, does it not accept telnet connections on port 8080 ? - why, when Tomcat was listening (only) on IPv6 [::]:8080, did HTTP:8080 connections from a browser on localhost work, but not the ones from other stations ? - can you set Tomcat to listen on /both/ IPv4 and IPv6 on port 8080 at the same time ? Thanks for any pointers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
