[544]=>Good morning
 [543]=>You know the fee...
 [542]=>Date more, care ...
 [541]=>Moving On



October 2019
sun mon tue wed thu fri sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    


 [RAndoMness]=> 28Sep09
 [JPsDocs] => 22Feb09
 [JPics] => 10Dec11

recent music
Boycott SONY



  getentry(521); getentry(523);

iptables fun
added Thu December 25 2008 at 4:14 AM

I was getting a Network Timeout Error (The server at x.x.x.x is taking too long to respond) when trying to connect to my tomcat port (x.x.x.x:8080). java was listening on that port (netstat -tnlp), but it turned out that my iptables was set to aggressively block anything that wasn't explicitly allowed. While I was researching how to unblock it (it's been awhile since I played with iptables), I saw someone explain how to redirect from port 80 to port 8080 (I think I used sudo iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 - DON'T RUN THAT). I thought that sounded cool so I tried it without success. Eventually, I found the right answer (sudo iptables -I INPUT 3 -p tcp --dport 8080 -j ACCEPT).

It wasn't until the next morning that I found out the extent of the damage I had caused. I was trying to install some other software using apt-get and I kept getting a bunch of 404's. Now, at first I thought this was related to upgrading to the latest version of ubuntu (which was a problem earlier with very similar symptoms), but I was already on the latest version. After pounding my head against the wall for a while, I tried downloading other files from my server, to no avail. Eventually, I tried a simple URL at the root of a server and noticed that it was returning the default new tomcat install page. That's when it hit me that I had accidentally forwarded the OUTPUT port 80 to tomcat instead of the INPUT port 80.

At this point, I realized that my iptables was kind of a mess and I didn't know how to recover it using actual iptables commands, so I backed it up using iptables-save > /tmp/iptables.txt, deleted the lines that referred to the really stupid nat rules and loaded the saved iptables back using iptables-restore < /tmp/iptables.txt.

Looks like it worked, YMMV.

no comments found on this entry
Allowable HTML:
<a href="">links</a>
Comment guidelines