The command netstat -nlp
will show you what is listening:
]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 13940/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 13940/java
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 13940/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3377/sshd
The lsof
command on the pid of the tomcat process will show something similar:
java 13940 root 35r CHR 1,9 942 /dev/urandom
java 13940 root 36r CHR 1,9 942 /dev/urandom
java 13940 root 38u IPv4 31050 TCP *:8009 (LISTEN)
java 13940 root 39u IPv4 31053 TCP 127.0.0.1:8005 (LISTEN)
When you run shutdown.sh
you should see traffic go to port 8005:
[root@test001 ~]# tcpdump -i lo 'port 8005'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
20:11:22.168395 IP test001.36696 > test001.8005: S 2859727005:2859727005(0) win 32792 <mss 16396,sackOK,timestamp 20428874 0,nop,wscale 7>
20:11:22.168922 IP test001.8005 > test001.36696: S 2855491174:2855491174(0) ack 2859727006 win 32768 <mss 16396,sackOK,timestamp 20428874 20428874,nop,wscale 7>
20:11:22.168598 IP test001.36696 > test001.8005: . ack 1 win 257 <nop,nop,timestamp 20428874 20428874>
20:11:22.171127 IP test001.36696 > test001.8005: P 1:2(1) ack 1 win 257 <nop,nop,timestamp 20428877 20428874>
20:11:22.171144 IP test001.8005 > test001.36696: . ack 2 win 256 <nop,nop,timestamp 20428877 20428877>
20:11:22.171443 IP test001.36696 > test001.8005: P 2:3(1) ack 1 win 257 <nop,nop,timestamp 20428877 20428877>
20:11:22.171453 IP test001.8005 > test001.36696: . ack 3 win 256 <nop,nop,timestamp 20428877 20428877>
20:11:22.171686 IP test001.36696 > test001.8005: P 3:4(1) ack 1 win 257
- Check that
localhost
resolves e.g. it's in /etc/hosts.
- Check that you are not running the Ubuntu Firewall.
- Post your
netstat -nlp
output if you can.
- Try
telnet localhost 8005
or telnet 127.0.0.1
After hours of research, I've found out that the problem is authbind. It can bind tomcat to ports lower than 1024 only for IPv4 and doesn't work for IPv6 (it should on newer kernels, but on this machine the 3.2 kernel is used).
When I turned of authbind in /etc/default/tomcat7 and modified my server.xml to listen on 8080, then redirect to 443 and listen on 8443, tomcat started listening on IPv6 like it should.
Redirecting the ports via iptables is also possible only for IPv4, since the ip6tables comes with support for nat and redirect only from kernel 3.7.
I then used a daemon called xinetd to redirect traffic from 80 to 8080 and from 443 to 8443. Now everything works as it should.
Best Answer
I've heard of Tomcat problems with machines using ipv6. Try to blacklist the
ipv6
module on/etc/modprobe.d
directory and reboot to see if it binds correctly.