aspose file tools*
The moose likes Tomcat and the fly likes Two network cards on linux Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Two network cards on linux" Watch "Two network cards on linux" New topic
Author

Two network cards on linux

Dhaval J. Patel
Ranch Hand

Joined: Mar 10, 2011
Posts: 90

Hello everyone,
We have a small web application running on a linux server. I am connecting that web app to a database server on the same machine (same IP). Works perfectly fine. But now, I need to connect to another database for the next revision of the project. That database is on a linux box that only has an internal LAN IP. The application server has two network cards, internal and external, and both enabled. But If I connect and run the application it works fine for all the computers connected to the internal LAN. But for devices outside the LAN, the database becomes inaccessible.

What I want to achieve is this

External devices on the internet ------> application Server (External IP+Internal IP, dual network cards) -----> database server (internal Lan IP only, single network card)


Is there any way achieve this. Is there any kind of setting I have to do in Tomcat for that ? Or is there a setting on Linux that I need to do.

Please help,
Thanks
Koen Aerts
Ranch Hand

Joined: Feb 07, 2012
Posts: 344

How does the app connect to the database? Via a tomcat data source; directly via JDBC, etc.? What is the connection URL to the DB? Also, as which user are you running Tomcat, and which IP does it "listen" on (i.e. 0.0.0.0, or local IP, or something else, etc.)?
Dhaval J. Patel
Ranch Hand

Joined: Mar 10, 2011
Posts: 90

Thanks for the reply Koen.
The app connects to the database through a tomcat datasource that I specified in the context and server xml files. The URL to the db is jdbc:postgresql://192.168.100.181:5432/papiDatabase which is has the internal ip. I am running tomcat as root user. I have specified in my server.xml file what ip does the port listen on. So it is whatever it gets defaulted to. Should I specify my external Ip there?? so that it explicitly listens to that IP ?
Koen Aerts
Ranch Hand

Joined: Feb 07, 2012
Posts: 344

First of all, NEVER run your app server (tomcat in this case) with root privileges, for security reasons. You don't want external users to run your JSP/servlet code as root on your server, do you? I generally create a user account that is used specifically to run the app server. Oracle works similar, it runs under its own oracle user account, in fact, aside from a couple scripts, the Oracle installer refuses to be installed as root.

I think you may need to configure tomcat to listen on the specific IP address, or address 0.0.0.0. I don't know for sure if that will help though, but that is where I would start; I think it may get confused about it being accessed both via internal and external addresses. Also I don't know how your network has been set up. For instance do "external" requests (from Internet) go directly to the app server, or do they go via a different way, say HTTP server, or firewall, etc.? I'm trying to figure out whether tomcat should listen to an internal IP or external IP, but you can try either, if applicable.

Also, do you need tomcat to listen to port 80? This won't work when you don't run tomcat as root. On Linux, only root users can open ports < 1024. However with kernel based port forwarding (iptables) you can forward port 80 to 8080, the latter being the default tomcat port. Alternatively, you can configure your firewall to do the port forwarding, assuming you're not already using an http server such as Apache.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18987
    
    8

And what does "inaccessible" mean? Are you getting error messages? If so it would be useful to show them to us.
Dhaval J. Patel
Ranch Hand

Joined: Mar 10, 2011
Posts: 90

Koen Aerts wrote: For instance do "external" requests (from Internet) go directly to the app server, or do they go via a different way, say HTTP server, or firewall, etc.? I'm trying to figure out whether tomcat should listen to an internal IP or external IP, but you can try either, if applicable.


It goes directly to the app server. Nothing in between. I guess tomcat would have to listen to an external IP. I tried specifying the external IP of in the server.xml file, but now the app does not show up. Before it gave me a custom error page from my web app that said could not connect to the database.

About the different user account, I would surely create a user account specifically for the app. Thanks for that.

Paul Clapham wrote: And what does "inaccessible" mean? Are you getting error messages? If so it would be useful to show them to us.


It gives a nullpointer exception at the line where I am trying to get the database connection from the tomcat environment.
Koen Aerts
Ranch Hand

Joined: Feb 07, 2012
Posts: 344

Dhaval J. Patel wrote:I tried specifying the external IP of in the server.xml file, but now the app does not show up. Before it gave me a custom error page from my web app that said could not connect to the database.

Did you also try to configure tomcat to listen to IP 0.0.0.0 ? Also, with the external IP, can you still access the app "from outside" at all?

Dhaval J. Patel wrote:
Paul Clapham wrote: And what does "inaccessible" mean? Are you getting error messages? If so it would be useful to show them to us.

It gives a nullpointer exception at the line where I am trying to get the database connection from the tomcat environment.

Do you have a stacktrace of this?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16303
    
  21

I'm not sure I followed all this, but it does look like there's some confusion about who connects to whom here.

We are going under the assumption that external clients are not attempting to access the database directly, but are making URL requests to Tomcat web applications. Otherwise, your Tomcat setup doesn't even figure into it.

Tomcat itself doesn't actually know about databases. What Tomcat does do, however, is provide a mechanism by which a plugin database connection pool component can be initialized and published (via JNDI) to web apps. Once that's done, everything is between the database connection pooler and the app, and Tomcat gets out of the way. Tomcat comes with the Apache dbcp pooler and that's what it sets up by default.

So. For a webapp to talk to a database, it requests a connection from the connection pooler. The connection pooler looks through its cached collection of pool connections and returns one of them wrapped in a class that makes the connection "close()" method return that connection to the pool. If the cache is empty and the configured connection limit has not been reached, the connection pooler will create a new Connection and return that (wrapped in the connection wrapper I just mentioned). The connection is created in the usual way, using the JDBC connection factory.

The important thing to note is that the process of creating these connections is basically the same as it would be from any stand-alone JDBC application.

And therefore, as long as the application (Tomcat's connection pooler) can open a database connection, everything else "just works".

Having 2 network cards doesn't make a difference. Having FIVE network cards doesn't make a difference. When JDBC opens a database connection, it's opening a tcp/ip network socket connection and you don't code the network cards into that process. The OS network manager is what worries about the network cards.

The OS network manager determines which card to talk over based on the routing tables. So it's important that the OS tcp/ip routing tables direct requests to the database ip address to the network card that provides access to the backend LAN where the database lives. It's the job of the sysadmin and network administrators to ensure that that happens properly.


Customer surveys are for companies who didn't pay proper attention to begin with.
Darren Wilson
Greenhorn

Joined: Nov 05, 2010
Posts: 1

If it's a default linux install, it's possible that iptables isn't allowing traffic between the two interfaces. I've been bitten by that before. Easy enough to test, just shut iptables down and try the app again.
Dhaval J. Patel
Ranch Hand

Joined: Mar 10, 2011
Posts: 90

Thank you for the fantastic reply Tim,
I guess report the issue to the network admin and work with him. I am off the hook on this i guess . Thanks for the piece of information. I guess I should learn more about networks.

@Darren. I would surely try the test. I surely feel that it is a network issue, as my code and the configuration looks okay to me.

@Keon. Thanks for your help too.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Two network cards on linux