This week's giveaway is in the Cloud/Virtualization forum. We're giving away four copies of Secure Financial Transactions with Ansible, Terraform, and OpenSCAP and have Lucian Maly on-line! See this thread for details.
I have tested this and got this far. I am familiar with IPTABLES but a greenhorn haha. If I log into 172.16.0.5 and try localhost in browser it works.
When I try another PC on the lan it trys to get to 172.16.0.5 but fails. The browser says site unavailable or too busy.
If I log into 192.168.0.10 and type 172.16.0.5 it sees apache no problem - works.
I run $ tcpdump -i on both eth0: and enp0s0: there is data on enp0s0: when I try to access from the testing PC. The one that the browser says unavailable. But I see tcp traffic on the 192.168.0.10 machine (enp0s0) but nothing on eth0: So I know I have right conditions for seeing my tests but can't break thru to eth0: from my test pc. As you can see I am trying to figure out if I need something else. Not sure because it appears to be a forwarding issue.
I don't know how to test anymore. Thank you if anybody knows.
This looks more like a general Linux networking issue than Tomcat. I'll see if I can link over there.
If I'm reading this correctly, you have 2 LAN segments, one for the server and one for the desktops. The server is on the 172 segment, and the desktops are on the 192.168 segment.
Where I get confused is the "firewall". I'm guessing that it's supposed to link the 172 and 192.168 subnets. Meaning that it's actually a router machine, since all well-configured machines have their own firewalls these days.
To link the 2 LAN segments properly, a couple of things have to be done:
1. You have to have IPV4 forwarding turned on on the routing machine.
2. You have to have a NIC configured for each connected subnet on the routing machine.
3. The NICs do have to have appropriate firewall configurations (iptables or firewalld) settings.
and last, but not least:
4. The IP routing has to be set up so that the 192.168 subnet can route to the 172 subnet and vice versa. That's done by the ip route command, but is normally stored as a permanent system setting in a format and location determined by which flavor of whatever OS the router machine is running.
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.