0

I have setup Solr (v 4.2.1) for one of my websites and I am having trouble securing the admin panel I am running Solr with Jetty. I did not use tomcat I have edited example/etc/jetty.xml and modified the host value to read

<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.bio.SocketConnector"> <Set name="host"><SystemProperty name="jetty.host" default="10.100.202.42"/></Set> <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> <Set name="statsOn">false</Set> </New> </Arg> </Call>

I start the server and it binds to

::ffff:10.100.202.42:8983

However, I am able to access the admin panel by using the site's external IP. Am I missing something?

output of ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:50:56:84:00:02 inet addr:10.100.202.42 Bcast:10.255.255.255 Mask:255.255.0.0 inet6 addr: fe80::250:56ff:fe84:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:546942285 errors:0 dropped:0 overruns:0 frame:0 TX packets:482684266 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:80045331498 (74.5 GiB) TX bytes:184397661148 (171.7 GiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:230200 errors:0 dropped:0 overruns:0 frame:0 TX packets:230200 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:335195301 (319.6 MiB) TX bytes:335195301 (319.6 MiB)

and

netstat -apn|grep 8983 tcp 0 0 ::ffff:10.100.202.42:8983 :::* LISTEN 17133/java tcp 0 0 ::ffff:10.100.202.42:8983 ::ffff:10.100.202.44:36223 TIME_WAIT - tcp 0 0 ::ffff:10.100.202.42:8983 ::ffff:10.100.202.44:35096 TIME_WAIT -

Thanks

Improve this question
1
  • Could you paste into your question the output from ifconfig -a on your server? It's OK to blank a couple of the octets of any real address, but please don't obscure the whole thing. Also, that of netstat -apn|grep 8983. Commented Apr 17, 2013 at 8:06

1 Answer 1

Reset to default
2
+50

From the ifconfig output, it's clear that your server has no real (ie, publicly-routable, non-RFC1918) addresses at all. But your question makes reference to a public address by which this server can be accessed. That means there's something in front of your server NATting the private address to a real address (might this be an amazon cloud server, by any chance?).

That given, you can't achieve what you want by binding to the private address and assuming noone can get there via the public address. You will need to address this either locally, with some iptables logic, to prevent "non-local" addresses (and you'll need to define "non-local") from connecting to port 8983, or on the NAT device that's doing the public-private mapping.

Improve this answer
4
  • Thanks for the response. The server is indeed NATed. I am no network expert but what is puzzling me is that I have other services (memcached ie) running which are bound to the internal IP and you cannot access them via the public IP (ie telneting to the port). Why is that? I would have expected the same behavior for solr also Commented Apr 17, 2013 at 15:25
  • The NATting device will be running some kind of firewall (very likely, or in the case of amazon cloud servers, definitely). You'll have to chase it down there. Commented Apr 17, 2013 at 15:29
  • So the firewall rules are responsible for the behavior I am experiencing right? Commented Apr 17, 2013 at 15:37
  • I think that very likely indeed (or, in case I haven't yet made it clear enough, if you're running on amazon cloud servers, definite). Commented Apr 17, 2013 at 15:49

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.