I have an operating environment in CentOS 6.3 that has tomcat7 and postgres9.2 installed. There is just one web application deployed in tomcat that tries to establish a connection from localhost to postgres. The following is the contents of /etc/sysconfig/iptables
#Filter table
*filter
:INPUT DROP [9:2530]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [88:11968]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
#NAT TABLE
*nat
:PREROUTING ACCEPT [129:7557]
:POSTROUTING DROP [1:108]
:OUTPUT ACCEPT [1:108]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
COMMIT
Tomcat only allows https and listens for requests at port 8443. Currently I forward requests from port 443 to 8443 so that users don't have to specify port numbers in the URL. Web pages are happily accessible from a browser, but web application fails to work. From tomcat logs, hibernate fails to establish a connection with postgres even though netstat output says postgres is at stage LISTEN for requests at 127.0.0.1:5432. All this started happening when I came up with the new firewall config. I was of the idea that the following line
-A INPUT -i lo -j ACCEPT
should take care of local connections from tomcat webapp to postgres, but looks like it doesn't. I need to know what is it in the firewall config that I need to change to allow the connections back again.
