Howdy this is technical a pass-thru on LAN to Server (see detail) LAN-2-LAN

Hello here is what I have

Server (LAN IP for Apache is 172.16.0.5)
* $ ifconfig
  shows eth0:
  eth0 validated @ 172.16.0.5

Firewall (LAN IP for Linux Firewall is 192.168.0.10)
* $ ifconfig
 shows enp0s0:
 enp0s0 validated @ 192.168.0.10

Another PC on LAN for Testing

I have tested this and got this far. I am familiar with IPTABLES but a greenhorn haha. If I log into 172.16.0.5 and try localhost in browser it works.

When I try another PC on the lan it trys to get to 172.16.0.5 but fails. The browser says site unavailable or too busy.

To test

If I log into 192.168.0.10 and type 172.16.0.5 it sees apache no problem - works.

I run $ tcpdump -i on both eth0: and enp0s0: there is data on enp0s0: when I try to access from the testing PC. The one that the browser says unavailable. But I see tcp traffic on the 192.168.0.10 machine (enp0s0) but nothing on eth0: So I know I have right conditions for seeing my tests but can't break thru to eth0: from my test pc. As you can see I am trying to figure out if I need something else. Not sure because it appears to be a forwarding issue.

I don't know how to test anymore. Thank you if anybody knows.

Welcome to the Ranch, Jeff!

This looks more like a general Linux networking issue than Tomcat. I'll see if I can link over there.

If I'm reading this correctly, you have 2 LAN segments, one for the server and one for the desktops. The server is on the 172 segment, and the desktops are on the 192.168 segment.

Where I get confused is the "firewall". I'm guessing that it's supposed to link the 172 and 192.168 subnets. Meaning that it's actually a router machine, since all well-configured machines have their own firewalls these days.

To link the 2 LAN segments properly, a couple of things have to be done:

1. You have to have IPV4 forwarding turned on on the routing machine.

2. You have to have a NIC configured for each connected subnet on the routing machine.

3. The NICs do have to have appropriate firewall configurations (iptables or firewalld) settings.

and last, but not least:

4. The IP routing has to be set up so that the 192.168 subnet can route to the 172 subnet and vice versa. That's done by the ip route command, but is normally stored as a permanent system setting in a format and location determined by which flavor of whatever OS the router machine is running.

Thanks for the helping info. I like the domain it is neat here. Also the happiest new years to you.