Link to home
Start Free TrialLog in
Avatar of Victor Kimura
Victor KimuraFlag for Canada

asked on

How to open port 9000 for XDebug on Centos 5.9

Hi,

I'm wondering how I can open port 9000 for the XDebug on Centos 5.9.

when I try to telnet from my Windows 7 machine to the Centos I get:

telnet 173.201.47.54 9000
....on port 9000: Connect failed

So how do I open this port?

I'm using PHPStorm and the XDebug reports:
Xdebug proxy: Cannot connect to xdebug proxy on 'myultratrust.com:9000'

Wasn't intending to create a XDebug proxy so not sure how to not use it in the settings. Anyone know?

Thanks,
Victor
ASKER CERTIFIED SOLUTION
Avatar of Patrick Bogers
Patrick Bogers
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Victor Kimura

ASKER

Ok, thanks, @Patraicksr1972. Haven't tested it. But will this open for outbound and inbound too?
@Patricksr1972, it states command not found.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@seth2740

I have this output:
root@ip-184-168-116-73 [/home/ultratrust]# netstat -at | grep 9000
root@ip-184-168-116-73 [/home/ultratrust]#

So nothing from netstat.

I'm in root.

I get this output with this command though:


root@ip-184-168-116-73 [/home/ultratrust]# /sbin/service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: mangle filter             [  OK  ]
Unloading iptables modules:                                [  OK  ]
Ok, an update:


root@ip-184-168-116-73 [/home/ultratrust]# su -
root@ip-184-168-116-73 [~]# echo $PATH
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25/bin:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25/jre/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/easy/bin:/usr/local/jdk/bin:/usr/local/jdk/bin:/home/ultratrust/perl5/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin:/home/ultratrust/bin:/usr/local/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin
root@ip-184-168-116-73 [~]# whereis iptables
iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8.gz
root@ip-184-168-116-73 [~]# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT -m comment --comment "Xdebug port"
iptables: Unknown error 4294967295

I have an unknown error.
More update. I read this here:
http://kb.parallels.com/en/6816


Symptoms
Sometimes, when running an iptables command inside a Container, one of following errors occurs:
32-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 4294967295
64-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 18446744073709551615
Cause
The most likely cause is that not all required iptables modules are enabled for the Container.
The error may also occur when trying to use an iptables module which is not virtualized for Containers (e.g., MASQUERADE):
// inside a Container:
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o venet0 -j MASQUERADE
iptables: Unknown error 4294967295

---

So it states on the site the resolution is:

Resolution
This article describes how to configure firewall service provided by iptables inside a container.
First of all, the required modules should be loaded on the node itself. It can be done either by means of host operating system or by Parallels Virtuozzo Containers service:
By means of host OS:
To load the required modules upon hardware node startup, edit iptables configuration file.
On RHEL-based Nodes, by editing the /etc/sysconfig/iptables-config file with your favorite text editor and configuring the value of the IPTABLES_MODULES parameter in this file.
On SUSE-based Nodes, by editing the /etc/sysconfig/SuSEfirewall2 file (e.g. by means of the YaST2 configuration tool).
Example: To enable modules ip_conntrack_netbios_ns, ip_conntrack, and ip_conntrack_ftp on Red Hat Linux Enterprise 5 edit /etc/sysconfig/iptables-config and set IPTABLES_MODULE as follows:
    IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack ip_conntrack_ftp"

---

So I have this setup:

root@ip-184-168-116-73 [~]# cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
#   Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".ip_conntrack .bridge-nf"

Open in new window


I don't know if the solution will work because it's a Parallels solution. I have WHM/cPanel and no Parallels. I'm on a VPS so it's using some virtual machine.

So what would I set my IPTABLES_MODULES to?

Also, it states "Changes will be applied after hardware node restart."

How do I restart the node (or do I simply restart iptables)? I guess by the word "node" they are meaning the Parallels node, right? So I should just restart iptables then.

BTW, the man pages for iptables is here too:
http://www.linuxmanpages.com/man8/iptables.8.php

It's all pretty new to me so I don't know which modules to include. Thank you!
From your post http:#a39809765 it looks like nothing is listening on port 9000. So any connection attempt to that port is going to fail. I think you need to address that first.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Duncan Roe,

Thank you, Duncan! Ok

I have the following output:

root@ip-184-168-116-73 [~]# which iptables
/sbin/iptables
root@ip-184-168-116-73 [~]# whereis iptables
iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8.gz
root@ip-184-168-116-73 [~]#

Open in new window


Doesn't this output mean my Centos 5.9 machine has it though?

If not then should I be installing it via WHM/cPanel or just regular yum install? If yum then what's the command?

Thank you!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I don't have those xtables. I think it's a different distro. Those file names have xt in them so I think it's part of that particular distro.

I read that I should have this file:
 vi /etc/sysconfig/iptables

But I don't have the above file.

I don't know where that following is getting the information from or where those firerules are. Any suggestions?

It states on this page:
http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/

to enter some IPTABLES_MODULES:
# vi /etc/sysconfig/iptables-config

IPTABLES_MODULES="ip_conntrack_ftp"

On my post here:
https://www.experts-exchange.com/questions/28348034/How-to-open-port-9000-for-XDebug-on-Centos-5-9.html?anchorAnswerId=39809888#a39809888
Parallels offers a solution to load some IPTABLES_MODULES to help solve this problem possibly to load the modules on a node. I don't have parallels but am on a VPS with godaddy which is probably using some virtual machine I would think.

But I don't know which modules to load to open that port.

I have this output though:

iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 153K packets, 21M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     151K   21M acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 163K packets, 27M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     160K   25M acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain acctboth (2 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:80
2        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:80
3        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:25
4        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:25
5        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:110
6        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:110
7       28  1392            icmp --  !lo    *       184.168.116.73       0.0.0.0/0
8       28  1392            icmp --  !lo    *       0.0.0.0/0            184.168.116.73
9      326 47896            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0
10     348 29260            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73
11      54  5981            udp  --  !lo    *       184.168.116.73       0.0.0.0/0
12      54 20182            udp  --  !lo    *       0.0.0.0/0            184.168.116.73
13     408 55269            all  --  !lo    *       184.168.116.73       0.0.0.0/0
14     430 50834            all  --  !lo    *       0.0.0.0/0            184.168.116.73
15       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:80
16       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:80
17       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:25
18       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:25
19       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:110
20       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:110
21       0     0            icmp --  !lo    *       173.201.24.210       0.0.0.0/0
22       0     0            icmp --  !lo    *       0.0.0.0/0            173.201.24.210
23     159 26604            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0
24     148 18935            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210
25       2   128            udp  --  !lo    *       173.201.24.210       0.0.0.0/0
26       2   128            udp  --  !lo    *       0.0.0.0/0            173.201.24.210
27     161 26732            all  --  !lo    *       173.201.24.210       0.0.0.0/0
28     150 19063            all  --  !lo    *       0.0.0.0/0            173.201.24.210
29       1    40            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:80
30       1    44            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:80
31       0     0            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:25
32       0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:25
33       0     0            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:110
34       0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:110
35       0     0            icmp --  !lo    *       184.168.28.15        0.0.0.0/0
36       0     0            icmp --  !lo    *       0.0.0.0/0            184.168.28.15
37      14  1300            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0
38       9   399            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15
39      14  2581            udp  --  !lo    *       184.168.28.15        0.0.0.0/0
40      14  1082            udp  --  !lo    *       0.0.0.0/0            184.168.28.15
41      28  3881            all  --  !lo    *       184.168.28.15        0.0.0.0/0
42      23  1481            all  --  !lo    *       0.0.0.0/0            184.168.28.15
43       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:80
44       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:80
45       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:25
46       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:25
47       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:110
48       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:110
49       0     0            icmp --  !lo    *       173.201.47.54        0.0.0.0/0
50       0     0            icmp --  !lo    *       0.0.0.0/0            173.201.47.54
51     182 79549            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0
52     191 21285            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54
53       2   124            udp  --  !lo    *       173.201.47.54        0.0.0.0/0
54       2   124            udp  --  !lo    *       0.0.0.0/0            173.201.47.54
55     184 79673            all  --  !lo    *       173.201.47.54        0.0.0.0/0
56     193 21409            all  --  !lo    *       0.0.0.0/0            173.201.47.54
57    2057  367K            all  --  !lo    *       0.0.0.0/0            0.0.0.0/0

Open in new window

Update:

I found the modules location:

root@ip-184-168-116-73 [/etc/init.d]# cd /lib/iptables
root@ip-184-168-116-73 [/lib/iptables]# ls -al
total 488
drwxr-xr-x  2 root root  4096 Oct 11 02:43 ./
drwxr-xr-x 14 root root  4096 Oct 11 02:44 ../
-rwxr-xr-x  1 root root  4424 Oct 30  2012 libipt_CLASSIFY.so*
-rwxr-xr-x  1 root root  6904 Oct 30  2012 libipt_CLUSTERIP.so*
-rwxr-xr-x  1 root root  5848 Oct 30  2012 libipt_CONNMARK.so*
-rwxr-xr-x  1 root root  6084 Oct 30  2012 libipt_DNAT.so*
-rwxr-xr-x  1 root root  6004 Oct 30  2012 libipt_DSCP.so*
-rwxr-xr-x  1 root root  5200 Oct 30  2012 libipt_ECN.so*
-rwxr-xr-x  1 root root  6928 Oct 30  2012 libipt_LOG.so*
-rwxr-xr-x  1 root root  5924 Oct 30  2012 libipt_MARK.so*
-rwxr-xr-x  1 root root  4808 Oct 30  2012 libipt_MASQUERADE.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_MIRROR.so*
-rwxr-xr-x  1 root root  4900 Oct 30  2012 libipt_NETMAP.so*
-rwxr-xr-x  1 root root  4164 Oct 30  2012 libipt_NFQUEUE.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_NOTRACK.so*
-rwxr-xr-x  1 root root  4808 Oct 30  2012 libipt_REDIRECT.so*
-rwxr-xr-x  1 root root  6020 Oct 30  2012 libipt_REJECT.so*
-rwxr-xr-x  1 root root  5300 Oct 30  2012 libipt_SAME.so*
-rwxr-xr-x  1 root root  6052 Oct 30  2012 libipt_SNAT.so*
-rwxr-xr-x  1 root root  3428 Oct 30  2012 libipt_TARPIT.so*
-rwxr-xr-x  1 root root  4500 Oct 30  2012 libipt_TCPMSS.so*
-rwxr-xr-x  1 root root  4960 Oct 30  2012 libipt_TOS.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_TRACE.so*
-rwxr-xr-x  1 root root  4928 Oct 30  2012 libipt_TTL.so*
-rwxr-xr-x  1 root root  6164 Oct 30  2012 libipt_ULOG.so*
-rwxr-xr-x  1 root root  5944 Oct 30  2012 libipt_addrtype.so*
-rwxr-xr-x  1 root root  5312 Oct 30  2012 libipt_ah.so*
-rwxr-xr-x  1 root root  4292 Oct 30  2012 libipt_comment.so*
-rwxr-xr-x  1 root root  4696 Oct 30  2012 libipt_connlimit.so*
-rwxr-xr-x  1 root root  4648 Oct 30  2012 libipt_connmark.so*
-rwxr-xr-x  1 root root 10360 Oct 30  2012 libipt_conntrack.so*
-rwxr-xr-x  1 root root  8052 Oct 30  2012 libipt_dccp.so*
-rwxr-xr-x  1 root root  6004 Oct 30  2012 libipt_dscp.so*
-rwxr-xr-x  1 root root  5152 Oct 30  2012 libipt_ecn.so*
-rwxr-xr-x  1 root root  5344 Oct 30  2012 libipt_esp.so*
-rwxr-xr-x  1 root root  9432 Oct 30  2012 libipt_hashlimit.so*
-rwxr-xr-x  1 root root  4228 Oct 30  2012 libipt_helper.so*
-rwxr-xr-x  1 root root  7268 Oct 30  2012 libipt_icmp.so*
-rwxr-xr-x  1 root root  5844 Oct 30  2012 libipt_iprange.so*
-rwxr-xr-x  1 root root  5092 Oct 30  2012 libipt_length.so*
-rwxr-xr-x  1 root root  5876 Oct 30  2012 libipt_limit.so*
-rwxr-xr-x  1 root root  4608 Oct 30  2012 libipt_mac.so*
-rwxr-xr-x  1 root root  4580 Oct 30  2012 libipt_mark.so*
-rwxr-xr-x  1 root root  8968 Oct 30  2012 libipt_multiport.so*
-rwxr-xr-x  1 root root  6532 Oct 30  2012 libipt_owner.so*
-rwxr-xr-x  1 root root  5860 Oct 30  2012 libipt_physdev.so*
-rwxr-xr-x  1 root root  4932 Oct 30  2012 libipt_pkttype.so*
-rwxr-xr-x  1 root root 10068 Oct 30  2012 libipt_policy.so*
-rwxr-xr-x  1 root root  4516 Oct 30  2012 libipt_realm.so*
-rwxr-xr-x  1 root root  7988 Oct 30  2012 libipt_recent.so*
-rwxr-xr-x  1 root root  7696 Oct 30  2012 libipt_rpc.so*
-rwxr-xr-x  1 root root 10532 Oct 30  2012 libipt_sctp.so*
-rwxr-xr-x  1 root root  3432 Oct 30  2012 libipt_standard.so*
-rwxr-xr-x  1 root root  5060 Oct 30  2012 libipt_state.so*
-rwxr-xr-x  1 root root  5944 Oct 30  2012 libipt_statistic.so*
-rwxr-xr-x  1 root root  7716 Oct 30  2012 libipt_string.so*
-rwxr-xr-x  1 root root  8736 Oct 30  2012 libipt_tcp.so*
-rwxr-xr-x  1 root root  4964 Oct 30  2012 libipt_tcpmss.so*
-rwxr-xr-x  1 root root  5216 Oct 30  2012 libipt_tos.so*
-rwxr-xr-x  1 root root  4976 Oct 30  2012 libipt_ttl.so*
-rwxr-xr-x  1 root root  6384 Oct 30  2012 libipt_udp.so*
-rwxr-xr-x  1 root root  3264 Oct 30  2012 libipt_unclean.so*

Open in new window


I don't know which modules I have loaded dynamically or statically and which ones I need (if needed) and how I would do this. I have Centos 5.9 using WHM/cPanel. Any suggestions or help is greatly appreciated! =)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm glad you have a workaround. iptables is handling error returns rather badly: reporting the return value (which is almost always -1 on error from a system call) rather than the value of errno (which strace does report). The missing file could be a Linux Kernel Module, perhaps not built to save space(?)
found a limitation on the Godaddy server so I had to modify or use a simpler version of the iptables command.