Solved

How to open port 9000 for XDebug on Centos 5.9

Posted on 2014-01-25
17
4,027 Views
Last Modified: 2014-02-01
Hi,

I'm wondering how I can open port 9000 for the XDebug on Centos 5.9.

when I try to telnet from my Windows 7 machine to the Centos I get:

telnet 173.201.47.54 9000
....on port 9000: Connect failed

So how do I open this port?

I'm using PHPStorm and the XDebug reports:
Xdebug proxy: Cannot connect to xdebug proxy on 'myultratrust.com:9000'

Wasn't intending to create a XDebug proxy so not sure how to not use it in the settings. Anyone know?

Thanks,
Victor
0
Comment
Question by:Victor Kimura
17 Comments
 
LVL 19

Accepted Solution

by:
Patricksr1972 earned 100 total points
Comment Utility
Hi,
Something like this?
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT -m comment --comment "Xdebug port"

Try it and when satisfied run,
service iptables save
0
 

Author Comment

by:Victor Kimura
Comment Utility
Ok, thanks, @Patraicksr1972. Haven't tested it. But will this open for outbound and inbound too?
0
 

Author Comment

by:Victor Kimura
Comment Utility
@Patricksr1972, it states command not found.
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 100 total points
Comment Utility
on the linux machine, if you do netstat -at | grep 9000 is there something listed?
that would be the first thing i would check; to verify it's listening

when you ran iptables, did you do it as root?
0
 

Author Comment

by:Victor Kimura
Comment Utility
@seth2740

I have this output:
root@ip-184-168-116-73 [/home/ultratrust]# netstat -at | grep 9000
root@ip-184-168-116-73 [/home/ultratrust]#

So nothing from netstat.

I'm in root.

I get this output with this command though:


root@ip-184-168-116-73 [/home/ultratrust]# /sbin/service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: mangle filter             [  OK  ]
Unloading iptables modules:                                [  OK  ]
0
 

Author Comment

by:Victor Kimura
Comment Utility
Ok, an update:


root@ip-184-168-116-73 [/home/ultratrust]# su -
root@ip-184-168-116-73 [~]# echo $PATH
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25/bin:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25/jre/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/easy/bin:/usr/local/jdk/bin:/usr/local/jdk/bin:/home/ultratrust/perl5/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin:/home/ultratrust/bin:/usr/local/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin
root@ip-184-168-116-73 [~]# whereis iptables
iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8.gz
root@ip-184-168-116-73 [~]# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT -m comment --comment "Xdebug port"
iptables: Unknown error 4294967295

I have an unknown error.
0
 

Author Comment

by:Victor Kimura
Comment Utility
More update. I read this here:
http://kb.parallels.com/en/6816


Symptoms
Sometimes, when running an iptables command inside a Container, one of following errors occurs:
32-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 4294967295
64-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 18446744073709551615
Cause
The most likely cause is that not all required iptables modules are enabled for the Container.
The error may also occur when trying to use an iptables module which is not virtualized for Containers (e.g., MASQUERADE):
// inside a Container:
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o venet0 -j MASQUERADE
iptables: Unknown error 4294967295

---

So it states on the site the resolution is:

Resolution
This article describes how to configure firewall service provided by iptables inside a container.
First of all, the required modules should be loaded on the node itself. It can be done either by means of host operating system or by Parallels Virtuozzo Containers service:
By means of host OS:
To load the required modules upon hardware node startup, edit iptables configuration file.
On RHEL-based Nodes, by editing the /etc/sysconfig/iptables-config file with your favorite text editor and configuring the value of the IPTABLES_MODULES parameter in this file.
On SUSE-based Nodes, by editing the /etc/sysconfig/SuSEfirewall2 file (e.g. by means of the YaST2 configuration tool).
Example: To enable modules ip_conntrack_netbios_ns, ip_conntrack, and ip_conntrack_ftp on Red Hat Linux Enterprise 5 edit /etc/sysconfig/iptables-config and set IPTABLES_MODULE as follows:
    IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack ip_conntrack_ftp"

---

So I have this setup:

root@ip-184-168-116-73 [~]# cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
#   Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".ip_conntrack .bridge-nf"

Open in new window


I don't know if the solution will work because it's a Parallels solution. I have WHM/cPanel and no Parallels. I'm on a VPS so it's using some virtual machine.

So what would I set my IPTABLES_MODULES to?

Also, it states "Changes will be applied after hardware node restart."

How do I restart the node (or do I simply restart iptables)? I guess by the word "node" they are meaning the Parallels node, right? So I should just restart iptables then.

BTW, the man pages for iptables is here too:
http://www.linuxmanpages.com/man8/iptables.8.php

It's all pretty new to me so I don't know which modules to include. Thank you!
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
From your post http:#a39809765 it looks like nothing is listening on port 9000. So any connection attempt to that port is going to fail. I think you need to address that first.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 300 total points
Comment Utility
iptables options often need user-space shared libraries to work (file names ending .so). You need to install the iptables package to get them, if you don't already have them.
Providing your kernel is configured to load modules on demand, there should be no problem there.
For the libraries, you should have e.g. usr/lib/libip4tc.so.0.1.0
0
 

Author Comment

by:Victor Kimura
Comment Utility
@Duncan Roe,

Thank you, Duncan! Ok

I have the following output:

root@ip-184-168-116-73 [~]# which iptables
/sbin/iptables
root@ip-184-168-116-73 [~]# whereis iptables
iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8.gz
root@ip-184-168-116-73 [~]#

Open in new window


Doesn't this output mean my Centos 5.9 machine has it though?

If not then should I be installing it via WHM/cPanel or just regular yum install? If yum then what's the command?

Thank you!
0
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 300 total points
Comment Utility
It looks like you have it, unless your distribution distributes libraries separately. I do not have /lib/iptables but I have a different distribution from you (and I don't know how to use yum).These are the libraries I have
usr/lib/xtables/libxt_RATEEST.so
usr/lib/xtables/libipt_DNAT.so
usr/lib/xtables/libxt_TCPMSS.so
usr/lib/xtables/libip6t_rt.so
usr/lib/xtables/libxt_CONNMARK.so
usr/lib/xtables/libipt_MASQUERADE.so
usr/lib/xtables/libxt_SECMARK.so
usr/lib/xtables/libxt_NOTRACK.so
usr/lib/xtables/libxt_state.so
usr/lib/xtables/libipt_CLUSTERIP.so
usr/lib/xtables/libxt_dccp.so
usr/lib/xtables/libxt_MARK.so
usr/lib/xtables/libipt_ttl.so
usr/lib/xtables/libipt_ULOG.so
usr/lib/xtables/libxt_set.so
usr/lib/xtables/libxt_IDLETIMER.so
usr/lib/xtables/libip6t_LOG.so
usr/lib/xtables/libipt_unclean.so
usr/lib/xtables/libipt_REDIRECT.so
usr/lib/xtables/libip6t_DNPT.so
usr/lib/xtables/libip6t_ipv6header.so
usr/lib/xtables/libip6t_HL.so
usr/lib/xtables/libxt_statistic.so
usr/lib/xtables/libxt_AUDIT.so
usr/lib/xtables/libxt_sctp.so
usr/lib/xtables/libipt_NETMAP.so
usr/lib/xtables/libxt_addrtype.so
usr/lib/xtables/libxt_TPROXY.so
usr/lib/xtables/libip6t_hbh.so
usr/lib/xtables/libxt_DSCP.so
usr/lib/xtables/libxt_connlabel.so
usr/lib/xtables/libxt_NFQUEUE.so
usr/lib/xtables/libxt_length.so
usr/lib/xtables/libxt_mac.so
usr/lib/xtables/libxt_connlimit.so
usr/lib/xtables/libxt_rpfilter.so
usr/lib/xtables/libxt_tcpmss.so
usr/lib/xtables/libip6t_SNPT.so
usr/lib/xtables/libxt_limit.so
usr/lib/xtables/libip6t_REDIRECT.so
usr/lib/xtables/libip6t_REJECT.so
usr/lib/xtables/libxt_standard.so
usr/lib/xtables/libxt_TEE.so
usr/lib/xtables/libxt_quota.so
usr/lib/xtables/libxt_devgroup.so
usr/lib/xtables/libxt_TCPOPTSTRIP.so
usr/lib/xtables/libxt_TOS.so
usr/lib/xtables/libxt_TRACE.so
usr/lib/xtables/libxt_hashlimit.so
usr/lib/xtables/libxt_CHECKSUM.so
usr/lib/xtables/libipt_ah.so
usr/lib/xtables/libipt_icmp.so
usr/lib/xtables/libxt_esp.so
usr/lib/xtables/libxt_connbytes.so
usr/lib/xtables/libxt_udp.so
usr/lib/xtables/libip6t_MASQUERADE.so
usr/lib/xtables/libipt_realm.so
usr/lib/xtables/libxt_connmark.so
usr/lib/xtables/libip6t_eui64.so
usr/lib/xtables/libip6t_SNAT.so
usr/lib/xtables/libxt_cluster.so
usr/lib/xtables/libxt_HMARK.so
usr/lib/xtables/libip6t_dst.so
usr/lib/xtables/libipt_REJECT.so
usr/lib/xtables/libxt_dscp.so
usr/lib/xtables/libxt_multiport.so
usr/lib/xtables/libxt_comment.so
usr/lib/xtables/libipt_MIRROR.so
usr/lib/xtables/libxt_helper.so
usr/lib/xtables/libxt_physdev.so
usr/lib/xtables/libxt_osf.so
usr/lib/xtables/libxt_cpu.so
usr/lib/xtables/libxt_mark.so
usr/lib/xtables/libxt_recent.so
usr/lib/xtables/libxt_string.so
usr/lib/xtables/libxt_u32.so
usr/lib/xtables/libip6t_icmp6.so
usr/lib/xtables/libipt_LOG.so
usr/lib/xtables/libipt_SAME.so
usr/lib/xtables/libxt_iprange.so
usr/lib/xtables/libxt_nfacct.so
usr/lib/xtables/libxt_policy.so
usr/lib/xtables/libxt_tos.so
usr/lib/xtables/libipt_SNAT.so
usr/lib/xtables/libxt_tcp.so
usr/lib/xtables/libxt_time.so
usr/lib/xtables/libxt_socket.so
usr/lib/xtables/libip6t_frag.so
usr/lib/xtables/libxt_rateest.so
usr/lib/xtables/libxt_CT.so
usr/lib/xtables/libxt_bpf.so
usr/lib/xtables/libxt_SET.so
usr/lib/xtables/libip6t_mh.so
usr/lib/xtables/libxt_conntrack.so
usr/lib/xtables/libxt_owner.so
usr/lib/xtables/libipt_ECN.so
usr/lib/xtables/libxt_ecn.so
usr/lib/xtables/libip6t_NETMAP.so
usr/lib/xtables/libxt_CLASSIFY.so
usr/lib/xtables/libxt_pkttype.so
usr/lib/xtables/libxt_CONNSECMARK.so
usr/lib/xtables/libip6t_DNAT.so
usr/lib/xtables/libipt_TTL.so
usr/lib/xtables/libxt_ipvs.so
usr/lib/xtables/libxt_LED.so
usr/lib/xtables/libip6t_ah.so
usr/lib/xtables/libxt_NFLOG.so
usr/lib/xtables/libip6t_hl.so

Open in new window

Pick a few at random and check that you have them ... somewhere
0
 

Author Comment

by:Victor Kimura
Comment Utility
I don't have those xtables. I think it's a different distro. Those file names have xt in them so I think it's part of that particular distro.

I read that I should have this file:
 vi /etc/sysconfig/iptables

But I don't have the above file.

I don't know where that following is getting the information from or where those firerules are. Any suggestions?

It states on this page:
http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/

to enter some IPTABLES_MODULES:
# vi /etc/sysconfig/iptables-config

IPTABLES_MODULES="ip_conntrack_ftp"

On my post here:
http://www.experts-exchange.com/OS/Linux/Q_28348034.html#a39809888
Parallels offers a solution to load some IPTABLES_MODULES to help solve this problem possibly to load the modules on a node. I don't have parallels but am on a VPS with godaddy which is probably using some virtual machine I would think.

But I don't know which modules to load to open that port.

I have this output though:

iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 153K packets, 21M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     151K   21M acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 163K packets, 27M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     160K   25M acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain acctboth (2 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:80
2        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:80
3        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:25
4        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:25
5        0     0            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0           tcp dpt:110
6        0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73      tcp spt:110
7       28  1392            icmp --  !lo    *       184.168.116.73       0.0.0.0/0
8       28  1392            icmp --  !lo    *       0.0.0.0/0            184.168.116.73
9      326 47896            tcp  --  !lo    *       184.168.116.73       0.0.0.0/0
10     348 29260            tcp  --  !lo    *       0.0.0.0/0            184.168.116.73
11      54  5981            udp  --  !lo    *       184.168.116.73       0.0.0.0/0
12      54 20182            udp  --  !lo    *       0.0.0.0/0            184.168.116.73
13     408 55269            all  --  !lo    *       184.168.116.73       0.0.0.0/0
14     430 50834            all  --  !lo    *       0.0.0.0/0            184.168.116.73
15       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:80
16       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:80
17       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:25
18       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:25
19       0     0            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0           tcp dpt:110
20       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210      tcp spt:110
21       0     0            icmp --  !lo    *       173.201.24.210       0.0.0.0/0
22       0     0            icmp --  !lo    *       0.0.0.0/0            173.201.24.210
23     159 26604            tcp  --  !lo    *       173.201.24.210       0.0.0.0/0
24     148 18935            tcp  --  !lo    *       0.0.0.0/0            173.201.24.210
25       2   128            udp  --  !lo    *       173.201.24.210       0.0.0.0/0
26       2   128            udp  --  !lo    *       0.0.0.0/0            173.201.24.210
27     161 26732            all  --  !lo    *       173.201.24.210       0.0.0.0/0
28     150 19063            all  --  !lo    *       0.0.0.0/0            173.201.24.210
29       1    40            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:80
30       1    44            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:80
31       0     0            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:25
32       0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:25
33       0     0            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0           tcp dpt:110
34       0     0            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15       tcp spt:110
35       0     0            icmp --  !lo    *       184.168.28.15        0.0.0.0/0
36       0     0            icmp --  !lo    *       0.0.0.0/0            184.168.28.15
37      14  1300            tcp  --  !lo    *       184.168.28.15        0.0.0.0/0
38       9   399            tcp  --  !lo    *       0.0.0.0/0            184.168.28.15
39      14  2581            udp  --  !lo    *       184.168.28.15        0.0.0.0/0
40      14  1082            udp  --  !lo    *       0.0.0.0/0            184.168.28.15
41      28  3881            all  --  !lo    *       184.168.28.15        0.0.0.0/0
42      23  1481            all  --  !lo    *       0.0.0.0/0            184.168.28.15
43       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:80
44       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:80
45       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:25
46       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:25
47       0     0            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0           tcp dpt:110
48       0     0            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54       tcp spt:110
49       0     0            icmp --  !lo    *       173.201.47.54        0.0.0.0/0
50       0     0            icmp --  !lo    *       0.0.0.0/0            173.201.47.54
51     182 79549            tcp  --  !lo    *       173.201.47.54        0.0.0.0/0
52     191 21285            tcp  --  !lo    *       0.0.0.0/0            173.201.47.54
53       2   124            udp  --  !lo    *       173.201.47.54        0.0.0.0/0
54       2   124            udp  --  !lo    *       0.0.0.0/0            173.201.47.54
55     184 79673            all  --  !lo    *       173.201.47.54        0.0.0.0/0
56     193 21409            all  --  !lo    *       0.0.0.0/0            173.201.47.54
57    2057  367K            all  --  !lo    *       0.0.0.0/0            0.0.0.0/0

Open in new window

0
 

Author Comment

by:Victor Kimura
Comment Utility
Update:

I found the modules location:

root@ip-184-168-116-73 [/etc/init.d]# cd /lib/iptables
root@ip-184-168-116-73 [/lib/iptables]# ls -al
total 488
drwxr-xr-x  2 root root  4096 Oct 11 02:43 ./
drwxr-xr-x 14 root root  4096 Oct 11 02:44 ../
-rwxr-xr-x  1 root root  4424 Oct 30  2012 libipt_CLASSIFY.so*
-rwxr-xr-x  1 root root  6904 Oct 30  2012 libipt_CLUSTERIP.so*
-rwxr-xr-x  1 root root  5848 Oct 30  2012 libipt_CONNMARK.so*
-rwxr-xr-x  1 root root  6084 Oct 30  2012 libipt_DNAT.so*
-rwxr-xr-x  1 root root  6004 Oct 30  2012 libipt_DSCP.so*
-rwxr-xr-x  1 root root  5200 Oct 30  2012 libipt_ECN.so*
-rwxr-xr-x  1 root root  6928 Oct 30  2012 libipt_LOG.so*
-rwxr-xr-x  1 root root  5924 Oct 30  2012 libipt_MARK.so*
-rwxr-xr-x  1 root root  4808 Oct 30  2012 libipt_MASQUERADE.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_MIRROR.so*
-rwxr-xr-x  1 root root  4900 Oct 30  2012 libipt_NETMAP.so*
-rwxr-xr-x  1 root root  4164 Oct 30  2012 libipt_NFQUEUE.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_NOTRACK.so*
-rwxr-xr-x  1 root root  4808 Oct 30  2012 libipt_REDIRECT.so*
-rwxr-xr-x  1 root root  6020 Oct 30  2012 libipt_REJECT.so*
-rwxr-xr-x  1 root root  5300 Oct 30  2012 libipt_SAME.so*
-rwxr-xr-x  1 root root  6052 Oct 30  2012 libipt_SNAT.so*
-rwxr-xr-x  1 root root  3428 Oct 30  2012 libipt_TARPIT.so*
-rwxr-xr-x  1 root root  4500 Oct 30  2012 libipt_TCPMSS.so*
-rwxr-xr-x  1 root root  4960 Oct 30  2012 libipt_TOS.so*
-rwxr-xr-x  1 root root  3300 Oct 30  2012 libipt_TRACE.so*
-rwxr-xr-x  1 root root  4928 Oct 30  2012 libipt_TTL.so*
-rwxr-xr-x  1 root root  6164 Oct 30  2012 libipt_ULOG.so*
-rwxr-xr-x  1 root root  5944 Oct 30  2012 libipt_addrtype.so*
-rwxr-xr-x  1 root root  5312 Oct 30  2012 libipt_ah.so*
-rwxr-xr-x  1 root root  4292 Oct 30  2012 libipt_comment.so*
-rwxr-xr-x  1 root root  4696 Oct 30  2012 libipt_connlimit.so*
-rwxr-xr-x  1 root root  4648 Oct 30  2012 libipt_connmark.so*
-rwxr-xr-x  1 root root 10360 Oct 30  2012 libipt_conntrack.so*
-rwxr-xr-x  1 root root  8052 Oct 30  2012 libipt_dccp.so*
-rwxr-xr-x  1 root root  6004 Oct 30  2012 libipt_dscp.so*
-rwxr-xr-x  1 root root  5152 Oct 30  2012 libipt_ecn.so*
-rwxr-xr-x  1 root root  5344 Oct 30  2012 libipt_esp.so*
-rwxr-xr-x  1 root root  9432 Oct 30  2012 libipt_hashlimit.so*
-rwxr-xr-x  1 root root  4228 Oct 30  2012 libipt_helper.so*
-rwxr-xr-x  1 root root  7268 Oct 30  2012 libipt_icmp.so*
-rwxr-xr-x  1 root root  5844 Oct 30  2012 libipt_iprange.so*
-rwxr-xr-x  1 root root  5092 Oct 30  2012 libipt_length.so*
-rwxr-xr-x  1 root root  5876 Oct 30  2012 libipt_limit.so*
-rwxr-xr-x  1 root root  4608 Oct 30  2012 libipt_mac.so*
-rwxr-xr-x  1 root root  4580 Oct 30  2012 libipt_mark.so*
-rwxr-xr-x  1 root root  8968 Oct 30  2012 libipt_multiport.so*
-rwxr-xr-x  1 root root  6532 Oct 30  2012 libipt_owner.so*
-rwxr-xr-x  1 root root  5860 Oct 30  2012 libipt_physdev.so*
-rwxr-xr-x  1 root root  4932 Oct 30  2012 libipt_pkttype.so*
-rwxr-xr-x  1 root root 10068 Oct 30  2012 libipt_policy.so*
-rwxr-xr-x  1 root root  4516 Oct 30  2012 libipt_realm.so*
-rwxr-xr-x  1 root root  7988 Oct 30  2012 libipt_recent.so*
-rwxr-xr-x  1 root root  7696 Oct 30  2012 libipt_rpc.so*
-rwxr-xr-x  1 root root 10532 Oct 30  2012 libipt_sctp.so*
-rwxr-xr-x  1 root root  3432 Oct 30  2012 libipt_standard.so*
-rwxr-xr-x  1 root root  5060 Oct 30  2012 libipt_state.so*
-rwxr-xr-x  1 root root  5944 Oct 30  2012 libipt_statistic.so*
-rwxr-xr-x  1 root root  7716 Oct 30  2012 libipt_string.so*
-rwxr-xr-x  1 root root  8736 Oct 30  2012 libipt_tcp.so*
-rwxr-xr-x  1 root root  4964 Oct 30  2012 libipt_tcpmss.so*
-rwxr-xr-x  1 root root  5216 Oct 30  2012 libipt_tos.so*
-rwxr-xr-x  1 root root  4976 Oct 30  2012 libipt_ttl.so*
-rwxr-xr-x  1 root root  6384 Oct 30  2012 libipt_udp.so*
-rwxr-xr-x  1 root root  3264 Oct 30  2012 libipt_unclean.so*

Open in new window


I don't know which modules I have loaded dynamically or statically and which ones I need (if needed) and how I would do this. I have Centos 5.9 using WHM/cPanel. Any suggestions or help is greatly appreciated! =)
0
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 300 total points
Comment Utility
Good, you have the required shared libraries. As for whether the Linux kernel modules are loaded, lsmod will tell you that. You have found the 32-bit libraries (because they are under /lob). If you need 64-bit run-time support, there should be a set of libraries under /lib64/iptables. I am not familiar with "containers", but from the error messages you quote it seems that you have both 32-bit and 64-bit iptables executables.
I could suggest a number of measures, but to tie down what really is the problem you are having with iptables I would try
strace -f iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT -m comment --comment "Xdebug port" 2> iptables.txt

Open in new window

and post iptables.txt. But only post if you got the error message
0
 

Assisted Solution

by:Victor Kimura
Victor Kimura earned 0 total points
Comment Utility
@Duncan Roe,

Ok, thanks. I found out that this works:
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT (works!)
iptables -A OUTPUT -p tcp --sport 9000 -j ACCEPT (works!

But this gives the error:
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT -m comment --comment "XDebug port dport INPUT" (doesn't work)

Related to my post here:
http://www.experts-exchange.com/OS/Linux/Q_28349320.html

I think it's Godaddy's VPS. The way they have their virtualization set up or some other limitation they imposed because the comments don't seem to work.

I'm attaching the file from this command:
strace -f iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT -m comment --comment "Xdebug port" 2> iptables.txt
iptables.txt
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
I'm glad you have a workaround. iptables is handling error returns rather badly: reporting the return value (which is almost always -1 on error from a system call) rather than the value of errno (which strace does report). The missing file could be a Linux Kernel Module, perhaps not built to save space(?)
0
 

Author Closing Comment

by:Victor Kimura
Comment Utility
found a limitation on the Godaddy server so I had to modify or use a simpler version of the iptables command.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now