have two machines -windows and linux present locally.
I am trying to run remote debugging (using eclipse) on windows machine to a tomcat application on linux box(fedora).
I have enabled a debugging port 8800 on linux box and the startup log says “listening for transport dta_socket at 8800”
Now when I try to connect my eclipse to it, I get “Failed to connect to remote VM. Connection refused.”
Here is the port description on linux
lsof -i:8800
COMMAND PID USER FD TYPE DEVICE
SIZE/OFF NODE NAMEjava 21930 root 4u IPv4 59436 0t0 TCP
*:sunwebadmin (LISTEN)
netstat -tulpn
Proto Recv-Q Send-Q Local Address
Foreign Address State PID/Program nametcp 0 0 0.0.0.0:8800 0.0.0.0:* LISTEN
21930/java
when i hit the url http://{linux-ip}:8800 from either machine, Tomcat logs says
Debugger failed to attach : Handshake failed
Obviously the port is not accessible hence the debugger is not able to connect.
Please suggest, what steps to follow. Any pointers would be helpful too.
Best Answer
My guess is it's a firewall issue. To diagnose, either switch to root or use
sudo
to execute these commands described below:Firstly,
service iptables status
will show you your current rules. Depending on how esoteric your firewall rules are, you may need to add them into the main question to debug but essentially you're looking for a line that accepts TCP port 8800 prior to a line that rejects all connections.e.g.
If you don't have a REJECT line on your input chain, then the firewall is probably already turned off.
One way to get around this is obviously to turn off the firewall (
service iptables stop
) although this defeats the entire purpose of having a firewall.If you need to add a new firewall rule, you have a couple of options:
Use the excellent Firewall Configuration tool (system-config-firewall) that ships with Fedora and can be found at the System->Administration->Firewall menu item in Gnome.
On the command line, insert a new rule before the REJECT rule by executing the following (uses numbers from my example above):
iptables -I INPUT 15 -m state --state NEW -m tcp -p tcp --dport 8800 -j ACCEPT
. NOTE that these changes are not permanent and will not persist beyond the next reboot.Manually edit the
/etc/sysconfig/iptables
file and add a rule (-A INPUT -m state --state NEW -m tcp -p tcp --dport 8800 -j ACCEPT
) to the firewall prior to the REJECT rule. Cycle the firewall service to pick up the changes via aservice iptables restart
. These changes will be applied every time the firewall service is started.