Open Windows Firewall for XDebug

15
votes

This seems like it should be beyond simple, so I hate asking. But I've tried to configure Windows Firewall to allow XDebug to connect to PHPStorm on port 9000 without success.

XDebug is on on Vagrant Box with private network connection--so the host machine has a virtual network adapter. Vagrant is 192.168.33.10 and the host PC is 192.168.33.1.

With Windows Firewall disabled, XDebug connects to PHPStorm. But I obviously don't want to leave my firewall off.

So I've tried to open a port in Windows Firewall with the following Inbound Rule settings:

  • General
    • Enabled: Check
    • Action: Allow the connection
  • Program and Services
    • All programs that meet the specified conditions: Checked
    • Services
      • Apply to all programs and services: Checked
  • Protocols and ports
    • Protocol type: TCP
    • Local port: Specific Ports : 9000
    • Remote port : All Ports
  • Scope
    • Local IP address
      • Any IP address: checked
    • Remote IP address
      • Any IP address: checked
  • Advanced
    • Profiles
      • Domain: checked
      • Private: checked
      • Public: checked
    • Interface types
      • All interface types: checked
    • Edge traversal: Block edge traversal

But it's not working to allow XDebug to connect to PHP storm. I've also tried setting the protocol to UDP. And I'm aware that if this rule did work, it would be excessively open (I could tighten up the scope), but for the moment I just want to see it work before tightening it.

4
windowsxdebugfirewall

4 Answers

9
votes

There is a problem with Virtualbox network host-only interface since it is loopback interface and Windows manage it in a diffrent way.

Easy way to solve this is to open 'regedit'. Search for 'HKLM:\system\CurrentControlSet\control\class{4D36E972-E325-11CE-BFC1-08002BE10318}'. There is plenty of interfaces. Simply look one named 'VirtualBox Host-Only Ethernet Adapter'. Then add new DWORD(32) key named '*NdisDeviceType' and value '1' (hex). Reboot.

I don't know if there is a need to add standard fw rules like host port 9000 allow for all, since i had it already.

More about it - http://brianreiter.org/2010/09/18/fix-virtualbox-host-only-network-adapter-creates-a-virtual-public-network-connection-that-causes-windows-to-disable-services/

3
votes

The simplest approach that I found: Windows Advanced Firewall (where you add/remove rules) -> right-click -> Properties (another place for en/disabling Local/Domain/Public firewalling)

Each off the three scopes (Local/Domain/Public) has a setting to exclude firewall-processing for specific network interfaces completely (!)

Turn of windows firewall for any vmware/virtualbox network interface. (unless you require it against your virtual machine)

This will allow any connection from your guest, to your host machine.

0
votes

In general, it's easier to not specify rules in terms of protocols or port ranges. Rather, just let the the program executable have a firewall exception for everything. So instead of creating a rule for port 9000, just create a rule for "xdebug.exe", but don't limit it to just port 9000.

Control Panel->Windows Firewall -> click "Allow an app or feature through Windows Firewall", then add xdebug.exe (or whatever the executable name is). This will add a new set of inbound rules (one for UDP and another for TCP). Go back to the advanced settings page, find the new inbound rules that were created, and inspect each to validate thatl the "Scope" checkboxes are set (private, domain, public).

There's a way to turn on firewall logging so you can discover what is getting blocked when the firewall is on. Then you can add rules as appropriate.

http://technet.microsoft.com/en-us/library/cc787462(v=ws.10).aspx

0
votes

If you have a NAT adapter on your box in addition to virtual adapter, you can change xdebug config in php.ini xdebug.remote_host parameter to the IP of physical interface on your machine. Easiest way to find out is to try to telnet to 9000 port.