Linux open udp ports

Как открыть внешнее UDP и TCP соединения на порте

Здравствуйте! Взял себе VDS чтобы запихать туда сервер по CSS. В ходе переноса сервера с хостинга на VDS с такой проблемой: для работы веб-скрипта SourceBans необходимы открытые TCP и UDP соединения на порте сервера (27018), и вот вопрос: как их открыть? Уже дня 3 не могу найти ответа, в итоге из всей информации сумел выудить лишь то, что открытие осуществляется посредством правил iptables. Но проблема в том, что нужный «код», для открытия соединений на этом порте, найти не могу. Просьба написать этот код! Заранее спасибо.

Если это VDS, то нужные тебе порты и так «открыты», скорее всего, то есть — не заблокированы. А вообще, для чистоты эксперимента покажи вывод iptables-save (только не забудь про www.linux.org.ru/wiki/en/Lorcode)

если у тебя centos/redhat/fedora/etc весь конфиг iptables хранится в /etc/sysconfig/iptables
у тебя там уже есть открытые порты(как минимум 22-ой).
возьми и скопируй строку, заменив номер порта и протокол.

Вроде как по коду похоже что порты открыты, но я чекаю тут, то видна такая картинка

Насчёт чекалки, то да, я это знаю. А так же я знаю, что отследить UDP соединение (по той же схемы что и TCP) — нельзя. Так что, как говорится, «что имеем».

А вот результат

А зачем эти все правила, если input/output accept?
У провайдера нет отдельного фаервала в админке? Сервер слушает 0.0.0.0 или внешний ip, а не например 127.0.0.1?

Честно говоря вообще не понимаю о чём речь. Просто нужно открыть порт 27018 для внешнего UDP и TCP соединения. Как — не знаю, вот и написал сюда

Он его не слушает. Порт и так открыт.

Еще бы настроить сервисы слушать только локалхост, если доступ из инета не нужен. Типа exim4, mysqld, dovecot.

О чём речь вообще? То что порт открыт я и так знаю. Мне нужно открыть соединения на этом порте

Я нихрена не понял, что вам нужно. Соединение возникает между двумя программами, одна слушает порт, другая туда подключается. Вам нужно настроить какой-то процесс, чтобы он слушал порт 27018. Ну запустите:

netstat -t -l 27018

а с другой машины подключайтесь telnet’ом на этот адрес и порт 27018.

Можно вместо ″-t″ указывать ″-u″, тогда nc будет слушать udp и с помощью nc, с другой машины можно под udp отправлять пакет.

У тебя сервер css слушает соединения только на 127.0.0.1, но не на внешнем ip. Настраивай конфиг css.

В общем вообще ничего не понятно. Что значит «Настраивай конфиг css»?

Источник

HowTo: UNIX / Linux Open TCP / UDP Ports

H ow do I open the TCP or UDP ports under UNIX / Linux like operating systems?

A port is an application-specific or process-specific software construct serving as a communications endpoint and it is identified by its number such as TCP port number 80 . It is used by TCP and UDP of the Internet Protocol Suite. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535.

In the above example Apache process associates its input and output channel file descriptors (fd) with a port number 80 and an IP address 202.54.1.1. This is known as binding. It is used to send and receive web pages via UNIX / Linux operating system’s networking stack (software). In other words communication is done using application ports. When you start the Apache you open port 80 for communication. Common services such as web, mail, pop3 et all use use specifically reserved, well-known port numbers for receiving service requests from client hosts. The well-known ports are defined the Internet Assigned Numbers Authority (IANA). Type the following command to see list well-known of TCP and UDP port numbers:
$ less /etc/services
grep -w 80 /etc/services
Sample outputs:

Privileged Ports

Typically port number less than 1024 are used by well know network servers such as Apache. Under UNIX and Linux like oses root (super user) privileges are required to open privileged ports. Almost all clients uses a high port numbers for short term use. This is also known as an ephemeral port. For example Apache use TCP port 80

The port numbers are divided into three ranges:

1. Well Known Ports: those from 0 through 1023.
2. Registered Ports: those from 1024 through 49151
3. Dynamic and/or Private Ports: those from 49152 through 65535

You can increase local port range by typing the following command (Linux specific example):
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
You can also increase or decrease socket timeout (Linux specific example):
# echo 2000 > /proc/sys/net/ipv4/tcp_keepalive_time

Common Well Known Port Numbers

The following are used by UNIX / Windows / Linux / BSD / OS X and all other server operating systems or network devices (see /etc/services file):

• 21: FTP Server
• 22: SSH Server (remote login)
• 25: SMTP (mail server)
• 53: Domain Name System (Bind 9 server)
• 80: World Wide Web (HTTPD server)
• 110: POP3 mail server
• 143: IMAP mail server
• 443: HTTP over Transport Layer Security/Secure Sockets Layer (HTTPDS server)
• 445: microsoft-ds, Server Message Block over TCP

How Do I See Open Ports and Socket Information Under UNIX or Linux?

You can use the netstat command:
# netstat -tulpn
FreeBSD specific example:
# sockstat -l
To list open IPv4 connections use the lsof command:
# lsof -Pnl +M -i4
The ss command is used to dump socket statistics. It allows showing information similar to netstat command. It can display more TCP and state information than other tools
# ss -s
# ss -l
# ss -pl
# ss -o state established ‘( dport = :smtp or sport = :smtp )’

Examples

Each TCP or UDP port is opened using a UNIX service or daemon such as Apache web server. You can also write a program using C, C++, Perl, Shell or Bash to open any port. You can also use utilities such as nc command .

Apache Server Example (open TCP port 80)

Start the Apache web server under FreeBSD as follows to open TCP port 80:
# /usr/local/etc/rc.d/apache22 forcestart
OR
# /usr/local/etc/rc.d/apache22 start
To displays listening sockets (open ports) under FreeBSD, enter:
# sockstat -l
OR
# netstat -nat | grep LISTEN
You should see port 80 opened under FreeBSD. Under CentOS or Redhat (RHEL) Linux, you can open port 80 using the following commands:
# service httpd start
# chkconfig httpd on
# netstat -tulpn | grep :80

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Firewall Configuration

All port numbers are encoded in the transport protocol packet header, and they can be read by other components of the network stack such as firewall. Firewall can be used for port forwarding or denying access to open port. For example, block an abusing IP address called 1.2.3.4 using UNIX firewall. In other words, Apache port is open but it may be blocked by UNIX (pf) or Linux (iptables) firewall. You also need to open port at firewall level. In this example, open tcp port 80 using Linux iptables firewall tool:
# /sbin/iptables -A INPUT -m state —state NEW -m tcp -p tcp —dport 80 -j ACCEPT
# service iptables save

Источник

Redhat / CentOS / Fedora Linux Open TCP/UDP Ports

Let us see how to open a port in the firewall on CentOS or RHEL version 5.x/6.x and 7.x including the latest version of Fedora Linux 27 or above.

How to open TCP port 80 on a RHEL/CentOS Linux

Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
-A RH-Firewall-1-INPUT -m state —state NEW -m tcp -p tcp —dport 80 -j ACCEPT
Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

Open port TCP port # 110 on a RHEL

Append rule as follows:
-A RH-Firewall-1-INPUT -m state —state NEW -m tcp -p tcp —dport 110 -j ACCEPT

Open port 143 on a CentOS

Append rule as follows:
-A RH-Firewall-1-INPUT -m state —state NEW -m tcp -p tcp —dport 143 -j ACCEPT

Restart iptables service

Type the following command:
# service iptables restart

A note about opening a port on CentOS/RHEL 6

You can also use the iptable command as follows to open port 443:
# iptables -I INPUT -p tcp -m tcp —dport 443 -j ACCEPT
# service iptables save

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

A note about Red Hat Enterprise Linux 7.x and CentOS 7.x

Above commands or files won’t work on RHEL/CentOS 7.x or the latest version of Fedora Linux. To see current open ports, type:
# firewall-cmd —list-ports
Find list of zones:
# firewall-cmd —get-zones
Sample outputs:

To find about interface name use ip command:
$ ip a
Sample outputs:

To get info about eth0 interface:
# firewall-cmd —get-zone-of-interface=eth0
Sample outputs:

Type the following command to open TCP port 80 for Apache/httpd server:
# firewall-cmd —permanent —add-port 80/tcp
To list open port again, type:
# firewall-cmd —list-ports
Sample outputs:

To open port range between 2000-3000/tcp, enter:
# firewall-cmd —permanent —add-port 2000-3000/tcp
Command to start/stop/restart firewall:
# systemctl start firewalld
# systemctl stop firewalld
# systemctl restart firewalld
# systemctl status firewalld
Sample outputs:

Verify that port is open

Run following command ss command/netstat command:
# netstat -tulpn | less
OR
# ss -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections by listing rules:
# iptables -L -n -v
Please refer to iptables man page for more information about iptables usage and syntax:
man iptables
man firewall-cmd

See also

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

How to close and save a file.

LOL, if you can’t even navigate in a *nix environment why do you even bother with iptables?

nevertheless you can do the following:

1-insert rules you want
2- press Esc
3- press :
4- wq
5- Enter

save and close a file in VI
hit ESC
type :
type x

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 587 -j ACCEPT

hi i used this code in fedora 5 to open up the port 587 in my firewall so sendmail would work using this vi command below:

then i applied the changes and restarted the firewall as you metioned above, ok poped up for all selections. did i do this ok? let me know and thanks. rich.

I wonder what is happening on my newly installed centos5.2 as all connections excepts icmp are periodically refused (up and down in un-orderly fashion)

Please advice whats wrong; action taken
#service iptables stop
#chkconfig iptables off
#chkconfig –del iptables
#mkdir /backup
#mv /etc/init.d/iptables /backup/
#mv /etc/init.d/ip6tables /backup/
#init 6

Yet the connection refuse error keep on happening time to time(more frequently that connected)

You must be using another firewall script such as apf. Most hosting companies install something like this.

Don’t forget to make sure the ACCEPT lines are before any REJECT lines

MOVING the REJECTs to end of file or Above COMMIT Worked for me.

Helped me too. Thanks

good site, helped me a lot to restart a port in linux 5

An application that I use has an in-built Tcl webserver that uses ports 8015/8016. Is there a way to open these ports but at the same time restrict access to only selected IP addresses?

Sweet! I needed to open a port for the Sybase database server I installed on this box. Your instructions worked perfectly. Thanks for taking the time to post these instructions.

THank you so much buddy. That really helped.

Or, you can just run “system-config-securitylevel” and do it the easy way. 🙂
I always hated iptables commands.

thankyou now i can open port 80 🙂

I don’t seem to have a file called iptables.

When I create it in /etc/sysconfig and add one of those lines at the top, I get an error upon restart saying

“Applying iptables firewall rules: iptables-restore: line 1 failed”

Deleting that file again and restarting the service works fine. Any ideas?

Add your lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain. Do not add them at the top of the file.

For me, I needed to change the word RH-Firewall-1-INPUT to simply INPUT – I have CentOS 6.4. So, I ended up adding:

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

I found that by using “iptables -F” followed by “service iptables save” I can generate this file. It then contians several rules – however LOG and DROP are not mentioned.

I’ve tried to add the lines in various places but get an error every time. I’m trying to accept incoming UDP traffic on a couple of ports for use with OSSEC.

the script line you advised for opening port 80 didn’t work for me!
this worked

-I INPUT -p tcp –dport 80 -j ACCEPT

Thanks this one worked for me too

Yup me too – needed to change RH-Firewall-1-INPUT to just INPUT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

I’ve made use of this article twice in as many weeks. Thanks!

I am Trying To Install Camfrog Server ( Linux Version ) On My Linus CentOS I can Wget And Install The App But Is Stuck After This Point Does Anyone KNow How to Install This App?

Hi iam totally a newbie to Linux, in my office i am assigned to this task which is install redhat enterprise server 5 and open up the ports 21,22 and 23 to someone else to access the box, he also needs to export the display to his machine as well, as this sounds “GREEK” to me, i need help from you guys to get this completed. pls tell me step by step what should i do?

i need to access java web service which is running on Apache in linux at port 8080 from windows.

Thanks a lot Vivek.

/etc/sysconfig/iptables-config: line 42: -A: command not found
/etc/sysconfig/iptables-config: line 43: -A: command not found

I am getting this error .

someone from outside my network is failing to access my linux server via SSH but i can access it using Putty from within my network. Nothing has changed on my router and there is no firewall in place to block the SSH connection, how can i allow that connection, the guy can ping the server and access other ports.

This information was very useful/handy to me today (2011-07-14) , 5 years after you wrote this article (SEPTEMBER 13, 2007) ! Thank you so much VIVEK GITE. Please keep posing such useful stuff. Regards.

thnx man work fine

I edited my /etc/sysconfig/iptables file. adding in the ports I needed to open. I successfully saved and closed the file, verifying the ports were added to file by viewing the iptables file. I then went to restart it with commands listed above. I kept getting command not found. The first line of the file reads: # Firewall configuration written by system-config-securitylevel
I am running RH Linux 2.6.18-53.el5. How do I stop and start the iptables process so the additional ports will take effect?

Can somebody help me? im trying these methods and they dont work

iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 10 failed
[FAILED]
[root@ sysconfig]# nano iptables

and this is what i have in the file

# Generated by iptables-save v1.4.7 on Fri Sep 16 10:50:02 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13:1276]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INOUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Sep 16 10:50:02 2011

There was a TYPO my bad but i still cant get port 80 to listen.

iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@ sysconfig]# telnet localhost 80
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…

sorry for the triple post after much googling and router configurations i figured it out

hi, thanks a bunch for an informative article. you literally saved my day today.
thanks again.

I have installed a sever with CentOS 6.0 and then installed mySQL and PHP in it. Then i installed CPanel in it. After rebooting the system, my Login screen is disabled and i can only login via Putty software on port 22 , and can only see a console screen.
My question is:
How can i gain access to my cpanel ? i read in articles that cpanel is accessed via 2082 and 2083 ports. But both are seemed to be blocked.

Thanks in advance. Please help

Terrific info. Very helpful. Thanks.

thanks a lot. it worked perfectly
God bless

Источник