- How To Ubuntu Linux Firewall Open Port Command
- Ubuntu Linux firewall open port command
- How do I see the current status of my firewall?
- How do I open tcp port # 22?
- How do I open tcp port # 80 and 443?
- How do I open tcp and udp port # 53?
- Advanced examples for opening TCP and UDP ports
- Denying/blocking port access
- How to delete ufw rules
- Conclusion
- How to check open ports in Linux using the CLI
- What the hell are a TCP and UDP ports?
- Port numbers
- Check open ports in Linux
- Using netstat to list open ports
- Use ss to list open ports
- Listening ports and applications using lsof command
- nmap command
- The open port doesn’t mean anyone from outside can access those ports
- Conclusion
- Easy steps to open a port in Linux RHEL/CentOS 7/8
- Check port status
- Check list of listening ports
- Open a port for some service
- firewalld open port
- Use nc or ncat to open a port in Linux
- Use nc or ncat to open a port and transfer files
- Related Posts
- 3 thoughts on “Easy steps to open a port in Linux RHEL/CentOS 7/8”
How To Ubuntu Linux Firewall Open Port Command
Ubuntu Linux firewall open port command
The program is for managing a Linux firewall is ufw. It aims to provide an easy to use interface for the user/sysadmins and developers. For example:
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | Yes |
| Requirements | ufw command on Ubuntu/Debian Linux |
| Est. reading time | 3 minutes |
- You can open/close ports with ufw allow command.
- Block an IPv4/IPv6 address.
- Delete existing firewall rules.
- Turn on or off firewall logs.
- And more.
Let us see some examples of ufw firewall to open port on Ubuntu server.
How do I see the current status of my firewall?
Type the following command:
sudo ufw status verbose
Sample outputs:
Fig.01: Check the status of UFW on a Ubuntu Linux
How do I open tcp port # 22?
To allow incoming tcp packets on port 22, enter:
sudo ufw allow 22/tcp
Verify it:
sudo ufw status verbose
How do I open tcp port # 80 and 443?
The service specific syntax is as follows to open http and https service ports:
sudo ufw allow http
sudo ufw allow https
OR
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
How do I open tcp and udp port # 53?
To allow incoming tcp and udp packet on port 53, enter:
sudo ufw allow 53
Verify it:
sudo ufw status verbose
Advanced examples for opening TCP and UDP ports
To allow IP address 192.168.1.10 access to port 22 for all protocols
sudo ufw allow from 192.168.1.10 to any port 22
Open port 74.86.26.69:443 (SSL 443 nginx/apache/lighttpd server) for all, enter:
sudo ufw allow from any to 74.86.26.69 port 443 proto tcp
To allows subnet 192.168.1.0/24 to Sabma services, enter:
ufw allow from 192.168.1.0/24 to any app Samba
You can find service info as follows:
sudo ufw app list
Sample outputs:
To get information on Squid profile/app, run:
ufw app info Squid
Sample outputs:
Denying/blocking port access
We can add deny rule as follows to block all access to port 25:
sudo ufw deny 25
sudo ufw deny 25/tcp comment ‘Block access to smptd by default’
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
How to delete ufw rules
We can list firewall rules using the following syntax on Ubuntu Linux:
sudo ufw status
sudo ufw numbered
Once we found firewall rule number delete by that number:
sudo ufw delete
sudo ufw delete 5
Another option is to type:
ufw delete deny 25/tcp comment ‘Block access to smptd by default’
Conclusion
In this page, you learned how to open TCP and UDP ports using UFW which is a default firewall management tool on Ubuntu Linux. See ufw command man page for more info and all other my tutorials below:
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
How to check open ports in Linux using the CLI
I need to list all open ports in Linux cloud server. How do I check open ports in Linux using the CLI? Can you give me the command to check open ports in Linux operating system?
To troubleshoot server problems and to avoid security issue, one needs to find out open TCP and UDP ports. In this tutorial, you will learn the different Linux commands to check open ports in Linux for auditing and securing the server.
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | Yes |
| Requirements | Linux command line |
| Est. reading time | 5 minutes |
What the hell are a TCP and UDP ports?
A port is nothing but a 16-bit number between 0 to 65535. For example, TCP port number 22 may be forwarded to the OpenSSH server. Therefore, 22 port number is a way to identify the sshd (OpenSSH server) process.
Port numbers
- The Well Known Ports are those from 0 through 1023.
- The Registered Ports are those from 1024 through 49151.
- The Dynamic and Private Ports are those from 49152 through 65535.
A registered port is a network port assigned by the Internet Assigned Numbers Authority (IANA) and stored in /etc/services file. Use the cat command or grep command/egrep command to view port numbers and service mappings:
Display a list of applications and their ports assigned by IANA
Check open ports in Linux
The procedure to monitor and display open ports in Linux is as follows:
- Open a Linux terminal application
- Use ss command to display all open TCP and UDP ports in Linux.
- Another option is to use the netstat command to list all ports in Linux.
- Apart from ss / netstat one can use the lsof command to list open files and ports on Linux based system.
- Finally, one can use nmap command to check TCP and UDP ports too.
Let us see all commands and examples in details.
Using netstat to list open ports
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
- -t : All TCP ports
- -u : All UDP ports
- -l : Display listening server sockets
- -p : Show the PID and name of the program to which each socket belongs
- -n : Don’t resolve names
- | grep LISTEN : Only display open ports by applying grep command filter.
Use ss to list open ports
The ss command is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools. The syntax is:
sudo ss -tulpn
Sample outputs:
Listening ports and applications using lsof command
Let us run the following to check open TCP and UDP ports using the lsof command:
sudo lsof -i -P -n | grep LISTEN
Where,
- -i : Look for listing ports
- -P : Inhibits the conversion of port numbers to port names for network files. Inhibiting the conversion may make lsof run a little faster. It is also useful when port name lookup is not working properly.
- -n : Do not use DNS name
- | grep LISTEN : Again only show ports in LISTEN state using the grep command as filter.
nmap command
In addition, to above commands one can use the nmap command which is an open source tool for network exploration and security auditing. We are going to use nmap to find and list open ports in Linux:
$ sudo nmap -sT -O localhost
$ sudo nmap -sU -O 192.168.2.254 ##[ list open UDP ports ]##
$ sudo nmap -sT -O 127.0.0.1 ##[ list open TCP ports ]##
$ sudo nmap -sTU -O 192.168.2.24
Sample outputs:
The open port doesn’t mean anyone from outside can access those ports
So far, you know how to find and list open TCP and UDP ports on Linux. However, those ports can still be blocked by software, cloud, or hardware firewall. Hence, you need to verify that your corporate firewall is not blocking incoming or outgoing access. For instance on Linux server we list or dump firewall rules using the following syntax:
sudo iptables -S
# IPv6
sudo ip6tables -S
Conclusion
In conclusion, finding out open ports is one of the most fundamental duties of a Linux system administrator for security reasons. Therefore, close down all unwanted ports and configure firewall such as UFW and FirewallD to open or block ports as per your requirements. After reading this tutorial, you should have a good understanding of how to check for open ports in Linux. See IANA’s offical list of TCP, UDP and other ports here for more information.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
Easy steps to open a port in Linux RHEL/CentOS 7/8
Table of Contents
In this article I will share examples to check port status and open a port in Linux. This article was written while using CentOS 8, so it is safe to say that it also fully covers CentOS/RHEL 7/8, Fedora, Oracle Enterprise Linux and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.
Before we jump into the examples to open a port in Linux, we must understand the requirement clearly. The very basic question which comes to my mind
- Do you need to open a port for a service? Such as a custom port 5555 for apache service?
- Do you mean the port is already listening but blocked by firewall so you want to open a port in firewall?
- Open a port for custom temporary task such as transfer and receive files using this port and then close the port.
We will cover all these scenarios in this article
Check port status
To check the list of existing ports which are open we will use nmap to check port status:
Currently we see only two ports are open on my CentOS 8 node.
Check list of listening ports
We will use netstat to list the TCP ports which are in listening state. The total number of ports are higher compared to the nmap output.
Open a port for some service
If this is your requirement then you are looking for the wrong question. Basically it is other way round i.e. a service will open a port. For example when you start SSHD service, by default it will start port 22 and not the other way round i.e. if you open port 22, it will not automatically start SSHD service.
Let us observe this in example, we know that port 22 is open on my CentOS 8 node. If I stop the sshd service
You can see that port 22 is not open anymore.
You must use respective service’s configuration file to change the default port. Once done you can restart the service and that should automatically open the respective port on your Linux node.
This covers the first scenario.
firewalld open port
It is also possible that your ports are disabled in firewall. If your port is not listed in nmap then it is most likely blocked by firewall.
We will use firewalld to open a port as this is the most used interface today in RHEL/CentOS 7 and 8. Determine which zone the system’s network interfaces are in. In the following example, the eth0 and eth1 interface is in the ‘public’ zone:
To permanently firewalld open port in a zone use the —add-port option. The example below permanently opens TCP port 1234 in the ‘public‘ zone. Note that permanent changes do not take effect until the firewalld service is reloaded.
Once firewalld open port, next use netstat to check port status:
We still don’t see port 1234 here. This is because currently port 1234 is not bind to any service . So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.
Use nc or ncat to open a port in Linux
Let us verify this theory Use nc or ncat to open a port in Linux nc or ncat is delivered as part of nmap-ncat rpm in RHEL/CentOS which you can install using yum or dnf. Use —listen with —port to open a port using nc command. In the below example we open port 1234
Open another terminal of this server and check port status
As you see port 1234 is listening for both IPv4 and IPv6. To only use IPv4 use -4 with the above command
Next on another terminal you can check port status for port 1234
Use nc or ncat to open a port and transfer files
We can also use nc to transfer file from one host to another host. Here I will transfer my » inputfile » from centos-8 to rhel-8 On the client we will open a random port, here we will use 9899. I have enabled verbose so you can see more details on the screen
Next to start the transfer, use the below command
If you face any issues you can check the firewall between your server and client. It is possible that the respective port is blocked and you must use firewalld open port
Lastly I hope the steps from the article to open a port and check port status on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
Related Posts
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
3 thoughts on “Easy steps to open a port in Linux RHEL/CentOS 7/8”
A very thorough and helpful post. I was trying to allow ssh on a secondary port and could not get it to work using the usual advice (w/CentOS8.)
The recommendation you provided to add the port using the firewall-cmd was the missing ingredient:
Thanks for this!
Hi
I did below steps and reloaded firewall but still when I do netstat -ntlp port 1234 not showing open
I did explained this part in the article
We still don’t see port 1234 here. This is because currently port 1234 is not bind to any service. So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.
Источник
