How to Open Ports in Linux – groovyPost

If you’re looking to allow outside connections to a PC or server, you’ll need to open the right port. Linux users can open ports using this helpful guide.
Need to connect to an outside PC or server—or need another PC or server to connect to you? If you’re running Linux, you’ll need to make sure the right port is open.
While other operating systems usually have some graphical tool for this, Linux isn’t so simple. We’ll walk you through how to open ports in Linux below.
A port is an end point on the network. Think of it like a door that leads to a particular room or the outside world, but on your computer. Everything you do on the internet uses a particular port or series of ports.
For example, let’s say you want to run your own Minecraft server. To do so, you’ll need to open a port for users to connect to it through. The same would apply to running your own web, mail, or FTP server.
Ports are standardized across all network-connected devices. The first 1,024 ports (from 0 to 1023) are referred to as well-known port numbers. They are reserved for the most commonly used services, such as HTTP and HTTP (port 80 and 443, respectively) and SSH (port 22).
Port numbers above 1024 are referred to as ephemeral ports, and are typically available for you to use for your online gaming, private web servers, and so forth. Port numbers 1024 to 49151 are called registered or user ports, while those from 49152 to 65535 are known as dynamic or private ports.
Before you start trying to open a port on Linux, you should make sure it isn’t already in use. You can accomplish this using the netstat command, included on most Linux distributions. If your distribution doesn’t have netstat, you can use ss instead.
netstat -lntu outputnetstat -lntu output
This will print all listening sockets (-l), along with the port number (-n). It includes TCP ports (-t) as well as UDP (-u). If your system doesn’t have netstat, just use ss with the same parameters.
ss -lntu outputss -lntu output
For the sake of this example, we’ll assume we want to open port 4000 to TCP connections. We first need to make sure the port isn’t already in use. We do this through netstat or ss.
Assuming the output is blank, we can add the appropriate port rules to the system’s firewall. Methods for this will vary depending on your distribution and whether it uses the newer ufw firewall or firewalld. Ubuntu favors ufw, while CentOS typically uses firewalld instead. Of course, there are still some Linux distributions using the older iptables firewall.
Rather than using the older iptables firewall, Ubuntu and some other distributions use ufw. Under these systems, the following command will open the port.
Skip past the next few steps, and test your newly-opened port to make sure it’s working.
If your system uses firewalld, your best bet is to use the firewall-cmd command to update the rules.
This won’t be a permanent change, but we’ll cover how to make the rules persist after rebooting once we test the port.
If your Linux system doesn’t have ufw or firewalld, you’ll need to use iptables. If it’s not installed, go ahead and get it using your package manager of choice. Once it’s installed, this commands will open port 4000:
If your system uses systemctl, replace the second command with:
Next, we should test the port to make sure it accepts connections. We do this by using netcat (nc) to listen to the port, then attempting to telnet to it.
First, open a terminal window and issue this command:
Leave it running (listening) and open a second terminal window. In that window, you’ll use telnet to test connectivity. If telnet isn’t installed, do so using your package manager.
Replace [hostname/IP address] with your system’s IP address, and [port number] with the port number you opened.
You should see output like that below, indicating an open connection with nc.
telnet outputtelnet output
We can also show the port is open using nmap. Again, if the command isn’t installed already, use your package manager to retrieve it.
nmap outputnmap output
Note that nmap will only list open ports that are listening for connections. That’s why we use netcat for testing, to listen on that port. Otherwise, the port won’t register as being open.
If you run through all of the steps above and can’t achieve a connection to the port, double-check your typing. If you’re certain you entered everything correctly, chances are you’ll need to reconfigure your network router to allow the traffic.
Since every network router has different configuration screens, you should consult the support pages or user’s manual for your particular equipment. You’ll need to check for port forwarding or port mapping settings, as well as any built-in firewall the router may use.
Once you’ve tested your open port and made sure it’s working, you’ll probably want to make the change permanent. Otherwise, the changes may not stick around after a reboot. If you’re an Ubuntu user, or otherwise use the ufw firewall, you don’t have to worry about this. The ufw rules don’t reset on reboot.
Making a port rule stick around after a reboot is easy with firewalld. Just add the —permanent flag to your initial command, and it will be included in your Linux system’s firewall rules on startup.
The iptables firewall is much more troublesome (maybe a good reason to upgrade to firewalld or ufw). To “permanently” open a port in iptables, you can install the iptables-persistent package to help.
When you first install iptables-persistent on a Debian-based system, it will save your current rules to either /etc/iptables/rules.v4 or /etc/iptables/rules.v6. To add new rules, you’ll issue the following command:
For those running RPM-based Linux distributions, it’s a bit different. The package is called iptables-services, and the save files are /etc/sysconfig/iptables and /etc/sysconfig/ip6tables.
On RPM-based distributions, there is also a different command used for IPv6 ports. Saving your rules is done using one of these two commands:
As time goes on, your server needs may change. Just as you should keep abreast of the user accounts on your Linux machine, you should also audit your open ports regularly. Close any open ports no longer needed. Along with regularly changing your password, this is a good security practice that will help you avoid system intrusions and security exploits.
Your email address will not be published. Required fields are marked *

document.getElementById( “ak_js_1” ).setAttribute( “value”, ( new Date() ).getTime() );
If you need to transfer your Windows 11 product key or just need it to do a clean install of the OS,…
Backing up your data to the cloud via an automated service is critical. Backblaze is the solution I use and recommend. Here’s…
Chrome does an excellent job of storing your browsing history, cache, and cookies to optimize your browser performance online. Hers’s how to…
Buying in-store doesn’t mean you have to pay higher prices. Thanks to price-matching guarantees, you can get online discounts while shopping in…
If you’ve been enjoying Disney Plus and want to share it with others, here’s how to buy a Disney+ Gift subscription for…
Copyright © 2007-2021 groovyPost™ LLC | All Rights Reserved


Leave a comment

Your email address will not be published.