Easy steps to open a port in Linux RHEL/CentOS 7/8
In this article I will share examples to check port status and open a port in Linux. This article was written while using CentOS 8, so it is safe to say that it also fully covers CentOS/RHEL 7/8, Fedora, Oracle Enterprise Linux and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.
Before we jump into the examples to open a port in Linux, we must understand the requirement clearly. The very basic question which comes to my mind
- Do you need to open a port for a service? Such as a custom port 5555 for apache service?
- Do you mean the port is already listening but blocked by firewall so you want to open a port in firewall?
- Open a port for custom temporary task such as transfer and receive files using this port and then close the port.
We will cover all these scenarios in this article
Check port status
To check the list of existing ports which are open we will use nmap to check port status:
Currently we see only two ports are open on my CentOS 8 node.
Check list of listening ports
We will use netstat to list the TCP ports which are in listening state. The total number of ports are higher compared to the nmap output.
Open a port for some service
If this is your requirement then you are looking for the wrong question. Basically it is other way round i.e. a service will open a port. For example when you start SSHD service, by default it will start port 22 and not the other way round i.e. if you open port 22, it will not automatically start SSHD service.
Let us observe this in example, we know that port 22 is open on my CentOS 8 node. If I stop the sshd service
You can see that port 22 is not open anymore.
You must use respective service’s configuration file to change the default port. Once done you can restart the service and that should automatically open the respective port on your Linux node.
This covers the first scenario.
firewalld open port
It is also possible that your ports are disabled in firewall. If your port is not listed in nmap then it is most likely blocked by firewall.
We will use firewalld to open a port as this is the most used interface today in RHEL/CentOS 7 and 8. Determine which zone the system’s network interfaces are in. In the following example, the eth0 and eth1 interface is in the ‘public’ zone:
To permanently firewalld open port in a zone use the —add-port option. The example below permanently opens TCP port 1234 in the ‘public‘ zone. Note that permanent changes do not take effect until the firewalld service is reloaded.
Once firewalld open port, next use netstat to check port status:
We still don’t see port 1234 here. This is because currently port 1234 is not bind to any service . So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.
Use nc or ncat to open a port in Linux
Let us verify this theory Use nc or ncat to open a port in Linux nc or ncat is delivered as part of nmap-ncat rpm in RHEL/CentOS which you can install using yum or dnf. Use —listen with —port to open a port using nc command. In the below example we open port 1234
Open another terminal of this server and check port status
As you see port 1234 is listening for both IPv4 and IPv6. To only use IPv4 use -4 with the above command
Next on another terminal you can check port status for port 1234
Use nc or ncat to open a port and transfer files
We can also use nc to transfer file from one host to another host. Here I will transfer my » inputfile » from centos-8 to rhel-8 On the client we will open a random port, here we will use 9899. I have enabled verbose so you can see more details on the screen
Next to start the transfer, use the below command
If you face any issues you can check the firewall between your server and client. It is possible that the respective port is blocked and you must use firewalld open port
Lastly I hope the steps from the article to open a port and check port status on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
5 thoughts on “Easy steps to open a port in Linux RHEL/CentOS 7/8”
A very thorough and helpful post. I was trying to allow ssh on a secondary port and could not get it to work using the usual advice (w/CentOS8.)
The recommendation you provided to add the port using the firewall-cmd was the missing ingredient:
Thanks for this!
Hi
I did below steps and reloaded firewall but still when I do netstat -ntlp port 1234 not showing open
I did explained this part in the article
We still don’t see port 1234 here. This is because currently port 1234 is not bind to any service. So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.
Hi,
I did the below steps and it worked.
When I use scan port (http://ports.my-addr.com/ip-range-port-scanner-tool.php), the first time the result is open, but the second time the result is closed (port is open but not listening).
How to make the port always listen?
I assume you are asking about nc command. By default nc will close the connection after current connection is completed. To keep it active use -k along with -l
How to Open a Port in Linux
The port number is a virtual concept in computer networking that provides a network identifier for a service or application. The number is a 16-bit integer from 0 to 65535 that combines with the IP address to create a network communication socket.
This article shows how to open a port in Linux and use Linux networking tools to list and test open ports.
- Administrative system access.
- Access to the terminal.
Listing Open Ports
Before opening a port on a system, check if the port you need is already open. The simplest way to do this is to pipe the output of the netstat command to the grep command.
The syntax above tells grep to look for a specific port number in the port list provided by netstat . For example, to check if port 8080 is available on the system, type:
If the port is closed, the command returns no output.
Alternatively, use the following netstat command to display a list of listening ports:
The -l option looks for the listening ports, -n provides numerical port values, while -t and -u stand for TCP and UDP, respectively.
Note: For more details on netstat syntax, read Netstat Command in Linux — 28 Commands with Examples.
Opening a Port in Linux
The correct procedure for opening a port depends on the Linux distribution and the firewall you are using. The following sections provide steps for the three most common scenarios:
- The UFW firewall on Ubuntu-based distributions.
- firewalld on CentOS and other RHEL-based distributions.
- The iptables utility for the systems without UFW and Firewalld.
Ubuntu and UFW Based Systems
UFW (Uncomplicated Firewall) for Ubuntu allows you to open a port with a single command:
The output confirms when you add IPv4 and IPv6 rules.
Alternatively, open the port used by a specific service without stating the port number:
Note: After you finish creating the rules, ensure UFW is active on your system by typing:
CentOS and Other Systems with firewalld
The firewalld tool on CentOS, Fedora, and other related distributions, enables users to control port access on their system. The following command opens a specific port:
The —permanent option ensures that the rules persist after the system reboot.
Note: The —zone=public argument is necessary only in multi-zone system configurations. By default, firewalld assigns all interfaces to the public zone.
Linux Distributions without UFW or firewalld
While installing a full-fledged firewall is the recommended way of maintaining system security, some Linux distributions still use the legacy iptables solution. The iptables utility allows configuring rules to filter IP packets using the Linux kernel firewall.
Use the following command to create an iptables rule for opening a port:
The command creates an IPv4 rule. To create an IPv6 rule, use the ip6tables command:
The port number is specified with the —dport option. The -p flag allows you to define the protocol ( tcp or udp ). For example, to create an IPv4 rule for the TCP port 8080 , type:
Make iptables Rules Persist on Debian-Based Systems
The rules created using iptables do not persist after reboots.
Follow the steps to restore iptables rules after a reboot on Debian-based systems:
1. Save the IPv4 rules you created:
2. Store any IPv6 rules in a separate file:
3. Install the iptables-persistent package:
This package automatically reloads the contents of the rules.v4 and rules.v6 files when the system restarts.
Make iptables Rules Persist on RHEL-Based Systems
RHEL-based systems store the iptables configuration in a different location.
1. Type the commands below to save the IPv4 and IPv6 rules, respectively:
2. Ensure the iptables-services package is installed:
3. Start the service:
4. Enable the service:
5. Save the iptables rule:
6. Restart the service to enforce the rule:
Testing Open Ports
After using any of the methods above to open a port in Linux, ensure that the process is successful. The following methods are simple ways to check the open ports on a system.
View the listening ports with the netstat command:
The output above shows the port 8080 we opened previously.
List the open sockets with the ss command:
The port appears as part of the socket.
Note: To understand the function of sockets in Linux, refer to How Linux Uses Sockets.
Test the port by specifying its number to the nmap command.
Test the Port with the Netcat Utility
The Netcat tool features the nc command that you can use to test an open port. To do so:
1. Use a command such as echo to pipe output to Netcat and specify the port to listen to. The example below pipes a message to test port 8080 :
2. Leave the command running and open another terminal window.
3. In that terminal window, use a command such as telnet to query the local socket.
If the port is open, the output of the telnet command contains the message piped to nc in step 1.
This article provided instructions on opening and testing a port in Linux. Opening a port can be helpful for various reasons, such as allowing incoming traffic to access a specific service or application on your system.
3 Ways to Open a port in Linux
How to open a port on Linux is a common question when testing a firewall-related problem. Today we will use nc command to open a tcp port manually on Linux and check if this port is working or not.
Methods to open a port in Linux
The following Linux commands can be used to open a port.
- use nc command to open a port in Linux: nc -4 -l 1234.
- nc -l -p 1234 -4.
- use nc command to open a port in Ubuntu linux: nc -lk 1234.
- use python code to open a port in Linux.
Use nc or ncat to open a port on Redhat/Centos Linux
The easiest way to open a port in Linux is using nc command. Open the terminal and type nc -l -p port number. The port will be opening on our Linux system. Nc command is delivered as part of nmap-ncat rpm in Linux. We can use yum or dnf to install this package.
In the below example we open port 1234
Open another terminal of this server and check port status
]# netstat -ntlp | grep 1234
tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 28983/nc
tcp6 0 0 . 1234 . * LISTEN 28983/nc
As we see port 1234 is listening for both IPv4 and IPv6. To only use IPv4 use -4 with the above command.
[root@centos-8
]# nc -l -p 1234 -4
Next on another terminal, you can check the port status for port 1234
[root@centos-8
]# netstat -ntlp | grep 1234
tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 29329/nc
Use nc to open a port on Ubuntu Linux
We can use this command to open the port. # nc -lk port number
Use Python code to open a Port on Linux
python -c “import socket ; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.bind((‘0.0.0.0’, 1013)); s.listen(1); conn, addr = s.accept(); print(‘Connected with ‘ + addr[0] + ‘:’ + str(addr[1]))”
how to check tcp port status in Linux
You can use the netstat command to check the status of a TCP port in Linux. For example, if you want to check the status of TCP port 80, you would type: netstat -tlpn | grep :80.
understanding TCP connection status in netstat command
The LISTEN state in netstat means that the system is listening for incoming connections on that port. The TIME_WAIT state in netstat means that the system is waiting for a certain amount of time before closing the connection.
The SYN_SENT status in netstat means that the system is trying to establish a connection with a remote host. The CLOSE_WAIT status in netstat means that the system is waiting for the remote host to close the connection.
What is the nc command in linux?
The nc command in linux is a networking utility that can be used to create and manage TCP and UDP connections. It can be used to send and receive data, as well as to listen for incoming connections.
What are the different options for the nc command?
The nc command has a number of different options that can be used to create and manage TCP and UDP connections.
These options include the -l option, which is used to listen for incoming connections, the -p option, which is used to specify a port number, the -s option, which is used to specify a source address, the -d option, which is used to specify a destination address, and the -v option, which is used to print verbose output.
How to open a port?
I have ubuntu 12.04 and I’m not able to allow certain port in my firewall. So I basically said I will allow everything but it’s still not working. Please help. nmap on this machine from other machine says:
and here is nmap from the same machine
I want to open port 8000 and here is the output of iptables.
2 Answers 2
Your iptables output shows that no port is blocked.
So the question is: Is anything listening on port 8000? If nothing is listening on a port but the port is not blocked by a firewall nmap will report it as closed . From here:
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
So the nmap report: "996 closed ports" actually say that those ports are not blocked by a firewall but no program is listening on them. nmap reports a blocked port as filtered :
filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. .
So if you put an application in listening state on port 8000 it will likely show up in the output of nmap . You can do this if you just run python3 -m http.server or python -m SimpleHTTPServer on the machine on which you are trying to open the ports, this will put a HTTP server listening on port 8000. Then run nmap again to scan the machine.
Your netstat output has this line:
That means your python program is only listening on localhost (127.0.0.1), so it is only accessible from localhost, not from outside. The program has to listen on the IP of your network adapter or on the universal 0.0.0.0 IP. The problem is what I wrote above, no program is listening on the 8000 port (from the outside world) so nmap says it is closed.