In a Linux operating system, a port is a communication endpoint for either sending or receiving data over a network. Network ports are identified by a number, and each port number is associated with a specific type of network service. For example, port 80 is used for HTTP traffic, port 21 is used for FTP, and port 25 is used for email.
In order to establish a network connection, you need to open a port on your Linux system. There are several methods for doing this, including using the built-in firewall programs FirewallD, UFW, and iptables. Each of these methods has its own set of advantages and disadvantages, and in this article, we will discuss how to open a port in Linux using each of these methods.
Check Listening Ports on Your System
You can use `ss` or `netstat` command line utility to list all the ports listening on your local system.
ss -tuln
This command will list all the ports listening on your machine along with the socket connected to that ports. You can filter the listening port with the following command.
ss -tuln | grep "LISTEN"
You will see output like below:
Output
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* tcp LISTEN 0 100 0.0.0.0:25 0.0.0.0:* tcp LISTEN 0 100 0.0.0.0:143 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:111 0.0.0.0:* tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 5 [::1]:631 [::]:* tcp LISTEN 0 100 [::]:25 [::]:* tcp LISTEN 0 511 *:443 *:* tcp LISTEN 0 70 *:33060 *:* tcp LISTEN 0 151 *:3306 *:* tcp LISTEN 0 511 *:80 *:* tcp LISTEN 0 128 [::]:22 [::]:*
Opening a Port with FirewallD:
FirewallD is a firewall management tool that is included in many popular Linux distributions, including CentOS, Fedora, and Red Hat Enterprise Linux. It provides a simple and easy-to-use interface for configuring the firewall rules on your system.
- List Services: To open a port with FirewallD, you first need to check if the service you want to allow is listed in the predefined service list. You can do this by running the following command:
firewall-cmd --get-services
This will display a list of all the predefined services that are supported by FirewallD.
|
# Syntax firewall–cmd —permanent —add–service=service_name |
Replace “service_name” with the name of the service you want to allow. For example, to open port 80 for HTTP traffic, you would run the following command:
firewall-cmd --permanent --add-service=http
|
# Syntax firewall–cmd —permanent —add–port=port_number/protocol |
Replace “port_number” with the number of the port you want to open, and “protocol” with the protocol used by the service (either “tcp” or “udp”). For example, to open port 8080 for HTTP traffic using the TCP protocol, you would run the following command:
firewall-cmd --permanent --add-port=8080/tcp
Save the firewall rules: Once you have added the necessary firewall rule, you need to reload the firewall to apply the changes. You can do this by running the following command:
firewall-cmd --reload
Opening a Port with UFW:
UFW (Uncomplicated Firewall) is a firewall management tool that is included in many popular Linux distributions, including Ubuntu and Linux Mint. It provides a simple and easy-to-use interface for configuring the firewall rules on your system.
- List Services: To open a port with UFW, you first need to check if the service you want to allow is listed in the predefined service list. You can do this by running the following command:
ufw app list
This will display a list of all the predefined services that are supported by UFW.
|
# Syntax ufw allow service_name |
Replace “service_name” with the name of the service you want to allow. For example, to open port 80 for HTTP traffic, you would run the following command:
ufw allow http
|
# Syntax ufw allow port_number/protocol |
Replace “port_number” with the number of the port you want to open, and “protocol” with the protocol used by the service (either “tcp” or “udp”). For example, to open port 8080 for HTTP traffic using the TCP protocol, you would run the following command:
ufw allow 8080/tcp
ufw status
This will display a list of all the active firewall rules, along with their status (either “enabled” or “disabled”).
You can also use the UFW command line interface to enable or disable specific rules, or to delete them altogether.
Opening a Port with Iptables:
Iptables is a powerful firewall management tool that is included in most Linux distributions. It provides a wide range of options for configuring the firewall rules on your system, but it can be more complex to use than FirewallD and UFW.
- Open Port by Number: To open a port with iptables, you need to use the “iptables” command followed by the appropriate options and arguments. For example, to open port 80 for HTTP traffic using the TCP protocol, you would run the following command:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
This command adds a new firewall rule that allows incoming traffic on port 80 using the TCP protocol. The “-A” option specifies that the rule should be appended to the end of the INPUT chain, and the “-j” option specifies the action to be taken (in this case, ACCEPT).
iptables -A INPUT -p tcp -m multiport --dports 80:90 -j ACCEPT
service iptables save
This will save the current firewall configuration to the appropriate configuration file so that the rules are applied every time the system is restarted.
Conclusion
In this article, we explored three different tools that can be used to open a port in Linux: FirewallD, UFW, and iptables. FirewallD is a firewall management tool that provides a front-end interface for iptables. It is a user-friendly tool that allows you to easily manage your firewall rules. UFW is another user-friendly firewall tool that allows you to easily open and close ports. Finally, we looked at iptables, which is a more advanced tool that gives you greater control over your firewall. All three of these tools can be used to open a port in Linux and allow network traffic to flow through to specific programs or services. In conclusion, the choice of which tool to use will depend on your level of familiarity with Linux firewalls and your personal preference.
