Before we look at opening ports on Linux, let’s look at what a network port is. A port is a communication endpoint. Within the operating system, ports allow packet specific processes or network services. Typically, ports identify the specific network services assigned to them. You can change this setting by manually configuring the service to use another port, but you can usually use the default.
The first 1024 ports (0-1023) are known as port numbers and are reserved for the most commonly used services, including SSH (port 22), HTTP and HTTPS (ports 80 and 443), and so on. A port number greater than 1024 is called a temporary port. Among temporary ports, port 1024-49151 is called a registered/user port. The remaining ports 49152-65535 are referred to as dynamic/private ports.
In this tutorial, we’ll show you how to turn on temporary ports on Linux, because the most commonly used services use well-known ports.
1 List all open ports
Before opening ports on Linux, let’s first check the list of all open ports, and then select a temporary port from that list to open. We can use the netstat command to list all open ports, including TCP and UDP ports, which are the most common protocols used for packet transmission in the network layer.
** Note: ** If your distribution does not have Netstat, that is not a problem. You can use the SS command to display open ports by listening for sockets.
netstat -lntu
Copy the codeThis will print all listening sockets (-l) and port numbers (-n), and the TCP ports (-t) and UDP ports (-u) will be listed in the output.
To ensure that we get consistent output, let’s verify this using the SS command to list listening sockets with open ports.
This provides almost the same open port as Netstat, so we’re happy!
2 Open the port on Linux to allow TCP connections
In this case, we open a closed port and make it listen for TCP connections.
Since port 4000 is not used in the system, I choose to open port 4000. If this port is not open on your system, please choose another closed port at any time. Just make sure it’s greater than 1023!
Again, just to make sure, use the netstat or ss command to make sure port 4000 is not used.
netstat -na | grep :4000
ss -na | grep :4000
Copy the codeThe output must be left blank to verify that it is not currently in use so that we can manually add port rules to the system iptables firewall.
2.1 For Ubuntu users and systems based on uFW firewalls
Ubuntu has a firewall called the UFW that handles these rules for ports and connections, rather than the old Iptables firewall. If you are an Ubuntu user, you can use the UFW to directly open the UFW
sudo ufw allow 400
Copy the codeYou can skip the next few steps and test your newly opened port directly!
2.2 For CentOS and Firewalld based systems
For these types of systems, if firewalld is already the primary firewall, it is recommended that you use firewall-cmd to update the firewall rules instead of the old iptables firewall.
firewall-cmd --add-port=4000/tcp
Copy the codeYou can skip the next few steps and test your newly opened port directly!
2.3 For other Linux distributions
So, let’s use the iptables command to add this new port to the system iptables rule. If you have not installed this command, use package manager to obtain it.
iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
Copy the codeThis sets the firewall to append A new rule (-a) to ACCEPT input packets over protocol (-p) TCP, where the target port (–dport) is 4000, and specifies the target jump (-j) rule as ACCEPT.
To update the firewall rules, restart the iptables service.
sudo service iptables restart
Copy the codeOr use systemctl if available).
sudo systemctl restart iptables
Copy the code3 Test the TCP connection of the newly opened port
Now that we have successfully opened a new TCP Port (Port 4000 in my case), let’s test it.
First, we will start Netcat (NC) and listen on port 4000, while sending the output of LS to any connected clients. Therefore, when clients open a TCP connection on port 4000, they will receive the output of ls.
ls | nc -l -p 4000
Copy the codeThis causes Netcat to listen on port 4000. Do not run this session for now.
Open another terminal session on the same computer.
Since the TCP port is open, I will use Telnet to check the TCP connection. If the command does not exist, install again using package manager.
Telnet format:
telnet [hostname/IP address] [port number]
Copy the codeSo enter your server IP and port number (4000 in my case), and run this command.
telnet localhost 4000
Copy the codeThis attempts to open a TCP connection on localhost on port 4000.
You get output similar to this, indicating that a connection has been established with the listener (NC).
As you can see, the output of ls (in my case while.sh) has also been sent to the client, indicating that the TCP connection is successful!
To tell you that the port is indeed open, we can use nmap to check.
nmap localhost -p 4000
Copy the codeIndeed, our ports are open! We have successfully opened a new port on Linux!
Note: Nmap lists only open ports with the current listening application. If you are not using any listening applications (such as Netcat), port 4000 is shown as closed because there are no applications currently listening on the port. Similarly, Telnet does not work because it also requires binding the listening application. This is what makes nc such a useful tool. This simulates this environment in a simple command.
But this is only temporary, because the changes are reset each time the system is rebooted.
4 Update the rules after each restart
The approach described in this article only updates the firewall rules temporarily until the system is shut down/restarted. Therefore, similar steps must be repeated to open the same port again after a reboot.
4.1 UFW Firewalls
Ufw rules are not reset on reboot, so if you are an Ubuntu user, don’t worry about this part! This is because it is integrated into the boot process and the kernel uses the UFW to save the firewall rules with the appropriate configuration files.
4.2 Firewalls
As mentioned earlier, Firewalld has the same problem, but you can avoid it by appending the –permananent flag to the initial command when opening the port or setting any other rules.
For example, you can permanently open TCP port 4000 with the following command:
firewall-cmd --zone=public --add-port=400/tcp --permanent
Copy the code4.3 for the iptables
With iptables firewalls, although there is no way to avoid this inconvenience, we can minimize it. We can save the iptables rules to a configuration file, such as /etc/iptables.conf.
sudo iptables-save | sudo tee -a /etc/iptables.conf
Copy the codeAfter rebooting, we can retrieve it from the configuration file using the following command:
sudo iptables-restore < /etc/iptables.conf
Copy the codeNow that the Iptables rules have been updated, our port is open again!
5 conclusion
In this tutorial, we show you how to open a new port on Linux and set it up as an incoming connection.
Address: www.journaldev.com/34113/openi…