How to enable a port on a Linux operating system.

2 years ago
Olivia Parker
8 minutes

The opening Port on Linux

A port is a point of communication. In an operating system, a port can be either opened or closed to allow data packets for particular processes or network services.

Normally, ports are used to designate a particular network service. It is possible to alter this by manually adjusting the service to utilize a different port, but it is generally acceptable to stick with the default settings.

The initial 1024 ports, ranging from port number 0 to 1023, are known as well-known ports and are exclusively reserved for the most frequently utilized services. Examples of such services include SSH (port 22), HTTP (port 80), and HTTPS (port 443).

Port numbers that exceed 1024 are commonly known as ephemeral ports.

  • Port numbers 1024 to 49151 are called the registered/user ports.
  • Port numbers 49152 to 65535 are called the dynamic/private ports.

You will be learning how to open a temporary port on a Linux system in this tutorial. This is necessary because the commonly used services tend to rely on the well-known ports.

Info

Easily release your applications from GitHub with the Silicon Cloud App Platform. Allow Silicon Cloud to handle the task of scaling your app for you.

Requirements

In order to finish this tutorial, you will require:

  • Familiarity with using the terminal.

Provide a comprehensive inventory of accessible ports.

In order to open a port on Linux, it is important to examine the inventory of all accessible ports first and select an ephemeral port that is not present in that list.

You can employ the netstat command to display a comprehensive list of open ports, encompassing both TCP and UDP, which are the predominant protocols utilized for packet transmission in the network layer.

  1. netstat -lntu

 

The output will be displayed.

  • all listening sockets (-l)
  • the port number (-n)
  • TCP ports (-t)
  • UDP ports (-u)
Output

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 ::1:5432 :::* LISTEN tcp6 0 0 ::1:6379 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN

Note

If netstat is not available in your distribution, you can utilize the ss command to identify open ports by examining listening sockets.

Confirm that you are obtaining reliable results by utilizing the ss command to display a list of listening sockets alongside an open port.

  1. ss -lntu

 

The output will be displayed.

Output

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:5432 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:27017 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:6379 0.0.0.0:* tcp LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 128 [::1]:5432 0.0.0.0:* tcp LISTEN 0 128 [::1]:6379 0.0.0.0:* tcp LISTEN 0 128 [::]:22 0.0.0.0:*

This provides a similar listing of open ports as netstat.

Enabling TCP connections by opening a port on a Linux system.

Open a port that is currently closed and set it to listen for TCP connections.

For this tutorial, you will be required to open port 4000. In case that port is not accessible on your system, you can select any other closed port as long as it is greater than 1023.

Use the netstat command to verify that port 4000 is not being utilized.

  1. netstat -na | grep :4000

 

Alternatively, you can use the ss command.

  1. ss -na | grep :4000

 

The result should be empty to confirm that it is not currently in use, allowing you to manually add the port regulations to the system’s iptables firewall.

For individuals using Ubuntu and systems based on ufw.

Simply utilize ufw, the command line interface for the UncomplicatedFirewall.

Your instructions will be similar to:

  1. sudo ufw allow 4000

 

Please consult the instructions for setting up a ufw Firewall on your specific distribution.

Note

Ubuntu 14.0.4: “Permitting Specific Port Ranges”
Ubuntu 16.0.4/18.0.4/20.0.4/22.0.4: “Permitting Other Connections / Specific Port Ranges”
Debian 9/10/11: “Permitting Other Connections / Specific Port Ranges”

For CentOS and Systems that use firewalld,

To manage the firewalld daemon, employ the command line client known as firewall-cmd.

The commands you give will be similar to:

  1. firewall-cmd –add-port=4000/tcp

 

Please refer to the instructions provided for setting up firewalld on your specific distribution.

Note

Please note that for CentOS 7/8, the process is called “Setting Rules for your Applications / Opening a Port for your Zones.” Similarly, for Rocky Linux 8/9, the process is also referred to as “Setting Rules for your Applications / Opening a Port for your Zones.”

For alternative Linux distributions.

Utilize iptables for modifying the IPv4 packet filter rules of the system.

  1. iptables -A INPUT -p tcp –dport 4000 -j ACCEPT

 

Please consult the documentation specific to your distribution on how to configure a firewall using iptables.

Note

Ubuntu 12.04: “A Simple Firewall”
Ubuntu 14.04: “Allow Essential Connections”

Check the TCP connection of the recently opened port.

Having successfully established a new TCP port, it is now necessary to conduct a test.

To begin, initiate netcat (nc) and wait for incoming connections (-l) on port (-p) 4000. Simultaneously, transmit the result of the ls command to any connected recipient.

  1. ls | nc -l -p 4000

 

For now, please let this session be as it is after the client has established a TCP connection on port 4000. The client will receive the output of the “ls” command.

Open up a new terminal session on the identical device.

If you have enabled a TCP port, you can verify TCP connectivity by using telnet. In case telnet is not available, you can install it through your package manager.

To execute, enter the command by providing your server’s IP address and the port number (4000 in this case).

  1. telnet localhost 4000

 

The aim of this instruction is to establish a TCP connection to the localhost at port 4000.

You will receive a result similar to this one, which shows that a connection has successfully been made with the listening program (nc).

Output

Trying ::1… Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. while.sh

The client has received a successful TCP Connection, as indicated by the ls output (such as while.sh) being sent.

Utilize nmap to verify if the port is accessible.

  1. nmap localhost -p 4000

 

This instruction will verify the accessible port.

Output

Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-18 21:51 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.00010s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE 4000/tcp open remoteanything Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

The port is now open. You have successfully created a new port on your Linux system.

Note

Please take note that nmap will only display open ports if there is an application currently listening on them. If you do not have any listening applications, like netcat, the port 4000 will appear as closed because there is no application currently using it. Similarly, telnet will not function without a listening application. This is why nc is a valuable tool, as it can simulate these situations with a single command.

However, this is just a temporary situation since the modifications will be reverted every time the system is restarted.

Continuing regulations

The method outlined in this article will merely update the firewall rules temporarily, which will only remain in effect until the system is powered off or restarted. Consequently, you will need to follow the same steps once more in order to reopen the identical port after a reboot.

Regarding the ufw Firewall

The reason why the ufw rules remain unchanged after reboot is because the firewall rules are incorporated into the boot process and the kernel saves them using ufw through the application of suitable configuration files.

Regarding firewalld

To make changes permanent, the “–permanent” flag must be applied.

Please consult the instructions specific to your operating system on setting up firewalld.

Note

Please note that in CentOS 7/8, it is referred to as “Setting Rules for your Applications,” while in Rocky Linux 8/9, it is also called “Setting Rules for your Applications.”

Regarding iptables

The saving of configuration rules is required, as per these tutorials, iptables-persistent is recommended.

Please consult the documentation specific to your distribution on setting up a firewall using iptables.

Note

Please make a note of the following:

Ubuntu 12.04: “Preservation of Iptables Rules”
Ubuntu 14.04: “Preservation of your Iptables Configuration”

In conclusion,

You have gained the knowledge to initiate a fresh port on Linux and configure it to accept incoming connections. Furthermore, you have employed netstat, ss, telnet, nc, and nmap in the process.

Keep enhancing your knowledge by exploring How the Iptables Firewall Operates, Delving into Iptables and Netfilter Architecture in Depth, Getting Familiar with Sockets, and Utilizing Top, Netstat, Du, & Other Tools for Tracking Server Resources.

 

more tutorials

Common errors that occur when using Nginx for connections.(Opens in a new browser tab)

The top seven Linux distributions for laptops(Opens in a new browser tab)

Installation of Arch Linux(Opens in a new browser tab)

Python 3 installing on Rocky Linux 9(Opens in a new browser tab)

Python HTTP requests such as GET and POST methods.(Opens in a new browser tab)

 

 

 

Leave a Reply 0

Your email address will not be published. Required fields are marked *