How to enable a port on a Linux operating system.
The opening Port on Linux
A port is a point of communication. In an operating system, a port can be either opened or closed to allow data packets for particular processes or network services.
Normally, ports are used to designate a particular network service. It is possible to alter this by manually adjusting the service to utilize a different port, but it is generally acceptable to stick with the default settings.
The initial 1024 ports, ranging from port number 0 to 1023, are known as well-known ports and are exclusively reserved for the most frequently utilized services. Examples of such services include SSH (port 22), HTTP (port 80), and HTTPS (port 443).
Port numbers that exceed 1024 are commonly known as ephemeral ports.
- Port numbers 1024 to 49151 are called the registered/user ports.
- Port numbers 49152 to 65535 are called the dynamic/private ports.
You will be learning how to open a temporary port on a Linux system in this tutorial. This is necessary because the commonly used services tend to rely on the well-known ports.
Info
Requirements
In order to finish this tutorial, you will require:
- Familiarity with using the terminal.
Provide a comprehensive inventory of accessible ports.
In order to open a port on Linux, it is important to examine the inventory of all accessible ports first and select an ephemeral port that is not present in that list.
You can employ the netstat command to display a comprehensive list of open ports, encompassing both TCP and UDP, which are the predominant protocols utilized for packet transmission in the network layer.
- netstat -lntu
The output will be displayed.
- all listening sockets (-l)
- the port number (-n)
- TCP ports (-t)
- UDP ports (-u)
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 ::1:5432 :::* LISTEN tcp6 0 0 ::1:6379 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
Note
Confirm that you are obtaining reliable results by utilizing the ss command to display a list of listening sockets alongside an open port.
- ss -lntu
The output will be displayed.
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:5432 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:27017 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:6379 0.0.0.0:* tcp LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 128 [::1]:5432 0.0.0.0:* tcp LISTEN 0 128 [::1]:6379 0.0.0.0:* tcp LISTEN 0 128 [::]:22 0.0.0.0:*
This provides a similar listing of open ports as netstat.
Enabling TCP connections by opening a port on a Linux system.
Open a port that is currently closed and set it to listen for TCP connections.
For this tutorial, you will be required to open port 4000. In case that port is not accessible on your system, you can select any other closed port as long as it is greater than 1023.
Use the netstat command to verify that port 4000 is not being utilized.
- netstat -na | grep :4000
Alternatively, you can use the ss command.
- ss -na | grep :4000
The result should be empty to confirm that it is not currently in use, allowing you to manually add the port regulations to the system’s iptables firewall.
For individuals using Ubuntu and systems based on ufw.
Simply utilize ufw, the command line interface for the UncomplicatedFirewall.
Your instructions will be similar to:
- sudo ufw allow 4000
Please consult the instructions for setting up a ufw Firewall on your specific distribution.
Note
Ubuntu 16.0.4/18.0.4/20.0.4/22.0.4: “Permitting Other Connections / Specific Port Ranges”
Debian 9/10/11: “Permitting Other Connections / Specific Port Ranges”
For CentOS and Systems that use firewalld,
To manage the firewalld daemon, employ the command line client known as firewall-cmd.
The commands you give will be similar to:
- firewall-cmd –add-port=4000/tcp
Please refer to the instructions provided for setting up firewalld on your specific distribution.
Note
For alternative Linux distributions.
Utilize iptables for modifying the IPv4 packet filter rules of the system.
- iptables -A INPUT -p tcp –dport 4000 -j ACCEPT
Please consult the documentation specific to your distribution on how to configure a firewall using iptables.
Note
Ubuntu 14.04: “Allow Essential Connections”
Check the TCP connection of the recently opened port.
Having successfully established a new TCP port, it is now necessary to conduct a test.
To begin, initiate netcat (nc) and wait for incoming connections (-l) on port (-p) 4000. Simultaneously, transmit the result of the ls command to any connected recipient.
- ls | nc -l -p 4000
For now, please let this session be as it is after the client has established a TCP connection on port 4000. The client will receive the output of the “ls” command.
Open up a new terminal session on the identical device.
If you have enabled a TCP port, you can verify TCP connectivity by using telnet. In case telnet is not available, you can install it through your package manager.
To execute, enter the command by providing your server’s IP address and the port number (4000 in this case).
- telnet localhost 4000
The aim of this instruction is to establish a TCP connection to the localhost at port 4000.
You will receive a result similar to this one, which shows that a connection has successfully been made with the listening program (nc).
Trying ::1… Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. while.sh
The client has received a successful TCP Connection, as indicated by the ls output (such as while.sh) being sent.
Utilize nmap to verify if the port is accessible.
- nmap localhost -p 4000
This instruction will verify the accessible port.
Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-18 21:51 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.00010s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE 4000/tcp open remoteanything Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
The port is now open. You have successfully created a new port on your Linux system.
Note
However, this is just a temporary situation since the modifications will be reverted every time the system is restarted.
Continuing regulations
The method outlined in this article will merely update the firewall rules temporarily, which will only remain in effect until the system is powered off or restarted. Consequently, you will need to follow the same steps once more in order to reopen the identical port after a reboot.
Regarding the ufw Firewall
The reason why the ufw rules remain unchanged after reboot is because the firewall rules are incorporated into the boot process and the kernel saves them using ufw through the application of suitable configuration files.
Regarding firewalld
To make changes permanent, the “–permanent” flag must be applied.
Please consult the instructions specific to your operating system on setting up firewalld.
Note
Regarding iptables
The saving of configuration rules is required, as per these tutorials, iptables-persistent is recommended.
Please consult the documentation specific to your distribution on setting up a firewall using iptables.
Note
Please make a note of the following:
Ubuntu 12.04: “Preservation of Iptables Rules”
Ubuntu 14.04: “Preservation of your Iptables Configuration”
In conclusion,
You have gained the knowledge to initiate a fresh port on Linux and configure it to accept incoming connections. Furthermore, you have employed netstat, ss, telnet, nc, and nmap in the process.
Keep enhancing your knowledge by exploring How the Iptables Firewall Operates, Delving into Iptables and Netfilter Architecture in Depth, Getting Familiar with Sockets, and Utilizing Top, Netstat, Du, & Other Tools for Tracking Server Resources.
more tutorials
Common errors that occur when using Nginx for connections.(Opens in a new browser tab)
The top seven Linux distributions for laptops(Opens in a new browser tab)
Installation of Arch Linux(Opens in a new browser tab)
Python 3 installing on Rocky Linux 9(Opens in a new browser tab)
Python HTTP requests such as GET and POST methods.(Opens in a new browser tab)