This guide will walk you through the process of opening a port on Linux. Opening a port is required to enable network services and facilitate application communication. You may easily configure your Linux system to enable traffic. Through specified ports by following these simple procedures get port opening in Linux. For a deeper understanding of how to identify security threats and ensure that your network ports are safe, you might want to explore using Nmap to scan.

An endpoint for communication is a port. For particular activities or network services, a port is opened or closed. To data packets within an operating system. Ports often designate the specific network service that has been assigned to them. In general, the defaults can be used, but this can be altered by manually configuring the service to use a different port.

The first 1024 ports (ports 0 to 1023) are known as well-known port numbers and are set aside for the most frequently used services. SSH (port 22), HTTP (port 80), and HTTPS (port 443) are a few examples. When discussing the different types of ports in Linux, it’s essential to clearly understand protocols like FTP and their specific port numbers.

Ephemeral ports are those that have port numbers greater than 1024.

  • The registered/user ports are those from 1024 to 49151.
  • The dynamic/private ports are defined as ports 49152 to 65535.

Necessity

You’ll need these things to Finish this tutorial:

  • Familiarity with the terminal’s interface.

Open Ports List

On Linux, you must first look at the list of all open ports and select an ephemeral port that isn’t on it before opening it. The most popular protocols for packet transfer at the network layer, TCP and UDP, can be listed using the netstat command.

$ netstat -lntu

list of all open port linux

List listening sockets with an open port using the ss command to ensure that you are getting consistent outputs:

$ ss -lntu

It will Display:

output to verify list sockets with open port

Similar open ports are displayed by this to those by netstat.

Linux Port Opening to Enable TCP Connections

Open a closed port now and configure it to accept TCP connections. You will open port 4000 to complete this lesson. Nevertheless, feel free to select another closed port if your system does not have that port open. Just be certain that it exceeds 1023. The netstat command can be used to check that port 4000 is not in use:

$ netstat -na | grep :4000

Or the ss command:

$ ss -na | grep :4000

To manually add the port rules to the system’s iptables firewall, the output must remain blank, confirming that it is not currently in use.

For Ubuntu Users and Systems Built on UFW

Use UFW, the Uncomplicated Firewall’s command-line client.

The command will Resume Below:

$ sudo ufw allow 4000

For CentOS and other Firewalled Systems

Use firewall-cmd, the firewalled daemon’s command line client.

Your commands will look like this:

$ firewall-cmd --add-port=4000/tcp

Additional Linux Distributions

Change the system IPv4 packet filter rules with iptables.

$ iptables -A INPUT -p tcp --dport 4000 -j ACCEPT

TCP Connections should be Tested on the Newly Opened Port.

Now that you’ve successfully opened a new TCP port, it’s time to put it to the test. Begin netcat (nc) by listening (-l) on port (-p) 4000 and delivering the output of ls to any connected client:

$ ls | nc -l -p 4000

A client will now receive the output of ls after opening a TCP connection on port 4000. For the time being, let this session alone. Open a new terminal window on the same machine. Because you’ve opened a TCP port, use telnet to test TCP connectivity. If the command does not exist, use your package manager to install it.

Run the following command after entering your server’s IP address and port number (4000 in this example):

$ telnet localhost 4000

This command attempts to connect to localhost on port 4000. You should see something like this, indicating that a connection has been made with the listening application (nc):

output indicating connection established

The output of ls (in this case, while.sh) was also transmitted to the client, indicating a successful TCP connection.

Check if the port (-p) is open with nmap:

$ nmap localhost -p 4000

This Command will look for an Open Port:

command to check if port is open

The port is now open. On your Linux system, you have successfully opened a new port. However, this is only a temporary solution because the changes will be lost when you reboot the machine.

Persistent Regulations

The method described in this article will only update the firewall rules momentarily until the system shuts down or reboots. As a result, some actions must be taken to reopen the same port following a restart.

For use with the UFW Firewall

On reboot, UFW rules are not reset. This is because it is integrated into the boot process, and the kernel saves the firewall rules using UFW by applying relevant configuration files.

In the case of Firewalled

The –permanent flag must be specified. Refer to How to Set Up Firewalld for Your Distribution for more information.

In the case of iptables

You must save the configuration rules. These tutorials advise using iptables-persistent.

Final Thoughts on How to Open a Port on Linux

By now, you should have successfully opened a port on your Linux system. To guarantee security, keep only critical ports open. Properly setting your system will allow for smooth network communication. It will improve your overall experience with Linux.

You learned how to open a new port on Linux and configure it for incoming connections. You also used netstat, ss, telnet, nc, and nmap. Hope these efforts have helped you with your queries about how to open a port in Linux easily.

Frequently Asked Questions (FAQ)

1. How to Check if a Port is Open on Linux?

You can check if the port is open using netstat, ss, or lsof command.

sudo ss -tuln | grep ':8080'

with the help of the above command check if port 8080 is open or not.

2. How can I Open a Range of Ports in UFW?

To open a port from 3000 to 3100, use the below command:

sudo ufw allow 3000:3100/tcp