Table of Contents
In this article I will share examples to check port status and open a port in Linux. This article was written while using CentOS 8, so it is safe to say that it also fully covers CentOS/RHEL 7/8, Fedora, Oracle Enterprise Linux and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.
Before we jump into the examples to open a port in Linux, we must understand the requirement clearly. The very basic question which comes to my mind
- Do you need to open a port for a service? Such as a custom port 5555 for apache service?
- Do you mean the port is already listening but blocked by firewall so you want to open a port in firewall?
- Open a port for custom temporary task such as transfer and receive files using this port and then close the port.
We will cover all these scenarios in this article
Check port status
To check the list of existing ports which are open we will use
nmap to check port status:
[root@centos-8 ~]# nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-22 12:08 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000024s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 1.71 seconds
Currently we see only two ports are open on my CentOS 8 node.
Check list of listening ports
We will use netstat to list the TCP ports which are in listening state. The total number of ports are higher compared to the nmap output.
[root@centos-8 ~]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1627/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 26893/sshd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 26893/sshd tcp6 0 0 :::111 :::* LISTEN 1/systemd
Open a port for some service
If this is your requirement then you are looking for the wrong question. Basically it is other way round i.e. a service will open a port. For example when you start SSHD service, by default it will start port 22 and not the other way round i.e. if you open port 22, it will not automatically start SSHD service.
Let us observe this in example, we know that port 22 is open on my CentOS 8 node. If I stop the sshd service
[root@centos-8 ~]# systemctl stop sshd
You can see that port 22 is not open anymore.
[root@centos-8 ~]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1627/dnsmasq tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp6 0 0 :::111 :::* LISTEN 1/systemd
You must use respective service's configuration file to change the default port. Once done you can restart the service and that should automatically open the respective port on your Linux node.
This covers the first scenario.
firewalld open port
It is also possible that your ports are disabled in firewall. If your port is not listed in
nmap then it is most likely blocked by firewall.
We will use firewalld to open a port as this is the most used interface today in RHEL/CentOS 7 and 8. Determine which zone the system's network interfaces are in. In the following example, the eth0 and eth1 interface is in the 'public' zone:
[root@centos-8 ~]# firewall-cmd --get-active-zones
interfaces: eth0 eth1
To permanently firewalld open port in a zone use the
--add-port option. The example below permanently opens TCP port 1234 in the 'public' zone. Note that permanent changes do not take effect until the firewalld service is reloaded.
[root@centos-8 ~]# firewall-cmd --zone=public --add-port=1234/tcp --permanent success [root@centos-8 ~]# firewall-cmd --reload success
--permanentoption set. Any non-permanent change will instantly take effect and will persist until the firewall is reloaded.
Once firewalld open port, next use netstat to check port status:
[root@centos-8 ~]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1627/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 28188/sshd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 28188/sshd tcp6 0 0 :::111 :::* LISTEN 1/systemd
We still don't see port 1234 here. This is because currently port 1234 is not bind to any service. So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.
Use nc or ncat to open a port in Linux
Let us verify this theory Use
ncat to open a port in Linux
ncat is delivered as part of
nmap-ncat rpm in RHEL/CentOS which you can install using yum or dnf. Use
--port to open a port using
nc command. In the below example we open port 1234
[root@centos-8 ~]# nc --listen --source-port 1234
Open another terminal of this server and check port status
[root@centos-8 ~]# netstat -ntlp | grep 1234 tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 28983/nc tcp6 0 0 :::1234 :::* LISTEN 28983/nc
As you see port 1234 is listening for both IPv4 and IPv6. To only use IPv4 use -4 with the above command
[root@centos-8 ~]# nc --listen --source-port 1234 -4
Next on another terminal you can check port status for port 1234
[root@centos-8 ~]# netstat -ntlp | grep 1234 tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 29329/nc
Use nc or ncat to open a port and transfer files
We can also use
nc to transfer file from one host to another host. Here I will transfer my "
rhel-8 On the client we will open a random port, here we will use 9899. I have enabled verbose so you can see more details on the screen
[root@rhel-8 ~]# ncat --verbose --listen 9899 > outputfile Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Listening on :::9899 Ncat: Listening on 0.0.0.0:9899 Ncat: Connection from 192.168.43.250. Ncat: Connection from 192.168.43.250:40242.
Next to start the transfer, use the below command
[root@centos-8 ~]# ncat --verbose 192.168.43.157 9899 < inputfile Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 192.168.43.157:9899. Ncat: 19 bytes sent, 0 bytes received in 0.01 seconds.
If you face any issues you can check the firewall between your server and client. It is possible that the respective port is blocked and you must use firewalld open port
Lastly I hope the steps from the article to open a port and check port status on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
5 thoughts on “Easy steps to open a port in Linux RHEL/CentOS 7/8”
A very thorough and helpful post. I was trying to allow ssh on a secondary port and could not get it to work using the usual advice (w/CentOS8.)
The recommendation you provided to add the port using the firewall-cmd was the missing ingredient:
Thanks for this!
I did below steps and reloaded firewall but still when I do
netstat -ntlpport 1234 not showing open
I did explained this part in the article
I did the below steps and it worked.
When I use scan port (http://ports.my-addr.com/ip-range-port-scanner-tool.php), the first time the result is open, but the second time the result is closed (port is open but not listening).
How to make the port always listen?
I assume you are asking about nc command. By default nc will close the connection after current connection is completed. To keep it active use