Easy steps to open a port in Linux RHEL/CentOS 7/8

In this article I will share examples to check port status and open a port in Linux. This article was written while using CentOS 8, so it is safe to say that it also fully covers CentOS/RHEL 7/8, Fedora, Oracle Enterprise Linux and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.

Before we jump into the examples to open a port in Linux, we must understand the requirement clearly. The very basic question which comes to my mind

  1. Do you need to open a port for a service? Such as a custom port 5555 for apache service?
  2. Do you mean the port is already listening but blocked by firewall so you want to open a port in firewall?
  3. Open a port for custom temporary task such as transfer and receive files using this port and then close the port.

 

We will cover all these scenarios in this article

 

Check port status

To check the list of existing ports which are open we will use nmap to check port status:

[root@centos-8 ~]# nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-22 12:08 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000024s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 1.71 seconds

Currently we see only two ports are open on my CentOS 8 node.

 

Check list of listening ports

We will use netstat to list the TCP ports which are in listening state. The total number of ports are higher compared to the nmap output.

[root@centos-8 ~]# netstat -ntlp
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
 tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1627/dnsmasq
 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      26893/sshd
 tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
 tcp6       0      0 :::22                   :::*                    LISTEN      26893/sshd
 tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd

 

Open a port for some service

If this is your requirement then you are looking for the wrong question. Basically it is other way round i.e. a service will open a port. For example when you start SSHD service, by default it will start port 22 and not the other way round i.e. if you open port 22, it will not automatically start SSHD service.

Let us observe this in example, we know that port 22 is open on my CentOS 8 node. If I stop the sshd service

[root@centos-8 ~]# systemctl stop sshd

You can see that port 22 is not open anymore.

[root@centos-8 ~]# netstat -ntlp
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
 tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1627/dnsmasq
 tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
 tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd

You must use respective service's configuration file to change the default port. Once done you can restart the service and that should automatically open the respective port on your Linux node.

This covers the first scenario.

 

firewalld open port

It is also possible that your ports are disabled in firewall. If your port is not listed in nmap then it is most likely blocked by firewall.

We will use firewalld to open a port as this is the most used interface today in RHEL/CentOS 7 and 8. Determine which zone the system's network interfaces are in. In the following example, the eth0 and eth1 interface is in the 'public' zone:

[root@centos-8 ~]# firewall-cmd --get-active-zones
libvirt
interfaces: virbr0
public
interfaces: eth0 eth1

To permanently firewalld open port in a zone use the --add-port option. The example below permanently opens TCP port 1234 in the 'public' zone. Note that permanent changes do not take effect until the firewalld service is reloaded.

[root@centos-8 ~]# firewall-cmd --zone=public --add-port=1234/tcp --permanent
success

[root@centos-8 ~]# firewall-cmd --reload
success
NOTE:
To make a non-persistent change, issue the same command without the --permanent option set. Any non-permanent change will instantly take effect and will persist until the firewall is reloaded.

Once firewalld open port, next use netstat to check port status:

[root@centos-8 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1627/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      28188/sshd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp6       0      0 :::22                   :::*                    LISTEN      28188/sshd
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd

We still don't see port 1234 here. This is because currently port 1234 is not bind to any service. So our port is OPEN but NOT LISTENING. As soon as a request or service tries to use port 1234, we will get this in LISTEN state.

 

Use nc or ncat to open a port in Linux

Let us verify this theory Use nc or ncat to open a port in Linux nc or ncat is delivered as part of nmap-ncat rpm in RHEL/CentOS which you can install using yum or dnf. Use --listen with --port to open a port using nc command. In the below example we open port 1234

[root@centos-8 ~]# nc --listen --source-port 1234

Open another terminal of this server and check port status

[root@centos-8 ~]# netstat -ntlp | grep 1234
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      28983/nc
tcp6       0      0 :::1234                 :::*                    LISTEN      28983/nc

As you see port 1234 is listening for both IPv4 and IPv6. To only use IPv4 use -4 with the above command

[root@centos-8 ~]# nc --listen --source-port 1234 -4

Next on another terminal you can check port status for port 1234

[root@centos-8 ~]# netstat -ntlp | grep 1234
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      29329/nc

 

Use nc or ncat to open a port and transfer files

We can also use nc to transfer file from one host to another host. Here I will transfer my "inputfile" from centos-8 to rhel-8 On the client we will open a random port, here we will use 9899. I have enabled verbose so you can see more details on the screen

[root@rhel-8 ~]# ncat --verbose --listen 9899 > outputfile
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::9899
Ncat: Listening on 0.0.0.0:9899
Ncat: Connection from 192.168.43.250.
Ncat: Connection from 192.168.43.250:40242.

Next to start the transfer, use the below command

[root@centos-8 ~]# ncat --verbose 192.168.43.157 9899 < inputfile
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.43.157:9899.
Ncat: 19 bytes sent, 0 bytes received in 0.01 seconds.

If you face any issues you can check the firewall between your server and client. It is possible that the respective port is blocked and you must use firewalld open port

 

Lastly I hope the steps from the article to open a port and check port status on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.