On a Linux system, opening a specific port is essential for allowing network traffic, running specific services, or enabling applications to communicate with other devices. This short tutorial will walk you through opening a port using UFW (Uncomplicated Firewall), IPtables, FirewallD, or starting a service. If you are looking for a tutorial to open a port in Linux, please check our tutorial: How to Close a Specific Port on Linux
How to Check Open Ports on Linux
Before opening a port, it is a good idea to see which ports are already open. You can use one of these commands:
Using netstat:
sudo netstat -tuln
This command lists all the currently open ports. Below is a sample output where the open ports are underlined in red (e.g., 22 and 53).
Using ss:
sudo ss -tuln
This command provides similar information to netstat
and is often preferred for its additional options and efficiency.
Using lsof:
Thelsof
command is mostly not preinstalled on Linux systems. You need to manually install this command to use. If you are using a Debian-based system like Ubuntu, use the command:sudo apt-get install lsof
to install. For Centos/Redhat:sudo yum install lsof
and for Fedora:sudo dnf install lsof
After installing, run:
sudo lsof -i -P -n
These commands will list all the open ports on your system, allowing you to verify whether the port you want to open is already open.
How to Open a Port Using UFW (Uncomplicated Firewall)
For Ubuntu and other Debian-based systems, UFW is a straightforward firewall management application.
Install UFW (if it’s not installed):
sudo apt-get install ufw
sudo ufw enable
Open the Port:
Replace <port_number>
with the port number you want to open.
sudo ufw allow <port_number>
This command will open the specified port. For example, to open port 80:
sudo ufw allow 80
Check UFW Status:
sudo ufw status
This command will show the current status of UFW, including which ports are allowed.
How to Open a Port Using IPtables
IPtables is a powerful tool for controlling firewall rules on Linux.
Install IPtables (if not installed):
sudo apt-get install iptables
Allow the Port:
Replace <port_number>
with the port number you want to open.
sudo iptables -A INPUT -p tcp --dport <port_number> -j ACCEPT
sudo iptables -A INPUT -p udp --dport <port_number> -j ACCEPT
This command will open the specified port for both TCP and UDP protocols. For example, to open port 80:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 80 -j ACCEPT
Save IPtables Rules:
- On Debian-based systems:
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
- On Red Hat-based systems:
sudo service iptables save
How to Open a Port Using Firewalld
Firewalld is the default firewall management tool for CentOS and Fedora.
Install Firewalld (if not installed):
sudo yum install firewalld
Open the Port:
Replace <port_number>
with the port number you want to open.
sudo firewall-cmd --permanent --add-port=<port_number>/tcp
sudo firewall-cmd --permanent --add-port=<port_number>/udp
For example, to open port 80:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=80/udp
Reload Firewalld:
sudo firewall-cmd --reload
Check Firewalld Status:
sudo firewall-cmd --list-all
This command lists all the current configurations, including open ports.
How to Start a Service to Open a Port
Sometimes, a port is closed because a service is not running. Starting the service will open the associated port.
Identify the Service:
Use netstat, ss, or lsof to find which service is associated with the port.
sudo netstat -tuln | grep <port_number>
OR
sudo ss -tuln | grep <port_number>
OR
sudo lsof -i :<port_number>
Replace <port_number>
with the actual port number.
Start the Service:
Replace <service_name>
with the name of the service.
sudo systemctl start <service_name>
For example, to start the Apache web server:
sudo systemctl start httpd
Enable the Service (if needed):
This command ensures the service starts at boot.
sudo systemctl enable <service_name>
On Linux, there are multiple methods to open a port: UFW, IPtables, Firewalld, or starting a service. Choose the method that best suits your needs. UFW is simple and effective for Debian-based distributions, IPtables offers more control, and Firewalld is ideal for Red Hat-based distributions. Starting a service directly is effective when dealing with a specific application. Ensure you correctly identify the service and port before making changes.