[Staging] How to open a port in linux response
Greetings!
Opening a port in Linux involves two essential concepts. First, you need to ensure the installed service or application is listening for connections on the port it's configured to run on. Second, the port must accept traffic from external connections if the service or application is to be accessible to the public. Here's some information to help guide you through this process.
Using The Command Line
Step 1. Ensure the service or application is listening for connections.
The netstat command is available on most Linux systems and will allow you to verify the service or application is running on a specified port. We'll use cpsrvd (the internal process used for cPanel & WHM) as an example. Since the cpsrvd service is configured to bind to ports 2082, 2083, 2086, 2087, 2095, and 2096, we'll use the following command to ensure it's listening for connections on these ports:
You'll want to replace cpsrvd with the name of the process associated with the service you are setting up when running this command on your own system. For this example, let's review what the output of this command looks like on a server using cPanel & WHM:
Here you see it"s correctly listening for connections through the TCP protocol over ports 2082, 2083, 2086, 2087, 2095, and 2096. The entries for 0.0.0.0 in this context indicate it's listening on all available IP addresses configured on the server. You can proceed to the second step once you've confirmed the service or application is listening for connections on the correct port(s). Step 2. The service needs to be accessible from an external connection. This step involves configuring the system's firewall so that it permits the flow of traffic from external connections to the port(s) the service or application is listening for connections on. I encourage anyone new to Linux or new to firewall management in-general to practice caution and review your specific operating system's documentation on firewall rules. A single mistake when running an iptables or firewalld command may lead to an inaccessible server. If you're comfortable with the command line environment, here are some basic examples of commands you can use to ensure access to a specific port is open to the public. For CentOS, CloudLinux, or RHEL version 6.x:
This creates an iptables rule that accepts all connections to port 2082 over the TCP protocol. You can permanently save the rule with the following command once you've confirmed access to the port is working:
For CentOS 7, CloudLinux 7, or RHEL 7 systems using the firewalld daemon, the command would look like this:
Using cPanel & WHM If the above information seems overwhelming, don't worry! It's common for those new to Linux to feel overwhelmed at the amount of information one is expected to understand. It's one of the reasons why system administrators new to Linux will often choose to set up a server with a control panel such as cPanel & WHM. One of the advantages to using cPanel & WHM is the ability to manage most server administration tasks through a web browser instead of the command line. Case in point, firewall management. One of the most installed plugins for cPanel & WHM is CSF. It's free and makes it easy to setup and manage firewall rules directly from a web browser (through Web Host Manager). If you already use cPanel & WHM and you want to install this plugin, check out the installation steps referenced in our documentation at the link below: Our Products & You cPanel & WHM Free Trial License register an account on the cPanel Forums and join the discussion! We have a team dedicated exclusively to the cPanel Forums to help answer any questions you have. Thank you.
netstat -lnp|grep cpsrvdYou'll want to replace cpsrvd with the name of the process associated with the service you are setting up when running this command on your own system. For this example, let's review what the output of this command looks like on a server using cPanel & WHM:
tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)
tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 51087/cpsrvd (SSL)Here you see it"s correctly listening for connections through the TCP protocol over ports 2082, 2083, 2086, 2087, 2095, and 2096. The entries for 0.0.0.0 in this context indicate it's listening on all available IP addresses configured on the server. You can proceed to the second step once you've confirmed the service or application is listening for connections on the correct port(s). Step 2. The service needs to be accessible from an external connection. This step involves configuring the system's firewall so that it permits the flow of traffic from external connections to the port(s) the service or application is listening for connections on. I encourage anyone new to Linux or new to firewall management in-general to practice caution and review your specific operating system's documentation on firewall rules. A single mistake when running an iptables or firewalld command may lead to an inaccessible server. If you're comfortable with the command line environment, here are some basic examples of commands you can use to ensure access to a specific port is open to the public. For CentOS, CloudLinux, or RHEL version 6.x:
iptables -A INPUT -p tcp --dport 2082 -j ACCEPTThis creates an iptables rule that accepts all connections to port 2082 over the TCP protocol. You can permanently save the rule with the following command once you've confirmed access to the port is working:
/sbin/service iptables saveFor CentOS 7, CloudLinux 7, or RHEL 7 systems using the firewalld daemon, the command would look like this:
firewall-cmd --zone=public --add-port=2082/tcp --permanentUsing cPanel & WHM If the above information seems overwhelming, don't worry! It's common for those new to Linux to feel overwhelmed at the amount of information one is expected to understand. It's one of the reasons why system administrators new to Linux will often choose to set up a server with a control panel such as cPanel & WHM. One of the advantages to using cPanel & WHM is the ability to manage most server administration tasks through a web browser instead of the command line. Case in point, firewall management. One of the most installed plugins for cPanel & WHM is CSF. It's free and makes it easy to setup and manage firewall rules directly from a web browser (through Web Host Manager). If you already use cPanel & WHM and you want to install this plugin, check out the installation steps referenced in our documentation at the link below: Our Products & You cPanel & WHM Free Trial License register an account on the cPanel Forums and join the discussion! We have a team dedicated exclusively to the cPanel Forums to help answer any questions you have. Thank you.
Please sign in to leave a comment.
Comments
0 comments