- Opening a port for listening
- How to listen new port Ubuntu Server from command line?
- 2 Answers 2
- How To Open a Port on Linux
- Prerequisites
- List All Open Ports
- Opening a Port on Linux to Allow TCP Connections
- For Ubuntu Users and ufw -based Systems
- For CentOS and firewalld -based Systems
- For Other Linux Distributions
- Test the Newly Opened Port for TCP Connections
- Persisting Rules
- For ufw Firewall
- For firewalld
- For iptables
- Conclusion
Opening a port for listening
void TcpSocket::ConnectSocket() < socket = new QTcpSocket(this); socket->connectToHost("localhost", 77); if(socket->waitForConnected(3000))< qDebug() write("Hello Server\n\r\n"); socket->waitForBytesWritten(1000); socket->waitForReadyRead(3000); qDebug() bytesAvailable(); qDebug() readAll(); socket->close(); > else < qDebug() >
Basically, I want to open a tcp socket at localhost:77. I want to write some data to it, get a response, and then output the response. However, right now that port is closed, as most ports are in ubuntu by default. So right now it cannot connect to that port to listen on. Well from what I researched, iptables seems to be the only way to open a port for listening. So I run this line on my machine:
sudo iptables -A INPUT -p tcp --dport 77 -j ACCEPT
sudo netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1199/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1004/cupsd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1157/postgres tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1121/mysqld tcp6 0 0 ::1:631 . * LISTEN 1004/cupsd udp 0 0 127.0.0.1:53 0.0.0.0:* 1199/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 1070/dhclient udp 0 0 0.0.0.0:39617 0.0.0.0:* 990/avahi-daemon: r udp 0 0 0.0.0.0:5353 0.0.0.0:* 990/avahi-daemon: r udp6 0 0 . 57021 . * 990/avahi-daemon: r udp6 0 0 . 5353 . * 990/avahi-daemon: r
netstat doesnt show it to be open. Also I still have the same problem with my program: it cannot connect to 77.
How to listen new port Ubuntu Server from command line?
But then no output. I am new to Ubuntu, Anyone can help me with it? EDIT : I want to listen new port 3000 same as following port :
2 Answers 2
Ubuntu Server itself will not listen to any port. The application services installed and ran at the server listen to ports. For example, by default:
If you want to get the names of the services that listen at the ports on your system, use netstat by root via sudo in this way:
$ sudo netstat -pna | grep "LISTEN " | grep '\' tcp 0 0 0.0.0.0:6951 0.0.0.0:* LISTEN 8976/aria2c tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1589/mysqld tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 32285/redis-server tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1279/memcached tcp 0 0 127.0.0.1:8142 0.0.0.0:* LISTEN 1482/nodejs tcp 0 0 127.0.0.1:6800 0.0.0.0:* LISTEN 8976/aria2c tcp 0 0 127.0.0.1:81 0.0.0.0:* LISTEN 3286/docker-proxy tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1218/systemd-resolv tcp 0 0 127.0.0.1:4822 0.0.0.0:* LISTEN 1445/guacd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 77768/apache2 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1339/sshd: /usr/sbi tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2805/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 77768/apache2
- 127.0.0.1 means the loopback interface (localhost),
- 0.0.0.0 means all available interfaces (localhost, network adapters, etc.),
- some services could listen at certain interfaces, i.e. 192.168.1.100 or it could be some IPv6 address.
If there is a firewall and you want to access your services outside you need to allow input/output traffic to the ports they listen.
By using nc -l 3000 the command nc itself will start to listen at port 3000. IMO, this option is designed for test purposes, i.e. you are setup firewall or so.
Let’s say in a terminal you’ve ran:
Then in another terminal you can test does something listen to port 3000 by:
$ nc -vz 0.0.0.0 3000 Connection to 0.0.0.0 3000 port [tcp/*] succeeded!
Your must design your service (program, script, command) to listen at the desired port 3000 and when this port is not used by some other service, when you start your service it will start to listen to the port.
In other hand if you need something to listen constantly at . 3000 in order to do your tests, the most easiest way, in my opinion, is to create systemd unit. For this purpose:
sudo nano /etc/systemd/system/listen-3000.service
[Unit] Description=Permanent listen at . 3000 After=network-online.target [Service] User=root ExecStart=/usr/bin/nc -l6 3000 ExecStop=/usr/bin/killall -s KILL nc Restart=always RestartSec=1 [Install] WantedBy=multi-user.target
sudo systemctl daemon-reload sudo systemctl enable listen-3000.service sudo systemctl start listen-3000.service sudo systemctl status listen-3000.service
sudo systemctl stop listen-3000.service sudo systemctl disable listen-3000.service
How To Open a Port on Linux
A port is a communication endpoint. Within an operating system, a port is opened or closed to data packets for specific processes or network services.
Typically, ports identify a specific network service assigned to them. This can be changed by manually configuring the service to use a different port, but in general, the defaults can be used.
The first 1024 ports (port numbers 0 to 1023 ) are referred to as well-known port numbers and are reserved for the most commonly used services. These include SSH (port 22 ), HTTP (port 80 ), HTTPS (port 443 ).
Port numbers above 1024 are referred to as ephemeral ports.
- Port numbers 1024 to 49151 are called the registered/user ports.
- Port numbers 49152 to 65535 are called the dynamic/private ports.
In this tutorial, you will open an ephemeral port on Linux, since the most common services use the well-known ports.
Prerequisites
To complete this tutorial, you will need:
List All Open Ports
Before opening a port on Linux, you must check the list of all open ports, and choose an ephemeral port to open that is not on that list.
Use the netstat command to list all open ports, including TCP and UDP, which are the most common protocols for packet transmission in the network layer.
- all listening sockets ( -l )
- the port number ( -n )
- TCP ports ( -t )
- UDP ports ( -u )
OutputActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 ::1:5432 . * LISTEN tcp6 0 0 ::1:6379 . * LISTEN tcp6 0 0 . 22 . * LISTEN udp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
Note: If your distribution doesn’t have netstat , you can use the ss command to display open ports by checking for listening sockets.
Verify that you are receiving consistent outputs using the ss command to list listening sockets with an open port:
OutputNetid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:5432 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:27017 0.0.0.0:* tcp LISTEN 0 128 127.0.0.1:6379 0.0.0.0:* tcp LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 128 [::1]:5432 0.0.0.0:* tcp LISTEN 0 128 [::1]:6379 0.0.0.0:* tcp LISTEN 0 128 [::]:22 0.0.0.0:*
This gives more or less the same open ports as netstat .
Opening a Port on Linux to Allow TCP Connections
Now, open a closed port and make it listen for TCP connections.
For the purposes of this tutorial, you will be opening port 4000 . However, if that port is not open in your system, feel free to choose another closed port. Just make sure that it’s greater than 1023 .
Ensure that port 4000 is not used using the netstat command:
The output must remain blank, thus verifying that it is not currently used, so that you can add the port rules manually to the system iptables firewall.
For Ubuntu Users and ufw -based Systems
Use ufw — the command line client for the UncomplicatedFirewall.
Your commands will resemble:
Refer to How to Setup a ufw Firewall Setup for your distribution.
- Ubuntu 14.0.4: “Allow Specific Port Ranges”
- Ubuntu 16.0.4/18.0.4/20.0.4/22.0.4: “Allowing Other Connections / Specific Port Ranges”
- Debian 9/10/11: “Allowing Other Connections / Specific Port Ranges”
For CentOS and firewalld -based Systems
Use firewall-cmd — the command line client for the firewalld daemon.
Your commands will resemble:
Refer to How to Set Up firewalld for your distribution.
- CentOS 7/8: “Setting Rules for your Applications / Opening a Port for your Zones”
- Rocky Linux 8/9: “Setting Rules for your Applications / Opening a Port for your Zones”
For Other Linux Distributions
Use iptables to change the system IPv4 packet filter rules.
Test the Newly Opened Port for TCP Connections
Now that you have successfully opened a new TCP port, it is time to test it.
First, start netcat ( nc ) and listen ( -l ) on port ( -p ) 4000 , while sending the output of ls to any connected client:
Now, after a client has opened a TCP connection on port 4000 , they will receive the output of ls . Leave this session alone for now.
Open another terminal session on the same machine.
Since you opened a TCP port, use telnet to check for TCP Connectivity. If the command doesn’t exist, install it using your package manager.
Input your server IP and the port number ( 4000 in this example) and run this command:
This command tries to open a TCP connection on localhost on port 4000 .
You’ll get an output similar to this, indicating that a connection has been established with the listening program ( nc ):
OutputTrying ::1. Trying 127.0.0.1. Connected to localhost. Escape character is '^]'. while.sh
The output of ls ( while.sh , in this example) has also been sent to the client, indicating a successful TCP Connection.
Use nmap to check if the port ( -p ) is open:
This command will check the open port:
OutputStarting Nmap 7.60 ( https://nmap.org ) at 2020-01-18 21:51 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.00010s latency). Other addresses for localhost (not scanned): ::1 PORT STATE SERVICE 4000/tcp open remoteanything Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
The port has been opened. You have successfully opened a new port on your Linux system.
Note: nmap only lists opened ports that have a currently listening application. If you don’t use any listening application, such as netcat, this will display the port 4000 as closed since there isn’t any application listening on that port currently. Similarly, telnet won’t work either since it also needs a listening application to bind to. This is the reason why nc is such a useful tool. This simulates such environments in a simple command.
But this is only temporary, as the changes will be reset every time you reboot the system.
Persisting Rules
The approach presented in this article will only temporarily update the firewall rules until the system shuts down or reboots. So similar steps must be repeated to open the same port again after a restart.
For ufw Firewall
ufw rules do not reset on reboot. This is because it is integrated into the boot process, and the kernel saves the firewall rules using ufw by applying appropriate config files.
For firewalld
You will need to apply the —permanent flag.
Refer to How to Set Up firewalld for your distribution.
- CentOS 7/8: “Setting Rules for your Applications”
- Rocky Linux 8/9: “Setting Rules for your Applications”
For iptables
You will need to save the configuration rules. These tutorials recommend iptables-persistent .
Conclusion
In this tutorial, you learned how to open a new port on Linux and set it up for incoming connections. You also used netstat , ss , telnet , nc , and nmap .
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.