Redhat / CentOS / Fedora Linux Open TCP/UDP Ports

I have Red Hat Enterprise Linux 5 server with Iptabeles firewall enabled. I have started all services but don’t know how to open port using iptables. By default it is only allowing port ssh tcp port # 22. How do I open port 80 / 143 / 110 on Linux?

By default iptables firewall stores its configuration at /etc/sysconfig/iptables file on a RHEL/CentOS 5.x/6.x. You need to edit this file and add rules to open port number. This file only available under:

1. Red Hat Enterprise Linux 3 / 4 / 5 and 6
2. Old Red hat Linux version
3. CentOS 4/5/6
4. Older version of Fedora Linux

Let us see how to open a port in the firewall on CentOS or RHEL version 5.x/6.x and 7.x including the latest version of Fedora Linux 27 or above.

How to open TCP port 80 on a RHEL/CentOS Linux

Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

Open port TCP port # 110 on a RHEL

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT

Open port 143 on a CentOS

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

Restart iptables service

Type the following command:
# service iptables restart

A note about opening a port on CentOS/RHEL 6

You can also use the iptable command as follows to open port 443:
# iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# service iptables save

A note about Red Hat Enterprise Linux 7.x and CentOS 7.x

Above commands or files won’t work on RHEL/CentOS 7.x or the latest version of Fedora Linux. To see current open ports, type:
# firewall-cmd --list-ports
Find list of zones:
# firewall-cmd --get-zones
Sample outputs:

block dmz drop external home internal public trusted work

To find about interface name use ip command:
$ ip a
Sample outputs:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc pfifo_fast state UP qlen 1000
    link/ether 42:01:0a:80:00:04 brd ff:ff:ff:ff:ff:ff
    inet 10.128.0.4/32 brd 10.128.0.4 scope global dynamic eth0
       valid_lft 79076sec preferred_lft 79076sec
    inet6 fe80::4001:aff:fe80:4/64 scope link
       valid_lft forever preferred_lft forever

To get info about eth0 interface:
# firewall-cmd --get-zone-of-interface=eth0
Sample outputs:

trusted

Type the following command to open TCP port 80 for Apache/httpd server:
# firewall-cmd --permanent --add-port 80/tcp
To list open port again, type:
# firewall-cmd --list-ports
Sample outputs:

1191/tcp 80/tcp 22/tcp

To open port range between 2000-3000/tcp, enter:
# firewall-cmd --permanent --add-port 2000-3000/tcp
Command to start/stop/restart firewall:
# systemctl start firewalld
# systemctl stop firewalld
# systemctl restart firewalld
# systemctl status firewalld
Sample outputs:

Verify that port is open

Run following command ss command/netstat command:
# netstat -tulpn | less
OR
# ss -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections by listing rules:
# iptables -L -n -v
Please refer to iptables man page for more information about iptables usage and syntax:
man iptables
man firewall-cmd

See also

• CentOS / Redhat Iptables Firewall Configuration Tutorial
• Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins

(adsbygoogle = window.adsbygoogle || []).push({});