A TCP/IP network connection may be either blocked, dropped, open, or filtered. These actions are generally controlled by the IPtables firewall the system uses and is independent of any process or program that may be listening on a network port. This post will outline the steps to open a port required by a application. For this post example, we will be opening Application Specific (Apache) Port 55555.
Server details are as below:
# uname -a Linux geeklab 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
1. Check Port Status
Check that the port is not open and Apache is not showing that port:
# netstat -na | grep 55555
# lsof -i -P |grep http httpd 5823 root 4u IPv6 42212 0t0 TCP *:80 (LISTEN)
2. Check Port Status in iptables
Check that iptables are not showing that port open:
# iptables-save | grep 55555
3. Add the port
Add the test port in /etc/services file and allow the port to accept packets. Test port can be added by editing /etc/services file in below format:
# vi /etc/services service-name port/protocol [aliases ...] [# comment]
# vi /etc/services testport 55555/tcp # Application Name
4. Open firewall ports
Add Firewall rule to allow the port to accept packets:
# firewall-cmd --zone=public --add-port=55555/tcp --permanent success
# firewall-cmd --reload success
# iptables-save | grep 55555 -A IN_public_allow -p tcp -m tcp --dport 55555 -m conntrack --ctstate NEW -j ACCEPT
5. Check newly added port status
After adding the port for httpd and reloading httpd services, notice now httpd is also listening to newly added port 55555:
# lsof -i -P |grep http httpd 6595 root 4u IPv6 43709 0t0 TCP *:80 (LISTEN) httpd 6595 root 6u IPv6 43713 0t0 TCP *:55555 (LISTEN)
# netstat -na |grep 55555 tcp6 0 0 :::55555 :::* LISTEN
CentOS / RHEL 7 : How to open a port in the firewall with firewall-cmd?