Health & Performance
Website Uptime Monitoring
Monitor the uptime of HTTP, HTTPS, DNS, UDP, TCP, email and more.
Website Speed Monitoring
Monitor full website performance by loading it with a real Chrome browser.
Real User Monitoring
Monitor the speed of user experience for visitors to your website.
Operations
Website Transaction Monitoring
Monitor multiple step transactions and get notified if something goes wrong.
Domain Expiration Monitoring
Monitor the expiration of your domains.
Public Status Page
Display real-time operational updates of your website to the public.
Security
SSL Certificate Monitoring
Monitor the SSL certificate of your website.
Virus Monitoring
New
Get alerted if your website gets infected by viruses or malware.
Ready to get started? Sign up for free
Resources
Learn
Learn new things about various topics related to website monitoring, maintenance, and development.
Comparisons
We compare different tools and services to help you choose the best one for your needs.
Questions
Find answers to common questions about website monitoring, maintenance, and development.
Product Information
Blog
Helpful information for our customers about our updates and product news.
Ready to get started? Sign up for free

How to Open a Port on CentOS/RHEL?

Home  »  Questions  »  How to Open a Port on CentOS/RHEL?
Published July 5, 2024

Problem: Opening Ports on CentOS/RHEL

Opening ports on CentOS or RHEL systems is a task for system administrators and developers. It's needed when you want to allow specific network traffic through the firewall to reach services on your server. The process can be confusing for those new to Linux firewalls, especially on these distributions which use firewalld by default.

Opening Ports on CentOS/RHEL

Using FirewallD for Port Management

FirewallD is the default firewall tool for CentOS and RHEL. It manages firewall rules. Follow these steps to open ports with FirewallD:

  1. Check FirewallD status:

    sudo firewall-cmd --state

  2. List open ports:

    sudo firewall-cmd --list-ports

  3. Open a port (e.g., port 80 for HTTP):

    sudo firewall-cmd --add-port=80/tcp --permanent

  4. Reload firewall rules:

    sudo firewall-cmd --reload

Configuring IPTables for Port Access

IPTables is an older firewall tool. Use it to open ports:

  1. Check IPTables rules:

    sudo iptables -L

  2. Add a rule to open a port (e.g., port 22 for SSH):

    sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

  3. Save new rules:

    sudo service iptables save

  4. Restart IPTables:

    sudo service iptables restart

Be careful when opening ports, as it can affect your system's security. Open only the ports you need and monitor your firewall logs often.

Verifying Open Ports on CentOS

Using Netstat to List Open Ports

Netstat is a tool for checking open ports on your CentOS system. To use netstat:

  1. Open a terminal.
  2. Run this command: 
    sudo netstat -tuln

    This shows all TCP and UDP listening ports.

The output displays:

  • Protocol (TCP or UDP)
  • Local address and port number
  • Foreign address and port number
  • Connection state

For example:

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

This means port 22 (SSH) is open and listening for connections.

Using LSOF to Check Listening Ports

LSOF (List Open Files) is another tool to identify open ports. To use LSOF:

  1. Install LSOF if it's not on your system:

    sudo yum install lsof

  2. Run this command to see listening ports:

    sudo lsof -i -P -n | grep LISTEN

This command shows:

  • The process name using the port
  • The user running the process
  • The port number

For example:

sshd    1234    root    3u  IPv4  12345      0t0  TCP *:22 (LISTEN)

This shows the SSH daemon is listening on port 22.

Both netstat and LSOF give information about open ports on your CentOS system, helping you check your firewall settings.

Alternative Methods for Port Configuration

Using System-Config-Firewall Tool

System-config-firewall is a tool for managing firewall settings on CentOS. It offers a visual interface for those who prefer it over command-line operations.

To use system-config-firewall:

  1. Install the tool:

    sudo yum install system-config-firewall

  2. Launch the application:

    sudo system-config-firewall

  3. In the interface, select "Other Ports" and click "Add".

  4. Choose the protocol (TCP or UDP) and enter the port number.

  5. Click "Apply" to save the changes.

This method is useful for users who prefer visual tools.

Cloud-Specific Port Management

When running CentOS on cloud platforms, you may need to consider extra firewall settings for your cloud provider.

For cloud-hosted CentOS:

  1. Check your cloud provider's documentation for firewall management.

  2. Use the cloud platform's control panel or CLI tools to manage network security groups.

  3. Configure both the CentOS firewall and the cloud provider's firewall to allow the desired traffic.

  4. Some cloud providers may require you to open ports at the network level before configuring the OS-level firewall.

  5. Test your configuration to make sure both the cloud and OS firewalls work together correctly.

Remember, cloud environments may have different security practices compared to on-premises setups. Always follow your cloud provider's security guidelines when managing ports and firewall rules.

Troubleshooting Port Access Issues on CentOS

When you face port access issues on CentOS, you might encounter these problems. Here are some solutions to help you fix them:

  1. Port not opening:

    • Check the firewall rules using firewall-cmd --list-all
    • Add the port to the right zone
    • Reload the firewall after making changes

  2. Service not starting:

    • Check if the service is running with systemctl status service_name
    • Check the service logs for errors
    • Make sure the service uses the right port

  3. Wrong SELinux settings:

    • Use sestatus to check if SELinux is on
    • Run semanage port -l | grep port_number to check SELinux port labels
    • If needed, add the right SELinux context with semanage port -a -t port_label_t -p tcp port_number

  4. Conflicting applications:

    • Use netstat -tuln or ss -tuln to check if another application uses the port
    • Stop or change the conflicting application if needed

To check firewall logs for connection attempts:

  1. Turn on logging for denied packets:

    sudo firewall-cmd --set-log-denied=all --permanent
sudo firewall-cmd --reload

  2. View the firewall logs:

    sudo journalctl -f -u firewalld

  3. Look for entries with "FINAL_REJECT" or "FINAL_DROP" which show blocked connections

  4. Check the log entries to find the source IP, destination port, and protocol of blocked traffic

Get Alerted When Your Website Goes Down
Uptime & speed monitoring for websites
Multiple-step transaction monitoring
SSL certificate health monitoring
Virus & malware monitoring
Status pages & incident alerts
Resources
Pricing
Comparisons
Knowledge Base
Blog
Learn
Questions
Monitoring Checkpoints
Solutions
Contact Us
Public Roadmap
Affiliate Program
Sitemap
API Documentation
Products
Uptime Monitoring
Speed Monitoring
Transaction Monitoring
Real User Monitoring
SSL Monitoring
Domain Monitoring
Public Status Page
Virus Monitoring
New
Tools
Website Availability Test
Uptime Calculator
Cron Expression Generator
Cron Expression Descriptor
Hex to RGB Converter
RGB to Hex Converter
Show All Tools
Legal
Privacy Policy
Cookie Policy
Terms and Conditions
GDPR
© 2015-2024 Uptimia. All rights reserved.
English English
English English
Deutsch Deutsch
Français Français