How to open a port in your firewall
I was recently asked how to open ports within the firewall. Since it's been quite a while since I've had to do something like this, I took the time to relearn and write some documentation.
In this tutorial, I'll cover how to open a port on your server and test that it is open. More specifically, we will open port 9090.
Step 1: Check if the port is open already
(The below was ran from cmd.exe in Windows 7) C:\Users\Brad>telnet yourdomain.com 9090 Connecting To yourdomain.com...Could not open connection to the host, on port 9090: Connect failed
As you can see, the connection failed.
Step 2: Open the portTo open a port, first open for edit your APF configuration file - /etc/apf/conf.apf:
(The below was ran within PuTTY after connecting vis SSH) root@vps### [~]# vim /etc/apf/conf.apf
Then, find the following lines and add the port in question:
# Common ingress (inbound) TCP ports IG_TCP_CPORTS="20,21,25,53,80,110,113,143,443,465,993,995,2049,2077,2078,2082,2083,2086,2087,2089,2095,2096,3306,5222,9090,12001" # Common ingress (inbound) UDP ports IG_UDP_CPORTS="53,161,32786,111,2049,9090"
After editing the file and adding the ports, restart APF:
root@vps### [~]# service apf restart
Step 3: Test again to see if the port is open
Now that APF is restarted, we can once again use telnet to test if the port is open:
(The below was ran from cmd.exe in Windows 7) C:\Users\Brad>telnet yourdomain.com 9090 Connecting To yourdomain.com... 220-vps###.inmotionhosting.com ESMTP Exim 4.80 #2 Fri, 17 May 2013 05:11:39 -0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.As you can see, instead of the Connect failed message, we received the greeting from the application running on port 9090. Congratulations, you now know how to open a port on your server using ssh!
Please note! If you do not have any services running on your server listening to the port in question, you won't get a response when you do a telnet test. In the above scenario, we setup exim to listen on port 9090, which is why we received a response.
Thank you for your feedback!