I was recently asked how to open ports within the firewall. Since it’s been quite a while since I’ve had to do something like this, I took the time to relearn and write some documentation.
In this tutorial, I’ll cover how to open a port on your server and test that it is open. More specifically, we will open port 9090.
Please note! This tutorial assumes you have a VPS Server or a Dedicated Server, that you have root access, and that you know how to connect to your server via SSH.
Step 1: Check if the port is open already
The first thing we want to do is test using telnet to ensure port 9090 is not already open. Please note that you may need to enable telnet in Windows first.
(The below was ran from cmd.exe in Windows 7) C:UsersBrad>telnet example.com 9090 Connecting To example.com...Could not open connection to the host, on port 9090: Connect failed
As you can see, the connection failed.
Step 2: Open the port
To open a port, first open for edit your APF configuration file – /etc/apf/conf.apf:
(The below was ran within PuTTY after connecting vis SSH) [email protected]### [~]# vim /etc/apf/conf.apf
Then, find the following lines and add the port in question:
# Common ingress (inbound) TCP ports IG_TCP_CPORTS="20,21,25,53,80,110,113,143,443,465,993,995,2049,2077,2078,2082,2083,2086,2087,2089,2095,2096,3306,5222,9090,12001" # Common ingress (inbound) UDP ports IG_UDP_CPORTS="53,161,32786,111,2049,9090"
After editing the file and adding the ports, restart APF:
[email protected]### [~]# service apf restart
Step 3: Test again to see if the port is open
Now that APF is restarted, we can once again use telnet to test if the port is open:
(The below was ran from cmd.exe in Windows 7) C:UsersBrad>telnet example.com 9090 Connecting To example.com... 220-vps###.inmotionhosting.com ESMTP Exim 4.80 #2 Fri, 17 May 2013 05:11:39 -0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
As you can see, instead of the Connect failed message, we received the greeting from the application running on port 9090. Congratulations, you now know how to open a port on your server using ssh!
Please note! If you do not have any services running on your server listening to the port in question, you won’t get a response when you do a telnet test. In the above scenario, we setup exim to listen on port 9090, which is why we received a response.
This may help somebody else but this is how I managed to open a port in my firewall. This should apply to all systems that use firewalld, and going by Jacqueem’s content, it looks like this should be the case for most people.
Run this command as root to open up port 80.
firewall-cmd –permanent –zone=public –add-port=80/tcp
It should respond with ‘success’. The first time I tried it, I got an error, and I had to restart my server to fix it. (AMP -> Manage My Cloud Server -> Restart Server)
This command updates the config, but to apply it, you need to run this:
firewall-cmd –reload
Unfortunately, the reload command always hangs/crashes my server, and if that’s what happens for you, you’ll have to go to AMP -> Manage My Cloud Server and restart it.
Now you should be good to go! Try telnet (telnet 80) to verify that the port has been opened. It should not say ‘Connection Refused’.
You can check what ports have been opened for the public zone by running:
firewall-cmd –zone=public –list-ports
PS: firewall-cmd docs say that running firewall-cmd –state should tell you if the firewall is running or not. But for me, it always returns ‘not running’, when the firewall clearly is. But I’m no Linux sys admin and I might be missing something. Hope this helps someone though 🙂
There is no apf installed on my cloud server. I have ufw and opened port 443 but I’m still blocked somewhere. Can you create an updated support topic, or update this one?
Hello and thanks for contacting us. We’ll be releasing content for Firewalld in the near future.
Is there a timeline for this? I’ve tried to follow the man pages for firewall-cmd to add ports, but I just get an opaque error. I think I’m missing some information about how Inmotion is setting up the firewall that should be documented somewhere.
Sorry for the late reply. Here’s our article on configuring Firewalld and UFW. Also, don’t forget to check your local network firewall.
I can’t connect putty it says: “Connection refused” and i don’t have any port open on my VPS and i don’t know how i do open them?
Hello Stw,
The instructions above will tell you how to open a port, however before you can connect to your VPS via Putty, you need to ensure you have added your IP to the firewall. This is the most common issue when first trying to connect to a VPS.
Kindest Regards,
Scott M
my Server work well at first, but then it started to say Network error: Connection refused on PuTTY and WinSCP ports are closed and I can not open them having any access on my server .. I have had this problem for more than 2 weeks.
Hello Stw,
Thank you for contacting us today. If you are hosted with us, contact Live Support for assistance regaining access to your server.
Alternately, if you have cPanel/WHM available there are plugins available that allow you to make changes from the interface.
Otherwise, you may have to escalate to someone who has access, or can physically login to the server and make changes.
Thank you,
John-Paul
I do not find /etc/apf/conf.apf on my dedicated server. I see the /etc directory, but no /etc/apf subdirectory.
Hello parknpool_marc,
Thank you for contacting us. Ensure you are logged as root in order to access that level of the file system.
Thank you,
John-Paul