A TCP/IP network connection may be either blocked, dropped, open, or filtered. These actions are generally controlled by the IPtables firewall the system uses and is independent of any process or program that may be listening on a network port. This post will outline the steps to open a port required by a application. For this post example, we will be opening Application Specific (Apache) Port 55555.

Server details are as below:

# uname -a
Linux ucartz 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)


1. Check Port Status


Check that the port is not open and Apache is not showing that port:

# netstat -na | grep 55555


# lsof -i -P |grep http
httpd     5823   root    4u  IPv6  42212      0t0  TCP *:80 (LISTEN)


2. Check Port Status in iptables


Check that iptables are not showing that port open:

# iptables-save | grep 55555


3. Add the port


Add the test port in /etc/services file and allow the port to accept packets. Test port can be added by editing /etc/services file in below format:

# vi /etc/services
service-name  port/protocol  [aliases ...]   [# comment]


# vi /etc/services
testport        55555/tcp   # Application Name


4. Open firewall ports

Add a Firewall rule to allow the port to accept packets:

# firewall-cmd --zone=public --add-port=55555/tcp --permanent


# firewall-cmd --reload


# iptables-save | grep 55555
-A IN_public_allow -p tcp -m tcp --dport 55555 -m conntrack --ctstate NEW -j ACCEPT


5. Check newly added port status


After adding the port for httpd and reloading httpd services, notice now httpd is also listening to newly added port 55555:


# lsof -i -P |grep http
httpd     6595   root    4u  IPv6  43709      0t0  TCP *:80 (LISTEN)
httpd     6595   root    6u  IPv6  43713      0t0  TCP *:55555 (LISTEN)


# netstat -na |grep 55555
tcp6       0      0 :::55555                :::*                    LISTEN


Was this answer helpful? 0 Users Found This Useful (1 Votes)