• linux打开端口_在Linux上打开端口

    千次阅读 2020-07-18 10:24:52
    linux打开端口Before we learn about opening a port on Linux, let’s understand what network ports are. A port is a communication endpoint. Within an operating system, a port allows the data packets ...


    Before we learn about opening a port on Linux, let’s understand what network ports are. A port is a communication endpoint. Within an operating system, a port allows the data packets specific processes or network services.

    在学习在Linux上打开端口之前,让我们了解什么是网络端口。 端口是通信端点。 在操作系统内,端口允许数据包特定的进程或网络服务。

    Typically, ports identify a specific network service assigned to them. This can be changed by manually configuring the service to use a different port, but in general, the defaults can be used.

    通常,端口标识分配给它们的特定网络服务。 可以通过手动将服务配置为使用其他端口来更改此设置,但是通常可以使用默认值。

    The first 1024 ports (Ports 0-1023) are referred to as well-known port numbers and are reserved for the most commonly used services include SSH (port 22), HTTP and HTTPS (port 80 and 443), etc. Port numbers above 1024 are referred to as ephemeral ports.

    1024个端口(端口0-1023 )称为众所周知的端口号,并保留用于最常用的服务,包括SSH(端口22),HTTP和HTTPS(端口80和443)等。上面的端口号1024被称为临时端口

    Among ephemeral ports, Port numbers 1024-49151 are called the Registered/User Ports. The rest of the ports, 49152-65535 are called as Dynamic/Private Ports.

    在临时端口中,端口号1024-49151称为已注册/用户端口。 其余端口49152-65535被称为动态/专用端口。

    In this tutorial, we will show how we can open an ephemeral port on Linux, since the most common services use the well-known ports.


    列出所有打开的端口 (List all open ports)

    Before opening a port on Linux, let us first check the list of all open ports, and choose an ephemeral port to open from that list.


    We can use the netstat command to list all open ports, including those of TCP, UDP, which are the most common protocols for packet transmission in the network layer.

    我们可以使用netstat命令列出所有打开的端口,包括TCPUDP的端口 ,它们是网络层中用于数据包传输的最常见协议。

    NOTE: If your distribution doesn’t have netstat, it is not a problem. You can use the ss command to display open ports via listening sockets.

    注意 :如果您的发行版没有netstat ,那不是问题。 您可以使用ss命令通过侦听套接字显示打开的端口。

    netstat -lntu

    This will print all listening sockets (-l) along with the port number (-n), with TCP ports (-t) and UDP ports (-u) also listed in the output.

    这将打印所有侦听套接字( -l )以及端口-n ),并且输出中还将列出TCP端口( -t )和UDP端口( -u )。

    List Open Ports
    List Open Ports

    Just to ensure that we are getting consistent outputs, let’s verify this using the ss command to list listening sockets with an open port.


    ss -lntu
    List Listening Sockets
    List Listening Sockets

    This gives more or less the same open ports as netstat, so we are good to go!


    在Linux上打开端口以允许TCP连接 (Opening a port on Linux to Allow TCP Connections)

    Let’s open a closed port and make it listen to TCP Connections, for the sake of this example.


    Since port 4000 is not being used in my system, I choose to open port 4000. If that port is not open in your system, feel free to choose another closed port. Just make sure that it’s greater than 1023!

    由于系统中未使用端口4000 ,因此我选择打开端口4000 。 如果您的系统中该端口未打开,请随时选择另一个关闭的端口。 只要确保它大于1023即可

    Again, just to make sure, let’s ensure that port 4000 is not used, using the netstat or the ss command.


    netstat -na | grep :4000
    ss -na | grep :4000

    The output must remain blank, thus verifying that it is not currently used, so that we can add the port rules manually to the system iptables firewall.


    对于Ubuntu用户和基于ufw防火墙的系统 (For Ubuntu Users and ufw firewall based Systems)

    Ubuntu has a firewall called ufw, which takes care of these rules for ports and connections, instead of the old iptables firewall. If you are a Ubuntu user, you can directly open the port using ufw

    Ubuntu有一个名为ufw的防火墙,它负责处理端口和连接的这些规则,而不是旧的iptables防火墙。 如果您是Ubuntu用户,则可以使用ufw直接打开ufw

    sudo ufw allow 4000

    You can skip the next few steps, and directly test your newly opened port!


    对于CentOS和基于Firewalld的系统 (For CentOS and firewalld based Systems)

    For these types of systems, if you have firewalld as your primary firewall, it is recommended that you use the firewall-cmd to update your firewall rules, instead of the old iptables firewall.


    firewall-cmd --add-port=4000/tcp

    NOTE: This will reset the firewalld rules to default on a reboot, so if you want to modify this setting permanently, add the --permanent flag to the command.


    firewall-cmd --add-port=4000/tcp --permanent

    You can skip the next few steps, and directly test your newly opened port!


    对于其他Linux发行版 (For Other Linux Distributions)

    So let’s add this new port to our system iptables rules, using the iptables command.


    If this command is not yet installed, get it using your package manager.


    iptables -A INPUT -p tcp --dport 4000 -j ACCEPT

    This sets the firewall to append (-A) the new rule to accept input packets via protocol (-p) TCP where the destination port (--dport) is 4000, and specifies the target jump (-j) rule as ACCEPT.

    这将防火墙设置为附加新规则( -A ),以通过协议( -pTCP接受输入数据包,其中目标端口--dport )为4000 ,并将目标跳转-j )规则指定为ACCEPT

    To update the firewall rules, restart the iptables service.


    sudo service iptables restart

    OR using systemctl if you have it.


    sudo systemctl restart iptables

    测试新打开的端口的TCP连接 (Test the newly opened port for TCP Connections)

    Now that we have successfully opened a new TCP port (Port 4000 in my case), let’s test it out.

    现在我们已经成功打开了一个新的TCP端口(在我的情况下为Port 4000),让我们对其进行测试。

    First, we will start netcat (nc) and listen on port 4000, while sending the output of ls to any connected client. So after a client has opened a TCP connection on port 4000, they will receive the output of ls.

    首先,我们将启动netcat( nc )并侦听端口4000,同时将ls的输出发送到任何已连接的客户端。 因此,客户端在端口4000上打开TCP连接后,他们将收到ls的输出。

    ls | nc -l -p 4000

    This makes netcat listen on port 4000. Leave this session alone for now.


    Open another terminal session on the same machine.


    Since I’ve opened a TCP port, I’ll use telnet to check for TCP Connectivity. If the command doesn’t exists, again, install it using your package manager.

    由于打开了TCP端口,因此我将使用telnet来检查TCP连接。 如果该命令不存在,请再次使用程序包管理器进行安装。

    Format for telnet:


    telnet [hostname/IP address] [port number]

    So input your server IP and the port number, which is 4000 in my case, and run this command.

    因此,输入您的服务器IP和端口号(在我的情况下为4000) ,然后运行此命令。

    telnet localhost 4000

    This tries to open a TCP connection on localhost on port 4000.


    You’ll get an output similar to this, indicating that a connection has been established with the listening program (nc).

    您将获得类似于此的输出,表明已与侦听程序( nc )建立了连接。

    Check Port Using Telnet
    Check Port Using Telnet

    As you can see, the output of ls (while.sh in my case) has also been sent to the client, indicating a successful TCP Connection!

    如您所见, ls (在我的情况下为while.sh )的输出也已发送到客户端,表明TCP连接成功!

    To show you that the port is indeed open, we can use nmap to check this.


    nmap localhost -p 4000
    Check Open Port
    Check Open Port

    Indeed, our port has been opened! We have successfully opened a new port on our Linux system!

    确实,我们的港口已经开放! 我们已经在Linux系统上成功打开了一个新端口!

    NOTE: nmap only lists opened ports which have a currently listening application. If you don’t use any listening application such as netcat, this will display the port 4000 as closed, since there isn’t any application listening on that port currently. Similarly, telnet won’t work either, since it also needs a listening application to bind to. This is the reason why nc is such a useful tool. This simulates such environments in a simple command.

    注意nmap仅列出具有当前监听应用程序的已打开端口。 如果您不使用任何监听应用程序(例如netcat),则会将端口4000显示为已关闭,因为当前没有任何应用程序在该端口上进行监听。 同样,telnet也不起作用,因为它还需要绑定监听应用程序。 这就是nc如此有用的工具的原因。 这在一个简单的命令中模拟了这种环境。

    But this is only temporary, as the changes will be reset every time we reboot the system.


    每次重启后都需要更新规则 (Need to update rules after every reboot)

    The approach presented in this article will only temporarily update the firewall rules until the system shuts down/reboots. So similar steps must be repeated to open the same port again after a restart.

    本文介绍的方法只会临时更新防火墙规则,直到系统关闭/重新启动为止。 因此,必须重复类似的步骤才能在重新启动后再次打开同一端口。

    对于ufw防火墙 (For ufw Firewall)

    The ufw rules are not reset on reboot, so if you’re a Ubuntu user, you need not worry about this part!


    This is because it is integrated into the boot process and the kernel saves the firewall rules using ufw, via appropriate config files.


    对于防火墙 (For firewalld)

    As mentioned earlier, firewalld also suffers from the same problem, but this can be avoided by appending a --permananent flag to the initial command, when opening a port or setting any other rule.

    如前所述, firewalld也存在相同的问题,但是在打开端口或设置任何其他规则时,可以通过在初始命令后附加--permananent标志来避免此问题。

    For example, you can open the TCP Port 4000 permanently using the below command:


    firewall-cmd --zone=public --add-port=400/tcp --permanent

    对于iptables (For iptables)

    For the iptables firewall, although this inconvenience cannot be avoided, we could minimize the hassle.


    We can save the iptables rules to a config file, such as /etc/iptables.conf.


    sudo iptables-save | sudo tee -a /etc/iptables.conf

    We can then retrieve it from the config file after we reboot, using the below command:


    sudo iptables-restore < /etc/iptables.conf

    Now, the iptables rules are now updated, and our ports are opened again!

    现在, iptables规则现在已更新,我们的端口再次打开!

    结论 (Conclusion)

    In this tutorial, we showed you how you could open a new port on Linux and set it up for incoming connections.


    翻译自: https://www.journaldev.com/34113/opening-a-port-on-linux


  • linux打开端口命令

    千次阅读 2013-10-29 12:57:55
    以下是linux打开端口命令的使用方法。 nc -lp 23 &(打开23端口,即telnet) netstat -an | grep 23 (查看是否打开23端口) 经验验证,OK! 只是,好像,linux打开端口命令每一个打开的端口,都需要有相应的监听...

    netstat -anp 显示系统端口使用情况
    lsof -i :端口  显示占用该端口的进程情况 
    uname -a 内核信息
    cat /proc/interrupts 显示中断信息

    netstat -anp | grep  3306 查看mysql端口使用情况

    netstat -anp | grep 3306|awk '{print $7}'|cut -d/ -f1  获取3306端口的pid


    nc -lp 23 &(打开23端口,即telnet)

    netstat -an | grep 23 (查看是否打开23端口)




    也可以使用 netstat -nltp 命令查看所有的端口

  • linux 打开端口8888命令

    千次阅读 2021-04-08 11:52:00
    想要打开端口,先查看该端口是否是开放的 firewall-cmd --query-port=8888/tcp 打开端口命令 firewall-cmd --add-port=8888/tcp --permanent 修改完端口,需要重新加载下firewall-cmd firewall-cmd --reload 再次...

    firewall-cmd --query-port=8888/tcp
    firewall-cmd --add-port=8888/tcp --permanent
    firewall-cmd --reload


  • Linux 打开端口方法

    千次阅读 2019-09-26 05:29:52
    关闭防火墙:service iptables stop 开启防火墙:service iptables start 防火墙状态:service iptables status 永久关闭:chkconfig iptables off 永久开启:chkconfig ...开放端口命令:/sbin/iptables -I INPUT ...

    关闭防火墙:service iptables stop

    开启防火墙:service iptables start

    防火墙状态:service iptables status

    永久关闭:chkconfig iptables off

    永久开启:chkconfig iptables on


       1. 开放端口命令: /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

       2.保存:/etc/rc.d/init.d/iptables save

       3.重启服务:/etc/init.d/iptables restart

       4.查看端口是否开放:/sbin/iptables -L -n


       1.修改文件: vi /etc/sysconfig/iptables

       2.在文本中加入一行:-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT


      3.重启服务:service iptables restart

      4.查看端口命令:service iptables status


       /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT 



       vi /etc/sysconfig/iptables

    版权声明:本文为CSDN博主「Duingold」的原创文章,遵循CC 4.0 by-sa版权协议,转载请附上原文出处链接及本声明。


  • Linux 端口打开 关闭

    千次阅读 2018-04-12 22:57:15
    iptables -A INPUT -p tcp --drop 端口号-j DROP iptables -A OUTPUT -p tcp --dport 端口号-j DROP三、打开端口号:iptables -A INPUT -ptcp --dport 端口号-j ACCEPT四、以下是linux打开端口命令的使用方法。...
  • 打开linux服务器端口

    2019-08-28 11:07:45
    打开linux服务器端口 https://www.cnblogs.com/kevin-yang123/p/9916572.html
  • Linux打开21端口

    千次阅读 2019-11-22 16:36:38
    目录项目名称:实验环境:...Linux打开SSH 22端口 实验环境: Linux机器一台 账号密码已知 实验要求 通过配置文件将其IP修改为10.200.1.16 实验实施 打开机器,输入账号密码(我的是root/zzzadmin) ...
  • Linux 如何开放端口和关闭端口

    万次阅读 多人点赞 2018-05-15 21:42:07
    一、查看哪些端口被打开 netstat -anp 二、关闭端口号: iptables -A OUTPUT -p tcp --dport 端口号-j DROP ...四、以下是linux打开端口命令的使用方法。  nc -lp 23 &amp;(打开23端口,即telnet)  ...
  • linux开启端口linux配置端口Linux关闭端口 开启端口 1.直接用命令开启端口 开放端口命令----保存-----重启服务-------查看端口是否开放 /sbin/iptables -I INPUT -p tcp --dport 6379 -j ACCEPT /etc/rc.d/...
  • Linux打开端口

    千次阅读 2021-03-31 23:35:43
    在学习在Linux打开端口之前,让我们了解什么是网络端口。 端口是通信端点。 在操作系统内,端口允许数据包特定的进程或网络服务。通常,端口标识分配给它们的特定网络服务。 可以通过手动将服务配置为使用其他端口...
  • linux查看端口开启端口

    万次阅读 2018-04-20 10:34:52
    iptables -A INPUT -p tcp --drop 端口号-j DROP iptables -A OUTPUT -p tcp --dport 端口号-j DROP三、打开端口号:iptables -A INPUT -ptcp --dport 端口号-j ACCEPT四、以下是linux打开端口命令的使用方法。...
  • linux打开关闭端口

    千次阅读 2013-12-31 13:43:26
    关闭端口:iptables -A INPUT -p tcp --...打开端口:iptables -A INPUT -p tcp --dport 111 -j ACCEPT 开发不连续端口(包括单个):iptables -A INPUT -p tcp -m multiport --dport 21,20 -j ACCEPT
  • linux打开端口,还是无法telent此端口 记录一下自己踩过的坑 比较简单的一步:关闭防火墙,如果还是无法telnet,有可能是没有监听到这个端口。 systemctl stop firewalld 关闭当前防火墙 systemctl status firewalld...
  • 23_linux打开防火墙端口命令

    千次阅读 2018-07-26 09:22:10
    Linux centos7打开防火墙端口命令: firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --reload Linux centos6: /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT /etc/init....
  • linux查看服务器端口状态,打开端口

    万次阅读 2017-08-03 12:28:54
    查看服务器端口状态: Cd /etc /etc/init.d/iptables status   查看当前所有tcp端口 netstat -ntlp 查看所有80端口使用情况 netstat -ntulp |grep 80 查看所有3306端口使用情况 netstat -an | grep 3306...
  • linux打开80端口 天客户那边有台服务器同一个局域网中都无法访问,排除lamp环境问题,发现时服务器中的防火墙没有开启80端口。于是去网上搜索了一下,在脚本之家看到一种添加代码的方法  代码如下
  • Linux 开启端口方法

    2018-05-19 16:32:50
    Linux 开启端口方法,Linux 开启端口方法,Linux 开启端口方法
  • linux系统下如何打开端口

    千次阅读 2019-03-28 22:36:22
    1)vi/etc/sysconfig/iptables 2)-AINPUT-mstate--stateNEW-mtcp-ptcp--dportxxxxxxxxxx-jACCEPT 3)/etc/init.d/iptablesrestart 立即生效 ...4)/sbin/iptables -L -n 查看已经打开端口 5)netstat...
  • linux 打开和关闭端口

    千次阅读 2012-09-15 14:15:32
    linux 打开和关闭端口 netstat -nupl (UDP类型的端口) netstat -ntpl (TCP类型的端口) 你可以使用 lsof 命令来查看某一端口是否开放。查看端口可以这样来使用,我就以80端口为例: lsof -i:80 如果有显示说明...
  • linux 打开监听端口

    千次阅读 2013-05-23 09:22:15
    #cd /etc/sysconfig  #ls  #vi iptables ... -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306(端口号,port) -j ACCEPT //重启 #/etc/init.d/iptables restart
  • 主要介绍了linux 检测远程端口是否打开方法总结的相关资料,需要的朋友可以参考下
  • linux如何开放端口和关闭端口

    万次阅读 2018-09-29 10:41:03
    一、查看哪些端口被打开 netstat -anp 二、打开8080端口号:iptables -A INPUT -p tcp --dport 8080-j ...linux打开端口命令每一个打开的端口,都需要有相应的监听程序才可以,打开端口后会自带对应的监听程序 --...
  • linux查看对方端口是否打开

    千次阅读 2019-06-03 16:00:25
    telnet使用的是tcp协议,换句话说telnet只能检测tcp的这个端口打开了没 telnet 80 nc nc(netcat)也可查看端口是否打开。 查看tcp 端口是否打开 nc -z 80 查看udp端口是否打开 nc -z ...
  • Linux打开防火墙telnet端口

    千次阅读 2014-03-24 13:07:33
    检查端口情况:netstat -an | grep 22 关闭端口号:iptables -A INPUT -p tcp --drop 端口号-j DROP     iptables -A OUTPUT -p tcp --dport ...打开端口号:iptables -A INPUT -ptcp --dport 端口号-j ACCEPT    
  • Linux网络端口

    千次阅读 2017-06-18 20:25:54
    Linux端口个数 端口分类 网络常用端口介绍
  • linux打开关闭端口命令

    万次阅读 2016-12-13 21:23:43
    关闭端口 iptables-AINPUT-ptcp--dport8080-jDROP ...打开端口 iptables-AINPUT-ptcp--dport8080-jACCEPT 开放不连续端口(包括单个): iptables -A INPUT -p tcp -m multiport --dport 21,20 -j ACCEPT
  • linux打开162端口命令

    千次阅读 2016-12-07 11:21:15
    运行网管类软件需要监听162trap端口,需要开启,Windows默认开启,Linux需要命令开启:打开端口: iptables -A INPUT -p udp –dport 162 -j ACCEPT 关掉端口: iptables -A OUPUT -p udp –dport $162 -j DROP...



1 2 3 4 5 ... 20
收藏数 280,169
精华内容 112,067


linux 订阅