linux打开端口Before we learn about opening a port on Linux, let’s understand what network ports are. A port is a communication endpoint. Within an operating system, a port allows the data packets ...
Before we learn about opening a port on Linux, let’s understand what network ports are. A port is a communication endpoint. Within an operating system, a port allows the data packets specific processes or network services.
The first 1024 ports (Ports 0-1023) are referred to as well-known port numbers and are reserved for the most commonly used services include SSH (port 22), HTTP and HTTPS (port 80 and 443), etc. Port numbers above 1024 are referred to as ephemeral ports.
Just to ensure that we are getting consistent outputs, let’s verify this using the ss command to list listening sockets with an open port.
This gives more or less the same open ports as netstat, so we are good to go!
在Linux上打开端口以允许TCP连接 (Opening a port on Linux to Allow TCP Connections)
Let’s open a closed port and make it listen to TCP Connections, for the sake of this example.
Since port 4000 is not being used in my system, I choose to open port 4000. If that port is not open in your system, feel free to choose another closed port. Just make sure that it’s greater than 1023!
To update the firewall rules, restart the iptables service.
sudo service iptables restart
OR using systemctl if you have it.
sudo systemctl restart iptables
测试新打开的端口的TCP连接 (Test the newly opened port for TCP Connections)
Now that we have successfully opened a new TCP port (Port 4000 in my case), let’s test it out.
First, we will start netcat (nc) and listen on port 4000, while sending the output of ls to any connected client. So after a client has opened a TCP connection on port 4000, they will receive the output of ls.
So input your server IP and the port number, which is 4000 in my case, and run this command.
telnet localhost 4000
This tries to open a TCP connection on localhost on port 4000.
You’ll get an output similar to this, indicating that a connection has been established with the listening program (nc).
您将获得类似于此的输出，表明已与侦听程序（ nc ）建立了连接。
As you can see, the output of ls (while.sh in my case) has also been sent to the client, indicating a successful TCP Connection!
如您所见， ls （在我的情况下为while.sh ）的输出也已发送到客户端，表明TCP连接成功！
To show you that the port is indeed open, we can use nmap to check this.
nmap localhost -p 4000
Indeed, our port has been opened! We have successfully opened a new port on our Linux system!
NOTE: nmap only lists opened ports which have a currently listening application. If you don’t use any listening application such as netcat, this will display the port 4000 as closed, since there isn’t any application listening on that port currently. Similarly, telnet won’t work either, since it also needs a listening application to bind to. This is the reason why nc is such a useful tool. This simulates such environments in a simple command.
But this is only temporary, as the changes will be reset every time we reboot the system.
每次重启后都需要更新规则 (Need to update rules after every reboot)
The approach presented in this article will only temporarily update the firewall rules until the system shuts down/reboots. So similar steps must be repeated to open the same port again after a restart.