Redhat / CentOS / Fedora Linux Open Port

by on September 13, 2007 · 42 comments· LAST UPDATED September 29, 2007

in , ,

Q. I’ve Redhat Enterprise Linux 5 server with Iptabeles firewall enabled. By default it is only allowing port 22. How do I open port 80 / 143 / 110 on Linux? I've started all services but don't know how to open port using iptables.

A. By default iptables firewall stores its configuration at /etc/sysconfig/iptables file. You need to edit this file and add rules to open port number. This file only avilable under
Red Hat Enterprise Linux 3 / 4 / 5 and above
=> Old Red hat Linux version
=> CentOS 4 and above
=> Fedora Linux

Open port 80

Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

Open port 110

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT

Open port 143

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

Restart iptables service

Type the following command:
# service iptables restart

Verify that port is open

Run following command:
netstat -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections:
iptables -L -n

Refer to iptables man page for more information about iptables usage and syntax:
man iptables

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 42 comments… read them below or add one }

1 Erion Budo February 12, 2008 at 2:24 pm

Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

How to close and save a file?????

Reply

2 Nuno February 17, 2011 at 3:55 pm

LOL, if you can’t even navigate in a *nix environment why do you even bother with iptables?

nevertheless you can do the following:

1-insert rules you want
2- press Esc
3- press :
4- wq
5- Enter

Reply

3 cass March 19, 2008 at 7:19 pm

save and close a file in VI
hit ESC
type :
type x

[ESC:X]

Reply

4 rich October 6, 2008 at 5:28 pm

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 587 -j ACCEPT

hi i used this code in fedora 5 to open up the port 587 in my firewall so sendmail would work using this vi command below:

vi /etc/sysconfig/iptables

then i applied the changes and restarted the firewall as you metioned above, ok poped up for all selections. did i do this ok? let me know and thanks. rich.

Reply

5 Sam December 1, 2008 at 8:28 am

I wonder what is happening on my newly installed centos5.2 as all connections excepts icmp are periodically refused (up and down in un-orderly fashion)

Please advice whats wrong; action taken
#service iptables stop
#chkconfig iptables off
#chkconfig –del iptables
#mkdir /backup
#mv /etc/init.d/iptables /backup/
#mv /etc/init.d/ip6tables /backup/
#init 6

Yet the connection refuse error keep on happening time to time(more frequently that connected)

Reply

6 nixCraft December 1, 2008 at 9:16 am

Sam,

You must be using another firewall script such as apf. Most hosting companies install something like this.

Reply

7 Paul May 1, 2009 at 12:16 pm

Don’t forget to make sure the ACCEPT lines are before any REJECT lines

Reply

8 Moiz Kiyani February 8, 2012 at 10:05 am

MOVING the REJECTs to end of file or Above COMMIT Worked for me.

Reply

9 ketan February 9, 2012 at 9:04 pm

Helped me too. Thanks

Reply

10 arijeet maji May 5, 2009 at 6:54 am

good site, helped me a lot to restart a port in linux 5

Reply

11 Craig June 10, 2009 at 5:50 am

An application that I use has an in-built Tcl webserver that uses ports 8015/8016. Is there a way to open these ports but at the same time restrict access to only selected IP addresses?

Reply

12 Wayne July 16, 2009 at 11:33 pm

Sweet! I needed to open a port for the Sybase database server I installed on this box. Your instructions worked perfectly. Thanks for taking the time to post these instructions.

Wayne

Reply

13 John Dondapati August 4, 2009 at 6:06 pm

THank you so much buddy. That really helped.

Reply

14 Mikey November 10, 2009 at 8:22 am

Or, you can just run “system-config-securitylevel” and do it the easy way. :)
I always hated iptables commands.

Reply

15 anggi May 26, 2010 at 11:38 am

thankyou now i can open port 80 :)

Reply

16 Jay Versluis July 19, 2010 at 11:29 am

I don’t seem to have a file called iptables.

When I create it in /etc/sysconfig and add one of those lines at the top, I get an error upon restart saying

“Applying iptables firewall rules: iptables-restore: line 1 failed”

Deleting that file again and restarting the service works fine. Any ideas?

Reply

17 nixCraft July 19, 2010 at 11:55 am

Add your lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain. Do not add them at the top of the file.

Reply

18 Ryan Schroeder November 1, 2013 at 3:05 am

For me, I needed to change the word RH-Firewall-1-INPUT to simply INPUT – I have CentOS 6.4. So, I ended up adding:

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

Reply

19 Jay Versluis July 19, 2010 at 12:08 pm

Thanks Vivek–

I found that by using “iptables -F” followed by “service iptables save” I can generate this file. It then contians several rules – however LOG and DROP are not mentioned.

I’ve tried to add the lines in various places but get an error every time. I’m trying to accept incoming UDP traffic on a couple of ports for use with OSSEC.

Reply

20 craig September 10, 2010 at 3:03 pm

the script line you advised for opening port 80 didn’t work for me!
this worked

-I INPUT -p tcp –dport 80 -j ACCEPT

Reply

21 Kunal sagar June 28, 2011 at 5:07 am

Thanks this one worked for me too

Reply

22 Ryan Schroeder November 1, 2013 at 3:06 am

Yup me too – needed to change RH-Firewall-1-INPUT to just INPUT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

Reply

23 Glenndimes January 17, 2011 at 12:04 am

I’ve made use of this article twice in as many weeks. Thanks!

Reply

24 Anthony January 25, 2011 at 5:45 am

I am Trying To Install Camfrog Server ( Linux Version ) On My Linus CentOS I can Wget And Install The App But Is Stuck After This Point Does Anyone KNow How to Install This App?

Reply

25 Sam February 2, 2011 at 4:05 am

Hi iam totally a newbie to Linux, in my office i am assigned to this task which is install redhat enterprise server 5 and open up the ports 21,22 and 23 to someone else to access the box, he also needs to export the display to his machine as well, as this sounds “GREEK” to me, i need help from you guys to get this completed. pls tell me step by step what should i do?

Reply

26 Swati April 5, 2011 at 7:28 am

i need to access java web service which is running on Apache in linux at port 8080 from windows.

Reply

27 chella April 19, 2011 at 8:14 pm

Thanks a lot Vivek.

Reply

28 zahir May 5, 2011 at 12:13 pm

/etc/sysconfig/iptables-config: line 42: -A: command not found
/etc/sysconfig/iptables-config: line 43: -A: command not found

I am getting this error ????

Reply

29 Edson July 7, 2011 at 9:50 am

someone from outside my network is failing to access my linux server via SSH but i can access it using Putty from within my network. Nothing has changed on my router and there is no firewall in place to block the SSH connection, how can i allow that connection, the guy can ping the server and access other ports.

Reply

30 Deb Biswas July 14, 2011 at 8:13 pm

This information was very useful/handy to me today (2011-07-14) , 5 years after you wrote this article (SEPTEMBER 13, 2007) ! Thank you so much VIVEK GITE. Please keep posing such useful stuff. Regards.

Reply

31 wupload July 17, 2011 at 9:14 am

thnx man work fine

Reply

32 Renee Gailey July 18, 2011 at 7:23 am

I edited my /etc/sysconfig/iptables file. adding in the ports I needed to open. I successfully saved and closed the file, verifying the ports were added to file by viewing the iptables file. I then went to restart it with commands listed above. I kept getting command not found. The first line of the file reads: # Firewall configuration written by system-config-securitylevel
I am running RH Linux 2.6.18-53.el5. How do I stop and start the iptables process so the additional ports will take effect?

Reply

33 Pao September 13, 2011 at 1:47 am

Thanks Vivek!

Reply

34 Kyle Durelle September 16, 2011 at 2:00 pm

Can somebody help me? im trying these methods and they dont work

iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 10 failed
[FAILED]
[root@ sysconfig]# nano iptables

and this is what i have in the file

# Generated by iptables-save v1.4.7 on Fri Sep 16 10:50:02 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13:1276]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INOUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Sep 16 10:50:02 2011

Reply

35 Kyle Durelle September 16, 2011 at 2:02 pm

There was a TYPO my bad but i still cant get port 80 to listen.

iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@ sysconfig]# telnet localhost 80
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…

Reply

36 Kyle Durelle September 16, 2011 at 2:35 pm

sorry for the triple post after much googling and router configurations i figured it out

Reply

37 farrukh October 6, 2011 at 3:25 pm

hi, thanks a bunch for an informative article. you literally saved my day today.
thanks again.

Reply

38 Owais Akhlaq October 12, 2011 at 8:35 am

Dear All,

I have installed a sever with CentOS 6.0 and then installed mySQL and PHP in it. Then i installed CPanel in it. After rebooting the system, my Login screen is disabled and i can only login via Putty software on port 22 , and can only see a console screen.
My question is:
How can i gain access to my cpanel ? i read in articles that cpanel is accessed via 2082 and 2083 ports. But both are seemed to be blocked.

Thanks in advance. Please help

Reply

39 srqwebguy December 28, 2011 at 3:12 pm

Terrific info. Very helpful. Thanks.

Reply

40 BBa February 12, 2012 at 1:06 pm

thanks a lot. it worked perfectly
God bless

Reply

41 cse September 6, 2012 at 2:24 pm

Great !

Thanks a lot !

Reply

42 Shrui December 6, 2012 at 4:21 pm

Thank you so much dude. Both obvious and hard to troubleshoot that shit. God bless you :D

Reply

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous Faq:

Next Faq: