How to view services and listening ports and modify firewall ports in Linux

##################Modify firewall port#################

 

When Linux opens the firewall, you will find that it is okay to log on to port 23 from the local machine, but if you log on to the Linux system from another PC, you will find the following error:

The connection to the host cannot be opened. In port 23, the connection fails.

View port status: Service iptables status

Because the Linux Firewall disables port 23 by default. If remote logon is allowed, you can disable the firewall or open the firewall to open port 23, as shown below:

Takes effect immediately and becomes invalid after restart

Enable: Service iptables start

Disable: Service iptables stop

Effective after restart

Enable: chkconfig iptables on

Close: chkconfig iptables off

When the firewall is enabled, make the following settings to enable the relevant port

Modify the/etc/sysconfig/iptables file and add the following content:

-A RH-Firewall-1-INPUT-M state -- state new-m tcp-p tcp -- dport 23-J accept

 

To modify the firewall configuration, You need to modify the/etc/sysconfig/iptables file. If you want to open a port, add one in it.
-A RH-Firewall-1-INPUT-p tcp-M state -- state new-m tcp -- dport 80-J accept

In this case, 80 is the port number to be opened, and then restart the Firewall Service in Linux.

Note:

The newly added port must be placed on the following line, otherwise it will not work.

-A RH-Firewall-1-INPUT-J reject -- reject-with ICMP-host-prohibited

##################Detailed solution introduction#################

 

[Example: how to view the service and listening port in Linux]

Q: How can I find out which service is listening on a specific port? How can I find out which program is listening on a specific port?

A: In * nix, you can use any of the following commands to obtain a list of listeners on a specific TCP port.

Lsof: Lists opened files, including listener ports.

Netstat: This command visually displays network-related data and information.

Lsof command example

You can run the following command to view the IPv4 Port:

# Lsof-pnl + M-I4

You can enter the following command to view the port list under the IPv6 protocol:

# Lsof-pnl + M-I6

Here we may explain. The first column is command, which provides information about the program name. Pay attention to the title details. For example, the gweather * command in the second line obtains the weather report information from the NWS server (140.90.128.70), including the interactive Weather Information Network and other weather services. Here, we will explain the parameters of the command.

1.-P: This option restricts the conversion from the port number of the network file to the port name. Constraint conversion can make lsof run faster. This is useful when port name search cannot take effect.

2.-N: This option restricts the conversion from the port number of the network file to the host name. Constraint conversion can make lsof run faster. It is useful when the host name cannot be found.

3.-L: This option restricts the conversion from user ID to login name. This option is useful when the login name is found incorrectly or slowly.

4. + M: This option supports registration reports of local TCP and UDP port ing programs.

5.-I4: only list the ports under the IPv4 protocol.

6.-I6: only list the ports under the IPv6 protocol.

Netstaty command example

Enter the following command:

# Netstat-tulpn

Or

# Netstat-NPL

See the output result ::

PROTO Recv-Q send-Q local address foreign address State PID/program name

TCP 0 0 0.0.0.0: 6881 0.0.0.0: * Listen 6908/Python

TCP 0 0 127.0.0.1: 631 0.0.0.0: * Listen 5562/cupsd

TCP 0 0 127.0.0.1: 3128 0.0.0.0: * Listen 6278/(SQUID)

TCP 0 0 127.0.0.1: 25 0.0.0.0: * Listen 5854/exim4

UDP 0 0 0.0.0.0: 32769 0.0.0.0: * 6278/(SQUID)

UDP 0 0 0.0.0.0: 3130 0.0.0.0: * 6278/(SQUID)

UDP 0 0 0.0.0.0: 68 0.0.0.0: * 4583/dhclient3

UDP 0 0 0.0.0.0: 6881 0.0.0.0: * 6908/Python

Note that the last column provides information about the program name and port. Here, we will explain the meaning of each parameter:

-T: indicates that the TCP port is displayed.

-U: indicates that the UDP port is displayed.

-L: display only the listening socket (the so-called socket is the program that enables the application to read and write and send and receive communication protocols (Protocols) and data)

-P: displays the process identifier and program name. Each socket/port belongs to a program.

-N: DNS polling is not performed (acceleration is supported)

About the/etc/services file

/Etc/services is a pure ASCII file that provides a friendly text name for Internet services, as well as its default allocated port number and protocol type. Every network program needs to enter this file to obtain the port number (and Protocol) of its service ). You can use the cat or less command to view the file:

$ CAT/etc/services

$ Grep 110/etc/services

$ Less/etc/services