How to open a server port?

To make a server port open to the public for providing services, three conditions must be met simultaneously, from the upper-level cloud computing platform to the lower-level operating system application layer, in the following order:

1.  The security group of the cloud computing platform enables the corresponding port.

2.  The firewall of the operating system enables the corresponding port.

3.  The application is correctly installed, and the corresponding port is set.

Let's analyze them one by one.

First, except for very few availability zones (such as Jordan), VDEcloud servers have not enabled security groups, meaning that all ports are open at the cloud computing platform level. Therefore, the first condition is fully met.

Second, the firewalls of some server operating systems are enabled by default. Therefore, you need to disable the firewall or enable the corresponding port separately on the firewall. Enabling the firewall and then enabling the port separately is recommended for higher security.

For CentOS/Fedora operating systems, the firewall is firewalld. The relevant commands are as follows:

Disable and disable firewalld:

systemctl stop firewalld.service
systemctl disable firewalld.service

Enable a specific port (using port 10222 as an example):

firewall-cmd --add-port=10222/tcp --permanent
firewall-cmd --reload

For Ubuntu/Debian operating systems, the firewall is ufw. The relevant commands are as follows:

Disable and disable ufw:

ufw disable

Enable a specific port (using port 10222 as an example):

ufw allow 10222/tcp
ufw reload

Third, after logging in remotely, use the "netstat -nlp | grep port number" command to check whether the application is correctly installed and the corresponding port is set.

Taking port 10222 as an example, if the following command is executed and the corresponding port listening record is displayed, it indicates that the application and port settings are correct. If it is not displayed, it indicates that the application is not installed correctly.

[root@vdecloud.com ~]# netstat -nlp | grep 10222
tcp        0      0 0.0.0.0:10222       0.0.0.0:*             LISTEN      989/sshd
   tcp6       0      0 :::10222                 :::*                    LISTEN      989/sshd

Finally, it is emphasized again that all three conditions must be met simultaneously for a port to be open to the public for providing services. You can use the "telnet IP address port number" command on the client computer to check whether the port is providing services normally. For example:

telnet 58.215.65.1 10222

In addition, due to the vulnerability of the following ports to DDoS attacks, some servers disable the following protocols and ports by default and this restriction cannot be removed.

Protocol: TCP & UDP, Port: 17

Protocol: TCP & UDP, Port: 19

Protocol: TCP & UDP, Port: 1900

Protocol: UDP, Port: 53413

Protocol: UDP, Port: 11211