I cannot connect to a port that is already open in my firewall

0

I have tried to open port 80

[root@rhel7 docker]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@rhel7 docker]# firewall-cmd --reload
success
[root@rhel7 docker]# iptables-save | grep 80
-A POSTROUTING_ZONES -o eno16780032 -g POST_public
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A FORWARD_IN_ZONES -i eno16780032 -g FWDI_public
-A FORWARD_OUT_ZONES -o eno16780032 -g FWDO_public
-A INPUT_ZONES -i eno16780032 -g IN_public
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

but when I try to use 

netstat -an

It didnt show up port 80 are listening. When I try to telnet the port, it shows the following

[root@rhel7 docker]# telnet localhost 80
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

Anyways to resolve?

Thanks.

kan1207

Posted 2016-05-24T07:59:00.023

Reputation: 1

Do you run any program that actually listens on that port? – Kamil Maciorowski – 2016-05-24T08:05:07.443

no...I just set up this new machine, any configuration I should do? – kan1207 – 2016-05-24T08:25:22.263

What do you expect to answer on this port? HTTP server maybe? – Kamil Maciorowski – 2016-05-24T08:28:20.883

1You need to run any application that occupies the port 80 ex a webserver. If the webserver starts, you can see listen on netstat -an command. – vembutech – 2016-05-24T08:29:04.263

The firewall does not affect netstat output (ie. whether programs can listen). It just controls whether anyone can connect to the listener. – Daniel B – 2016-05-24T08:38:27.253

Answers

1

Having a port open on firewall and having a program listening on that port are two different things.

I think netstat shows ports being listened on regardless of firewall settings. There is nothing listening on 80/tcp port, therefore your telnet cannot connect.

EDIT, NOTE: I really doubt your firewall blocks connection from localhost to localhost by default. If I'm right and you had some program listening then your telnet localhost 80 would succeed even without your initial firewall-cmd invocation.

On my Debian sudo nestat -an shows some ports in listening state, but it doesn't tell which programs listen. I can list all listening programs by

sudo lsof -i TCP -s TCP:LISTEN

Not knowing (yet) what sort of service you expect to answer on 80/tcp port, I take a guess it is http server. Either there is none installed at all or the one you have has not been started. There is a number of them to pick. E.g. it may or may not be httpd. Try

sudo service httpd status

You may see this guide for some start with httpd on RHEL7.

Kamil Maciorowski

Posted 2016-05-24T07:59:00.023

Reputation: 38 429

Asked: 2016-05-24T07:59:00.023

Viewed: 2 046 times

Active: 2016-05-24T09:30:50.197