First we have to check if the port is blocked by firewall. The following can be used for CentOS 5, 6 and XenServer 5, 6

Run the following command from a  remote machine

 

# telnet <IP> <port>

 

If the port is blocked we need to open it by editing /etc/sysconfig/iptables

Open the above file using an editor (vi, nano, etc.)

 

# vi  /etc/sysconfig/iptables

 

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

-A INPUT -j REJECT –reject-with icmp-host-prohibited

-A FORWARD -j REJECT –reject-with icmp-host-prohibited

COMMIT

 

These are the default firewall  rules in CentOS 6.8. The highlighted line is used to open the default SSH port and we use it as template for opening other ports.

For example if we want to open TCP port 5666  and UDP port 53, we add the rules immediately after the SSH rule.

 

# vi  /etc/sysconfig/iptables

 

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 5666 -j ACCEPT

-A INPUT -m state –state NEW -m udp -p udp –dport 53 -j ACCEPT

-A INPUT -j REJECT –reject-with icmp-host-prohibited

-A FORWARD -j REJECT –reject-with icmp-host-prohibited

COMMIT

 

After saving the file, we need to restart the iptables service for the new rules to take effect

 

# service iptables restart