In CentOS7 cloud server management, port opening and viewing are the basic operations to ensure service accessibility. Whether deploying Web applications, databases, or API services, the correct port configuration directly affects the success or failure of extranet communication. This article will analyze the complete process of firewall configuration, port status viewing and cloud platform linkage, which is conducive to better control of server network permissions.

1.Firewall management: the core operation of firewalld

CentOS7 uses firewalld by default as a dynamic firewall management tool, which has the advantage of allowing you to modify rules at run time without restarting the service. The following are the key operation commands:

1. Start and make sure firewalld is running

sudo systemctl start firewalld Starts the firewall
sudo systemctl enable firewalld Specifies that firewalld starts when the system starts
sudo systemctl status firewalld Checks the running status

If active (running) is displayed, the firewall is ready.

2. Open the specified port (for example, HTTP 80).

sudo firewallcmd zone=public addport=80/tcp permanent

zone=public: The zone where the rule is applied (usually public)

addport=80/tcp: adds TCP port 80

permanent: The rule is retained after the restart.

3. Overload the firewall configuration

sudo firewallcmd reload

This step makes the new rule take effect immediately without restarting the service.

4. Check whether the port is open

sudo firewallcmd zone=public listports

The output should contain 80/tcp, indicating that the port was successfully opened.

2. Traditional firewall: Alternative to iptables

If the server does not use firewalld (such as custom iptables installation), you can run the following command to manage the port:

1. Install the iptables service

sudo yum install iptablesservices
sudo systemctl start iptables
sudo systemctl enable iptables

2. Open the SSH port (22)

sudo iptables A INPUT p tcp dport 22 j ACCEPT

3. Save the rule to the configuration file

sudo service iptables save

The rules are saved to /etc/sysconfig/iptables and automatically loaded after the restart.

3. port status view: multi-dimensional diagnostic tool

1. Check the open ports of the firewall

sudo firewallcmd listall

Example output:

ports: 80/tcp 443/tcp

2. Check the port listening status

The netstat command (nettools required) :

sudo yum install nettools
netstat tuln | grep ':80'

If the output contains LISTEN, the service is bound to port 80.

ss command (more modern alternative) :

ss tuln | grep ':80'

3. Check the ports occupied by processes

sudo lsof i :80

4. cloud platform security group: can not be ignored access control

If security group rules are not configured on the cloud platform, external requests are blocked even if the local firewall of the server has opened ports.

5. Port connectivity test: ensure internal and external connectivity

1. Local test (internal server)

telnet 127.0.0.1 80

If Connected is returned, the service local listening is normal.

2. External Testing (client)

Using telnet or nc:

telnet server Public IP address 80

If Escape character is '^]' is displayed, the port is connected.

Online port detection tool:

Visit Port Checker and enter the IP address and port number to check.

6.common troubleshooting and solutions

1. The port is open but inaccessible

Check that the service is running:

systemctl status nginx

Verify security group rules: Ensure that the cloud platform rules are consistent with the local firewall rules.

2. Ports conflict

Find occupied processes:

sudo ss tulnp | grep ':80'

Restart the target service after the conflict process is terminated.

3. SELinux block

Temporarily disabled (for debugging only) :

sudo setenforce 0

Permanent modification:

sudo vi /etc/selinux/config

Change SELINUX=enforcing to SELINUX=disabled and restart.

4. The firewall rule has not taken effect

Confirm the firewalld area:

sudo firewallcmd getdefaultzone

Make sure the rule is added to the correct area (usually public).

7. Advanced configuration: port forwarding and multi-IP binding

1. Port forwarding (forwarding external 8080 to internal 80)

sudo firewallcmd permanent zone=public addforwardport=port=8080:proto=tcp:toport=80
sudo firewallcmd reload

2. Multi-ip binding (ports that listen to specific IP addresses)

sudo firewallcmd permanent zone=public addrichrule='rule family="ipv4" source address="192.168.1.100" port port="80" protocol="tcp" accept'

The port management of CentOS7 cloud server should focus on firewall rules, cloud platform security group, port view connectivity and other steps to complete. Whether you are deploying new applications or migrating old services, you can effectively locate and resolve problems by mastering these commands and logic and following the process of local configuration, cloud release, service monitoring, and external verification.