# How to open ports?



## CoolDemon (Jul 13, 2009)

hi,

how can i open port 2222? 
i need it for my controll-panel


----------



## DutchDaemon (Jul 13, 2009)

Is this a serious question? You want us to guess which firewall you are using, which protocol you mean, and in which direction the port needs to be opened?


----------



## CoolDemon (Jul 13, 2009)

default firewall that comes with freebsd... in /home derictory


----------



## DutchDaemon (Jul 13, 2009)

Which of the three default firewalls that come with FreeBSD, none of which use /home, do you mean?


----------



## CoolDemon (Jul 13, 2009)

mm... what?
i don't know, i just installed freebsd and something is blocking 2222 port
i try to enter http://mysite.com:2222 and a blank page comes out


----------



## Voltar (Jul 13, 2009)

Port 2222 isn't normally used for web (http) services. I know of two hosting companies that use it for SFTP/SSH access, and I don't think that your browser will work for that. 

Also run `# kldstat` and see if you have pf.ko or ipfw.ko loaded. If not, you're probably not running a firewall on your machine unless you customized and recompiled the kernel already.


----------



## aragon (Jul 13, 2009)

Until you educate yourself enough for us to help you, try contact someone here.


----------



## DutchDaemon (Jul 14, 2009)

See if something is actually listening on port 2222, using [cmd=]netstat -an | grep 2222[/cmd] or [cmd=]sockstat -L4p 2222[/cmd].


----------



## jdr (Jul 14, 2009)

a complete blank page or The Webpage cannot be find?




			
				CoolDemon said:
			
		

> mm... what?
> i don't know, i just installed freebsd and something is blocking 2222 port
> i try to enter http://mysite.com:2222 and a blank page comes out


----------



## Zakster (Nov 17, 2009)

I need to open UDP port 81 in and out of my network.
I use custom pf.conf

Can please someone help me?

Thanks


----------



## mix_room (Nov 17, 2009)

RTFM

http://www.openbsd.org/faq/pf/


----------



## Zakster (Nov 17, 2009)

Thanks


----------



## philbenton (Nov 17, 2009)

*Please, RTFM before you kill yourself...*

Provided you were capable enough to install a kernel with the following:


```
options         IPFILTER                # Enable IPFilter
options         IPFILTER_LOG            # ... and IPFilter logging
```


You could use vi to edit /etc/ipf.rules with:


```
pass in log quick from any to any keep state
```

Or you could use something more definitive like:


```
pass in quick on em0 proto tcp from any to any port = 2222 flags S/SA keep state
```

provided your network interface is "em0".

I'd recommend taking the time to google as much as you can about what you're trying to accomplish, otherwise you won't really learn anything aside of how to let someone else do it for you.

Good Luck.


----------



## johanizahri (Nov 23, 2017)

Hi,

After:
tcptraceroute myhost 3000

Selected device lo0, address 10.0.xx.xx, port 34863 for outgoing packets

```
Tracing the path to myhost (10.0.xx.xx) on TCP port 3000, 30 hops max
 1  * 10.0.xx.xx [closed] -3007.990 ms *

sudo kldstat
Id Refs Address            Size     Name
 1    3 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82219000 2c0b5    vboxguest.ko
```
Any idea how to unblock port 3000?

Thanks.
Johan


----------



## SirDice (Nov 23, 2017)

Is there anything actually listening on that port? If there is no service listening on that port the port will always be closed.


----------



## johanizahri (Nov 24, 2017)

SirDice said:


> Is there anything actually listening on that port? If there is no service listening on that port the port will always be closed.


Hi SirDice,

Thanks for reaching out.

```
[git@myhost ~]$ tcptraceroute myhost 3000

Selected device lo0, address 10.0.xx.xx, port 60726 for outgoing packets
Tracing the path to myhost (10.0.xx.xx) on TCP port 3000, 30 hops max
 1  * 10.0.xx.xx [closed] -3036.291 ms *

[git@myhost ~]$ sudo kldstat

Id Refs Address            Size     Name
 1    3 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82219000 2c0b5    vboxguest.ko

[git@myhost ~]$ ps -aux | grep gitea
root   667   0.0  0.1  10468  2152  -  Is   19:56     0:00.00 daemon: gitea[669] (daemon)
git    669   0.0  1.0  60104 42068  -  I    19:56     0:02.50 /usr/local/sbin/gitea web
git   1738   0.0  0.0    412   328  0  R+   01:39     0:00.00 grep gitea

[git@myhost ~]$ netstat -an | grep 3000
tcp4       0      0 127.0.0.1.3000         *.*                    LISTEN

[git@myhost ~]$ sockstat -L4p 3000
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS   

[git@myhost ~]$ sudo service gitea status
gitea is running as pid 669.


I'm successful at:
[git@myhost ~]$ lynx myhost:3000

but not
[client@otherhost ~]$ lynx myhost:3000
```

:-(

btw this otherhost is the host os from where i ssh to the guest box, it's on a sierra macos box
also i'm able to google.com from the guest box.

```
[git@myhost ~]$ ping -c 1 www.google.com

PING www.google.com (74.125.204.147): 56 data bytes
64 bytes from 74.125.204.147: icmp_seq=0 ttl=39 time=71.088 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 71.088/71.088/71.088/0.000 ms
```


----------



## herrbischoff (Nov 24, 2017)

The fact that vboxguest.ko exists in the kldstat output leads me to believe that you are running this inside VirtualBox. If true, you will either have to set VirtualBox networking to "bridged" or set up port forwarding in the VirtualBox guest settings. This is probably a NAT issue, not a firewall issue.


----------



## johanizahri (Nov 24, 2017)

herrbischoff said:


> The fact that vboxguest.ko exists in the kldstat output leads me to believe that you are running this inside VirtualBox. If true, you will either have to set VirtualBox networking to "bridged" or set up port forwarding in the VirtualBox guest settings. This is probably a NAT issue, not a firewall issue.


Hi Herrbischoff,

Yes, myhost is a guest virtualbox,
I'm already using bridged setup, and it can connect to google.com on port 80.
Could you point me the way to troubleshoot it?

Best Regards,
Johan


----------



## herrbischoff (Nov 24, 2017)

If it's already bridged, the guest should have received an IP address from your network. This should expose all running services on this IP, as kldstat shows you're not running a firewall. Therefore the basic setup appears to be correct. Try using the IP address instead of the hostname to find out if it's a DNS lookup issue. Also, try if you can telnet to the guest:


```
telnet your.guest.ip.address 3000
```


----------



## johanizahri (Nov 24, 2017)

herrbischoff said:


> If it's already bridged, the guest should have received an IP address from your network. This should expose all running services on this IP, as kldstat shows you're not running a firewall. Therefore the basic setup appears to be correct. Try using the IP address instead of the hostname to find out if it's a DNS lookup issue. Also, try if you can telnet to the guest:
> 
> 
> ```
> ...



Here's the output:

```
client@otherhost:~$ telnet myhost 3000
Trying 10.0.xx.xx...
telnet: connect to address 10.0.xx.xx: Connection refused
telnet: Unable to connect to remote host
------------------------------------------------------------------------------------------------------------- 10:42:26
client@otherhost:~$ telnet myhost 22
Trying 10.0.xx.xx...
Connected to myhost.
Escape character is '^]'.
You are not welcome to use sshd from otherhost.
Connection closed by foreign host.
------------------------------------------------------------------------------------------------------------- 10:42:35
```


----------



## herrbischoff (Nov 24, 2017)

Looking again at the netstat output you posted, I suspect the service you are running on port 3000 is binding to 127.0.0.1 (localhost). You will have to configure it to bind to 0.0.0.0 (entire IPv4 address pool) or the guests' IP address to make it externally accessible.


----------



## johanizahri (Nov 24, 2017)

herrbischoff said:


> Looking again at the netstat output you posted, I suspect the service you are running on port 3000 is binding to 127.0.0.1 (localhost). You will have to configure it to bind to 0.0.0.0 (entire IPv4 address pool) or the guests' IP address to make it externally accessible.


Hi herrbischoff,

Thanks for the clue,
So I changed the app.ini so that it would not use 127.0.0.1 but rather 0.0.0.0
and it's workiing now.


----------



## herrbischoff (Nov 24, 2017)

Happy to help. Click the Thanks button if you feel like it.


----------

