I have a 1&1 virtual Centos7 server. 1&1 has a firewall that sits above my virtual machine and I need to open ports on it as well as the local firewalld. The ports are open on both firewalls but some of them (993, 1338, 5432, 7869) show as being closed when I telenet from my PC or use https://www.yougetsignal.com/tools/open-ports/. To rule out an issue on my end, I have stopped the firewalld service, but no change. I contacted 1&1 and they said it was not on their end. I asked if was possible to disable their server and politely got a no. I would like to completely rule out an issue on my end.

Do I need to do more that just stop the firewalld service? 1&1 suggested I reboot the server and even though I knew it wouldn't work tried it and sure enough no difference. Is it possible there is another firewall running, and if so how could it be identified? I looked at /var/log/firewalld which showed nothing (which prompted this post). Some of the ports show as having some service running on them (lsof -i:5432 shows postgres) but others do not. Is there a different way to check if a port is open if a service is running on it?

Is there anything else I should do before going back to 1&1. Thanks

port is open only if there is an application running (which is listening on that port).
First you need to check if those apps are really running (and if you really need them). Where are these port numbers coming from?
Next you need to check if those apps were configured properly and accept connection. And now, if that was ok you can check your firewall.

1 members found this post helpful.

Thank you pan64,

A PHP debugger service listens to 7869. When a PHP IDE application is opened on other machines, it uses SSH to start the service. I don't even think 7869 needs to be open for the PHP debugger/IDE to work but after recently upgrading it, things stopped working and am just ruling things out.

Sounds a little like if a tree falls in a forest and no one hears it, does it make a sound?

lsof -i:7869 tells me that a service is listening to the port but telenet/etc doesn't confirm that the port is open. As another test, made sure the IDE app was closed, killed the service, ran another service on the port (httpd), and now shows as open. Missing solved and I know for sure!

Doesn't really matter but still curious why I couldn't detect the port being open when the debugger was running on it. Think it might have something to do with ssh tunnels and the like but don't really know.

I use online tools like testers for udp or tcp.

For instance, you can use a online web tester and do http://YOURIP:1234 to test connect to port 1234.
You can use also use portquiz.net for tcp.

check-host.net lets you test generic inbound connections.

Of course it won't work but you can trace the packet from the internet down to your server using tcpdump.

I tend to use netstat or ss to see what is listening and where:
If the listening daemon doesn’t respond to a telnet connection, telnet will report the port closed/unable to connect. That doesn’t mean the port is not open.