Opening and closing ports is an essential aspect of network security. A webserver can “listen” on any number of ports, but that doesn’t mean it should! In fact, it shouldn’t listen to most of them. Certain services like SSH are standardized to listen on specific ports – in this case, 22. As a result, port 22 is constantly getting hammered by hackers trying to break in. So one of the first things you do on a NameHero VPS is to open another port to listen for SSH.
In this article, I’ll show you how to open ports using the in-built tool that comes when you purchase a VPS from NameHero.
Command Line vs VPS Interface
When performing server configuration tasks, I recommend that you use the command line instead of the GUI interface provided by WHM or InterWorx. This is for two reasons:
- You’re not locked to a single workflow
- The command line teaches you the “guts” of the system
Let’s say I were to give you a screenshot of how to open a port from within InterWorx. Sure, it’ll be relevant – for now. But what if the interface changes? What if you switch to a new server with another interface like WHM? What if one day you get a “bare-metal” server that doesn’t have a GUI interface? What then?
This is why I recommend performing all server configurations on the command line. In addition to the above flexibility, it also gives you an idea of where the important files are, which folders contain the settings for which applications, and in general allows you to get to know your server in a way that the GUI doesn’t.
So here’s how to open ports via the command line.
Open the CSF Config Folder and Make Changes
When you get a NameHero VPS server, it comes pre-configured with the ConfigServer Security and Firewall” package. This is an easy way to set up your firewall with easy to understand text files, instead of memorizing and keeping track of the complex syntax of iptables.
The CSF config file is located at:
/etc/csf/csf.conf
Open this file in the text editor of your choice and find the line starting with “TCP_IN” as shown here:
This is just a comma separated list of ports that are allowed to remain open. You can see that “22” is one of these ports since it’s the one used by default for SSH. Here we can easily add or delete ports. For example, I’ve added port number “2208” because I want to use that as a replacement for SSH. If you want, you can also remove number 22 from the list since we won’t be accepting SSH traffic on it.
Once you’re done adding and removing ports, save your changes.
Restart CSF
The changes you made to the config files in CSF won’t take effect until you restart CSF. You do this via the following command:
csf -r
This implements the changes you’ve made. And you’re done! Now you can try connecting to the port you’ve just opened. If using PuTTY, you can change the port number in the connection screen and login.
Always remember to keep your ports tightly controlled. These are gateways into your server and it’s not a great idea to have an open door in your house, is it?
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply