Hello, my project requires that I have port 80 & 443 open, I have forwarded the two ports to the internal IP of my local machine, I have added the ports to fedora server firewall.
But on checking the ports with online port checkers they are still closed why?
Thanks for any help
Without more info we cannot answer properly.
That said, there are several things of note.
- The web server must be active to open those ports for communication.
- The firewall must allow access to the ports.
- I do not understand what you mean about forwarding the ports . Proper config of the web server should always open those 2 ports on the server that is running the web server. Forwarding of the ports should not be required.
Are your firewall changes live?
firewall-cmd has a
--permanent option that you need to use to have your changes survive a reboot.
After setting things with
--permanent did you use
--reload to make your changes live?
What is listening to those ports on the server?
sudo ss -tapn will show what it listening.
What happens when you browse to those ports from another computer?
I like to use
curl to test connections as its got lots of nice debug features.
Sorry I missed out that the ports 80 & 443 are set on my router to point to the machine the web server is on.
You probably need to open this two ports on the router and make a port forwarding to your local machine.
For security reasons I would not use the same port locally as you use on the router … use something like 80 > 8686 etc.
Then on the local machine/server you can let pass the traffic (firewall) from your router IP to your local IP:Portnr.
Then verifie as @barryascott proposed.
What happens if you try to address the web server from another system on the same LAN using the web server IP?
If the firewall and httpd server are properly configured access should be possible since that should not be affected by port forwarding from the router at all.
What exactly is configured on the router for port forwarding? On mine it usually has been set to forward ports from the WAN address of the router to the PRIVATE non-routable address of the server (usually in the 192.168.0.0/16 range). This is with a public IP on the WAN side and private IP on the LAN side.
On the firewall of the server, then simply allowing traffic to those ports should suffice.
Keep in mind that many ISP’s will filter incoming connections on ports 80,443,25,465,110, etc. You might want to try the opposite of what @ilikelinux proposed. Forward a high port, like 8080 on the Public interface to port 80 on your internal server and see if that works. If so, your ISP is probably preventing you from running a web site on port 80 on a “Home” internet connection.
A site as yougetsignal.com advertises itself as “port forwarding tester”, but this is only partly true because it cannot test your router settings. It tests whether it can connect to an application listening on a given port.
You do not specify what project you are creating. If you install the Fedora package “nmap-ncat”, you get a tool where you can test the port forwarding in a controlled way.
First barrier is the router. Second barrier is the fedora firewall, where you have to add the HTTP and HPPTS service to the zone where the network interface is listening.
The command is: “sudo nc -l 80”
If you get “Ncat: bind to :::80: Address already in use. QUITTING”, then your application is already active and listening on port 80.
Otherwise, nothing happens until you test the port forwarding. Yougetsignal gives now " Port 80 is open on ipaddress" and the nc command terminates, so you can do it once. Same story for port 443
If the “nc” tests work, your router and Fedora firewall are configured correctly.
In theory, if an application on the webserver is listening on ports 80 and 443, it could be configured to only listen on localhost, 127.0.0.1 and the open port tester will fail.
Then go back to the post of @barryascott and use the ss command to check whether the application is listening on *:80 and not on 127.0.0.1:80
In that case, the application configuration has to be adapted.
“sudo nc -k -l 80” will run forever, so you can check as many times as you want.