How to Check if a Port is Blocked by the Firewall in Ubuntu

Having trouble getting access to a particular network resource? It could be due to the firewall blocking the port.

As you know, all the applications require access to certain ports, and when the firewall blocks those ports, the applications will not function properly and will not be able to communicate with the network.

And if you are having trouble reaching a specific application or service, you may need to check the firewall settings to ensure the necessary ports are open, but if you want something that should let you know whether the specific port is open in your environment, you can use telnet and the nc command to determine if the port is open or closed.

So let’s see how you can use telnet and the nc command to test if a specific port is open.

Methods to Check if a Port is Blocked by the Firewall

There are multiple ways through which you can check the status of the port on your system using the following command:

telnet command to check port is open or blocked

One of the simplest and easiest ways to identify port status is by using the telnet command, which is usually used to connect to remote servers and access systems similar to ssh, but you can use it to check if a port is open by trying to connect to it.

If the connection is successful, the port is considered open and accepting connections, and if the connection fails, it means the port is either closed or not accepting connections.

To install telnet on your system, open a terminal window and run any of the following commands, depending on your distribution:

$ sudo apt install telnetd -y
$ sudo yum install telnetd
$ sudo zypper install telnetd
$ sudo pacman -Sy telnetd 

Once the installation is complete, you can follow the syntax from the below code snippet, where I’m checking port 8080, which is generally used for web servers.

If telnet is able to connect to the port, it means that the web server is running properly, and if telnet is not able to connect to the port, it could indicate a problem with the firewall or that the web server itself may not be running.

$ telnet 127.0.0.1 8080

The output of the above command says “telnet: Unable to connect to remote host: Connection refused” because the system doesn’t have open port 8080.

telnet command to check webserver is running or not
telnet command to check if the web server is running or not

And the result is different when I change the port number from 8080 to 9091, which is used for transmission-cli.

telnet command response on sucessfull
telnet command response on success

You can try the same thing by replacing the IP address and port number with the ones you want to test.

nc command to check port is open or blocked

nc command is also working similar to telnet, but it provides more advanced network capabilities such as port scanning, banner grabbing, file transfer, network debugging, and many other interesting features.

And due to this fact, it is one of the most versatile tools for network administrators and security professionals. If you want to learn more about this tool, you can check out this article.

Anyway, let’s come back to the main topic, where I’ll check whether port 8080 is active on my localhost, but first I need to install the NetCat package on the system using the following command:

$ sudo apt install -y netcat
$ sudo dnf install -y nc
$ sudo pacman -S nmap-ncat-2

To check out the port status, you can use nc with the -zv option, where z will only scan for listening daemons without sending any data to the port and v will provide verbose output.

$ nc –zv "127.0.0.1" 8080

The output of the command

nc command output on port close
nc command output on close port

Also Read: The complete guide for NMAP Command

Now let me run the same command, changing the port number from 8080 to 9091, and see if it is also active on my localhost.

$ nc -zv "trendoceans" 9091

And the result is success, with the message “Connection to trendoceans (127.0.1.1) 9091 port [tcp/*] succeeded!’

nc command output on open port
nc command output on an open port

Wrap up

I hope this information was helpful to you and that you can now easily tell which port is open or closed by the firewall or if an application is not listening to a certain port.

Also Read: Smap: Alternate Network Scanner of Nmap by shodan.io [Examples]

For future reference, I have put the command below, which you can directly use to check port status in Linux.

  • $ telnet 127.0.0.1 8080
  • $ nc –zv "127.0.0.1" 8080

If you have any questions or comments, please feel free to leave them in the comments section below.

Leave a Reply