Open a Port Permanently

I have tried to open a port on a new AL9 machine. The machine reports it is open, but using nmap from another machine (AL8.6) shows it is there but closed.

$ sudo firewall-cmd --zone=public --permanent --add-service=postgresql
$ sudo firewall-cmd --zone=public --permanent --add-port 5432/tcp
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all
services: cockpit dhcpv6-client postgresql ssh
ports: 5432/tcp   

sudo nmap -sS server_n.local -p 4000-6800
[sudo] password for user1:
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-04 19:00 EDT
Nmap scan report for server_n.local (192.168.1.23)
Host is up (0.00038s latency).
Not shown: 2800 filtered ports
PORT     STATE  SERVICE
5432/tcp closed postgresql

Why is this port not open? How can I get it open? Cheers

What is the output of “ss -nutpl”? Does it show listening on 0.0.0.0 or localhost?

tcp LISTEN 0 2044 0.0.0.0:5432 0.0.0.0:* users:((“postmaster”,pid=735,fd=6))

yes if its reported as closed then postgres isn’t listening on that port, nothing to do with the firewall (which would show as filtered). postgres listens only on localhost by default with listen_addresses = 'localhost'

OP did mention this issue in the other thread PostgreSQL v13 Installation - #12 by daBee but then dismissed the instructions that I did offer.

Netid                   State                    Recv-Q                   Send-Q                                      Local Address:Port                                       Peer Address:Port                   Process
udp                     UNCONN                   0                        0                                               127.0.0.1:323                                             0.0.0.0:*
udp                     UNCONN                   0                        0                                                   [::1]:323                                                [::]:*
tcp                     LISTEN                   0                        128                                               0.0.0.0:22                                              0.0.0.0:*
tcp                     LISTEN                   0                        244                                          192.168.1.23:5432                                            0.0.0.0:*
tcp                     LISTEN                   0                        244                                             127.0.0.1:5432                                            0.0.0.0:*
tcp                     LISTEN                   0                        128                                                  [::]:22                                                 [::]:*
tcp                     LISTEN                   0                        244                                                 [::1]:5432                                               [::]:*

Yes, I’ve taken care of postgresql:
listen_addresses ='127.0.0.1, ::1, localhost, 192.168.1.23, 0.0.0.0'
BTW @jlehtone I don’t know if this is related. The app shows up closed from the box that needs to talk to it, and open on the machine itself:

[Tue Jul 05 12:15:29 user1@server_f ~/rfs] sudo nmap -sS -p 0-10000 server_n.local
[sudo] password for user1:
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-05 12:15 EDT
Nmap scan report for server_n.local (192.168.1.23)
Host is up (0.00038s latency).
Not shown: 9998 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
5432/tcp open   postgresql
9090/tcp closed zeus-admin
MAC Address: D0:50:99:87:7B:4A (ASRock Incorporation)

Nmap done: 1 IP address (1 host up) scanned in 58.07 seconds

[Tue Jul 05 12:14:02 user1@server_n ~] sudo nmap -sS localhost
Starting Nmap 7.91 ( https://nmap.org ) at 2022-07-05 12:14 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
5432/tcp open  postgresql

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

You have to run the ss with root priviledges, so sudo ss. With regular account the ‘-p’ option does nothing; it does not show the process.

Firewall has quite different rules for the “localhost” than for the “outsiders”.

That’s strange. I posted both and they are open. OK, it now seems like it’s an authentication issue instead of port closing.