To enable a specific port on a cloud server for external access and service provision, three conditions must be simultaneously met, arranged from the upper layer of the cloud computing platform to the lower layer of the operating system application layer, as follows:

1.The cloud computing platform's security group must open the corresponding port.
2.The operating system's firewall must open the corresponding port.
3The application program must be correctly installed, and the corresponding port must be set.

Let's analyze these one by one.

Firstly, for the cloud servers of Chaomu Data, except for a few availability zones (such as Jordan) where security groups are enabled, almost all cloud servers do not have security groups activated. This means that at the cloud computing platform level, all ports are open, thus fully satisfying the first condition.

Secondly, the firewalls of some cloud server operating systems are enabled by default. Therefore, it's necessary to either disable the firewall or open the corresponding ports on the firewall. It is recommended to keep the firewall enabled and open ports individually for higher security.

For CentOS/Fedora operating systems, the firewall is firewalld, and the relevant commands are as follows:

To close and disable firewalld:

systemctl stop firewalld.service
systemctl disable firewalld.service

To open a specific port (taking port 10222 as an example):

firewall-cmd --add-port=10222/tcp --permanent
firewall-cmd --reload

For Ubuntu/Debian operating systems, the firewall is ufw, and the relevant commands are as follows.

To close and disable ufw:

ufw disable

To open a specific port (taking port 10222 as an example):

ufw allow 10222/tcp
ufw reload

Thirdly, after remote login, use the "netstat -nlp | grep port number" command to check whether the application program is correctly installed and the corresponding port is set.

Taking port 10222 as an example, if executing the following command shows the corresponding port listening records, it means the application program and port settings are correct. If there is no display, it indicates that the application program is not correctly installed.

[root@zhaomu.com ~]# netstat -nlp | grep 10222
tcp        0      0 0.0.0.0:10222            0.0.0.0:*               LISTEN      989/sshd
tcp6       0      0 :::10222                 :::*                    LISTEN      989/sshd

Finally, it is emphasized again that all three conditions must be met simultaneously for a port to be opened and provide service externally. The port's functionality can be tested from a client computer using the "telnet IP address port number" command, for example:

telnet 58.215.65.1 10222

Additionally, as the following ports are susceptible to DDoS attacks, some cloud servers by default disable the following protocols and ports, and they cannot be unblocked:

• Protocol: TCP & UDP, Port: 17
• Protocol: TCP & UDP, Port: 19
• Protocol: TCP & UDP, Port: 1900
• Protocol: UDP, Port: 53413
• Protocol: UDP, Port: 11211

• Thank you for your understanding and support of our work!