Open Or Close Server Ports - Bitnami Documentation

Bitnami Documentation > Virtual Machines > Frequently Asked Questions for Virtual Machines > Administration > Open or close server ports

Frequently Asked Questions for Virtual Machines

Getting started

• Learn about Bitnami images
• Find application credentials
• Activate or deactivate the SSH server
• Configure key-based SSH authentication
• Configure password-based SSH authentication
• Connect to the server using SSH
• Learn about the SSH warning 'REMOTE HOST IDENTIFICATION HAS CHANGED'
• Access a server using an SSH tunnel
• Connect to phpMyAdmin
• Learn about Bitnami PHP application modules deprecation
• Understand the default directory structure
• Understand what data Bitnami collects from deployed Bitnami stacks

Configuration

• Configure a static IP address
• Modify the default login password for the virtual machine
• Configure third-party SMTP for outbound emails
• Modify the keyboard layout
• Enable desktop access
• Learn about the Bitnami Configuration Tool
• Install VirtualBox Guest Additions
• Configure the application's IP address or hostname
• Install Webmin
• Configure Webmin

Administration

• Start or stop services
• Obtain root user privileges
• Start and configure Salt Minion
• Connect to the virtual machine from another host
• Open or close server ports
• Reset a forgotten system password
• Auto-configure a Let's Encrypt certificate
• Improve server performance
• Upload files using SFTP
• Modify the available memory for the virtual machine
• Add a new virtual disk
• Extend an existing virtual disk

Troubleshooting

• Troubleshoot Gmail SMTP issues

Open or close server ports

Open server ports for remote access

IMPORTANT: Making this application’s network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

By default, the Bitnami virtual machine’s firewall is configured to allow access on any port(s) required by the application and the SSH port. This implies that ports 80, 443 and 22 are usually open by default.

To open a different port:

• Log in to the server console.

• Check which firewall program is installed in your system:

  $ sudo which nft >/dev/null && echo nftables is enabled in this system || echo ufw is enabled in this system

• If ufw is the firewall program enabled in your machine, execute the following command to open a different port, replacing the PORT placeholder with the number of the port to be opened:

  $ sudo ufw allow PORT

• If nft is the firewall program enabled in your machine, modify the /etc/nftables.conf file and add the following line inside the chain inbound block, replacing the PORT placeholder with the number of the port to be opened:

  chain inbound { ... tcp dport PORT accept }

  More information about modifying the firewall configuration is available on the nftables Wiki.

Close server ports and deny remote access

By default, the Bitnami virtual machine’s firewall is configured to allow access on any port(s) required by the application and the SSH port. This implies that ports 80, 443 and 22 are usually open by default.

To close an open port:

• Log in to the server console.

• Check which firewall program is installed in your machine:

  $ sudo which nft >/dev/null && echo nftables is enabled in this system || echo ufw is enabled in this system

• If ufw is the firewall program enabled in your machine, execute the following command to close a port, replacing the PORT placeholder with the number of the port to be closed:

  $ sudo ufw deny PORT

  More information about modifying the firewall configuration is available on the Debian Wiki.

• If nft is the firewall program enabled in your machine, modify the /etc/nftables.conf file and modify the following line inside the chain inbound block, replacing the PORT placeholder with the number of the port to be opened:

  chain inbound { ... tcp dport { 22, ..., PORT } accept }

  Replace the line and remove the port to be opened:

  chain inbound { ... tcp dport { 22, ... } accept }

  More information about modifying the firewall configuration is available on the nftables Wiki.

In this article

Last modification December 17, 2025