title | description |
---|---|
Port forwarding |
Information on how to set up UDP port forwarding required for Geyser. |
This page contains information on how to set up port forwarding required for Geyser to work when self-hosting. There are also guides for specific configurations, such as Docker/Pterodactyl, or on specific VPS/KVM providers, such as OVH or Oracle Cloud.
:::caution
If you are using a Minecraft server hosting provider (e.g. Aternos, or Nodecraft), you should refer to the hosting provider setup on the setup page instead.
:::
To allow others to play on your server, you will need to set up port forwarding on the device hosting Geyser. Additionally, you will need to port forward the port on your router/modem (in other words, allow and route traffic on that port to the proper machine) if you want the server to be accessible outside your own home network. See here or here for helpful guides. Do note: if you do not have a static IP address, your IP address may change over time.
:::info
Some ISPs (Internet Service Providers) block certain ports, or don't allow you to open ports (e.g. by using CGNAT, which doesn't allow you to open a port with a dynamic IP).
Other ISPs may require you to pay extra for a static IP address.
As an alternative to port forwarding, you can use playit.gg to create a tunnel.
:::
To open a port on Windows, you will need to open the port through the Windows Firewall. There are multiple ways to do this:
-
Powershell
(recommended)To open a port on UDP (in our example, port 19132), run the following command in an administrator Powershell:
New-NetFirewallRule -DisplayName "Geyser" -Direction Inbound -Protocol UDP -LocalPort 19132 -Action Allow
Running this command creates a rule named "Geyser" that allows UDP traffic on port 19132.
-
Windows Defender Firewall with Advanced Security (GUI)
- Search for "Windows Defender Firewall with Advanced Security" in the start menu, and open it. (Image)
- Click on "Inbound Rules" in the left sidebar. (Image)
- Click on "New Rule..." in the right sidebar. (Image)
- Select "Port" as the rule type and click "Next". (Example)
- Select "UDP" and "Specific local ports", and enter the port you want to open (in our example, 19132). Click "Next". (Example)
- Select "Allow the connection" and click "Next". (Example)
- Select the profiles you want to apply the rule to (e.g. "Domain", "Private", "Public"), and click "Next". (Example)
- Enter a name for the rule (e.g. "Geyser"), and click "Finish". (Image)
Different Linux distributions, even different VPS providers ship and configure different firewalls. In the following examples, we will use 19132
as the port to open, but you should replace this with the port you are using for Geyser.
-
ufw
is a simple firewall front-end for iptables that is commonly used on Ubuntu and Debian. To open a port on UDP, run the following command:sudo ufw allow 19132/udp
Then, reload the firewall with
sudo ufw reload
, and see all open rules withsudo ufw status
.
Further helpful guides: DigitalOcean, Baeldung -
firewalld
Add a port on UDP by running:sudo firewall-cmd --zone=public --permanent --add-port=19132/udp
Then, reload the firewall with
sudo firewall-cmd --reload
, and see all open rules withsudo firewall-cmd --list-all
.
Further helpful guides: DigitalOcean -
iptables
is a common firewall that is used on many Linux distributions. To open a port on UDP, run the following command:sudo iptables -A INPUT -p udp --dport 19132 -j ACCEPT
Then, save the firewall with
sudo iptables-save
, and see all open rules withsudo iptables -L
.
Further helpful guides for iptables: DigitalOcean, Ubuntu
You will need to disable Block all incoming connections
in your Firewall settings, as that will block any connections and won't allow you to make exceptions.
To allow incoming connections, click Allow
when getting these prompts.
If you are still facing issues, see Apple's official guide here to open a port on macOS.
In addition to port forwarding the port in your server's firewall (and, if applicable, your router/modem), you will need to assign the port in Docker/Pterodactyl.
Make sure to allocate the port to the server in the Pterodactyl panel's Network
tab, additionally to port forwarding the port.
See here for more information.
There are also different Geyser eggs for Pterodactyl, which can be found here.
:::caution
If you are not able to allocate ports in the Pterodactyl panel, you will need to contact your server host to allocate one for you or try to use an existing port allocation.
:::
For Geyser to work under Docker (e.g. using Itzg's Docker image), you will need to add the Geyser port on UDP to the docker-compose file. This is done by adding the following to the ports
section:
ports:
- "25565:25565"
- "19132:19132/udp"
The additional /udp
suffix is required so that the port is exposed on UDP. If you want to run the Java server and Geyser on the same port, the following would work:
ports:
- "25565:25565"
- "25565:25565/udp"
Alternatively, add another port with the -p 19132:19132/udp
flag to the docker run command.
Some providers, such as OVH, Oracle Cloud, and SoYouStart, have a firewall that blocks UDP ports by default/in most cases.
By default, OVHs firewall requires a TCP ping to the server before allowing UDP connections. This is not possible with Geyser, so you will need to disable the firewall.
:::caution
If you do not have access to these firewall settings, but got linked to this page, please contact your server host and provide them with this link - they are likely using OVH internally.
:::
To verify/temporary work around it:
Attempt to connect to your servers IP and port through a web browser - for example, http://test.geysermc.org:19132
. Connecting won't work, but then try connecting through Bedrock on that same device, and it should work.
Alternatively, try connecting to the server first on Java edition, then on Bedrock with the same device.
To resolve it:
OVH:
- Navigate to
Network interfaces
- Click on the
...
button on the table for your IP -> then...
andConfigure the GAME firewall
->Add rule
->Other protocol
(orminecraftPocketEdition
if available) - Add your Geyser port into
outgoing port
.
SoYouStart (subsidiary of OVH):
- Click the IP tab.
- Click the gear at the right of the public IP address; select "Game mitigation".
- Pick "Add a rule".
- Select "minecraftPocketEdition" in the dropdown list and enter the target UDP ports.
- Save and wait a few seconds for the changes to come into effect.
The OVH GAME filter type minecraftPocketEdition
currently does not work and you must use the Other
type.
If you would like to continue using the filter type minecraftPocketEdition
, you may disable the incompatible security feature by adding -DGeyser.RakSendCookie=false
to your Java server's (or Geyser Standalone proxy's) startup flags.
For more information see:
- This issue on OVH's infrastructure roadmap
- The pull request which implemented the security feature that caused the incompatibility
By default, Oracle Cloud will block all incoming traffic except for SSH and RDP. This must be resolved within Oracle Cloud itself and the Compute Instance running Geyser.
The steps below assume that you are using the default ports for the Java server and Geyser, and should be adjusted accordingly.
- Find your Compute Instance in the OCI Console
- Click on the instances Virtual Cloud Network (this will be under "Instance details")
- On the left-hand side, select "Security Lists"
- Select one of the security lists. By default only one security list will exist. It doesn't matter which security list we add the rules to.
- Select "Add Ingress Rules"
- Configure rules for Java (optional)
- Set "Source CIDR" to
0.0.0.0/0
- Set "Destination Port Range" to
25565-25565
- Select "Another Ingress Rule"
- Set "Source CIDR" to
- Configure rules for Geyser
- Set "Source CIDR" to
0.0.0.0/0
- Set "Destination Port Range" to
19132-19132
- Set "IP Protocol" to UDP
- Set "Source CIDR" to
- Select "Add Ingress Rules"
Run the following commands to allow Minecraft and Geyser through the OS firewall:
sudo firewall-cmd --add-port=25565/tcp --permanent
sudo firewall-cmd --add-port=19132/udp --permanent
sudo firewall-cmd --reload
- Remove/comment out
-A INPUT -j REJECT --reject-with icmp-host-prohibited
in the/etc/iptables/rules.v4
file. - Run the following command to fix
ufw
:
sudo iptables-restore < /etc/iptables/rules.v4