![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
| Version 11 (modified by Alloc, 6 years ago) (diff) |
|---|
7dtd uses several ports to allow for its functionality. By default these are
| Port | Default | Protocol | Direction | Used for |
|---|---|---|---|---|
| BasePort+0 | 26900 | UDP | In | Game (Steam's master server list interface) |
| BasePort+1 | 26901 | UDP | In | Game (Steam communication) |
| BasePort+2 | 26902 | UDP | In | Game (networking via RakNet) |
| BasePort+3 | 26903 | UDP | In | Game (networking via UNET) |
| BasePort | 26900 | TCP | In | Game (Game details query port) |
| WebControlPort | 8080 | TCP | In | Web based control panel |
| WebControlPort+2 | 8082 | TCP | In | Web Panel of the Server fixes |
| TelnetPort | 8081 | TCP | In | "Telnet" control interface |
| 270xx | UDP | Out | Registering at the server list |
- WebControlPort / TelnetPort
- Only if enabled in serverconfig.
- 270xx
- Should be in the range 27015 - 27030 according to Valve. But as others have been reported too I would simply suggest opening 27000 up to 27050 here.
If you have a firewall set up that blocks all traffic by default you have to open at least the Game ports (default 26900, 26902). If you also want the server to be listed on the server list the 270xx ports have also to be opened. iptables rules for this could look like this:
iptables -A OUTPUT -s <yourServerIp>/32 -p udp --dport 27000:27099 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -d <yourServerIp>/32 -p udp --sport 27000:27099 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -d <yourServerIp>/32 -p udp --dport 26900:26903 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -s <yourServerIp>/32 -p udp --sport 26900:26903 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -d <yourServerIp>/32 -p tcp --dport 26900 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -s <yourServerIp>/32 -p tcp --sport 26900 -m state --state RELATED,ESTABLISHED -j ACCEPT
If you want the server to also show up in the LAN tab of the server browser (of course only works if it's actually in the same network) BasePort has to be in either the range 26900 to 26905 or 27015 - 27020.
Protecting the Telnet interface
Opening the 7dtd Telnet port to the whole internet may pose security issues as the connection has no protection. The least that could happen is people doing random stuff on your 7dtd server but it could also be that attackers find security holes in the engine and gain further access to the host.
If you have no password set for Telnet the port is only listening on the loopback interface, therefore this is not relevant'''
If your server is publicly accessible you should block the ports used for Telnet by a firewall.
To block all traffic on a single port issue the following command:
iptables -A INPUT -eth0 -p tcp --dport 8081 -j DROP
This will drop all TCP packets that are received through the network interface eth0 for the destination port 8081. Adapt the port and incoming interface to your needs. If you want to block a whole range of ports, e.g. because you assign the ports 8900 to 8999 for the Telnet interfaces of multiple 7dtd instance you might simply put "--dport 8900:8999" in the command instead.
