wiki:Ports

Version 13 (modified by Christian Illy, 18 months ago) ( diff )

--

7dtd uses several ports to allow for its functionality. By default these are

Port Default Protocol Direction Used for
BasePort+0 26900 UDP In Game (Steam's master server list interface)
BasePort+1 26901 UDP In Game (Steam communication)
BasePort+2 26902 UDP In Game (networking via LiteNetLib)
BasePort 26900 TCP In Game (Game details query port)
WebDashboardPort 8080 TCP In Web based control panel
WebDashboardPort+2 8082 TCP In Web Panel of the (deprecated) Server fixes
TelnetPort 8081 TCP In "Telnet" control interface
270xx UDP Out Registering at the server list
WebDashboardPort / TelnetPort
Only if enabled in serverconfig.
270xx
Should be in the range 27015 - 27030 according to Valve. But as others have been reported too I would simply suggest opening 27000 up to 27050 here.

If you have a firewall set up that blocks all traffic by default you have to open at least the Game ports (default 26900, 26902). If you also want the server to be listed on the server list the 270xx ports have also to be opened. iptables rules for this could look like this:

iptables -A OUTPUT -s <yourServerIp>/32 -p udp --dport 27000:27099 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT  -d <yourServerIp>/32 -p udp --sport 27000:27099 -m state --state RELATED,ESTABLISHED     -j ACCEPT
iptables -A INPUT  -d <yourServerIp>/32 -p udp --dport 26900:26902 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s <yourServerIp>/32 -p udp --sport 26900:26902 -m state --state RELATED,ESTABLISHED     -j ACCEPT
iptables -A INPUT  -d <yourServerIp>/32 -p tcp --dport 26900 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s <yourServerIp>/32 -p tcp --sport 26900 -m state --state RELATED,ESTABLISHED     -j ACCEPT

If you want the server to also show up in the LAN tab of the server browser (of course only works if it's actually in the same network) BasePort has to be in either the range 26900 to 26905 or 27015 - 27020.

Protecting the Telnet interface

Opening the 7dtd Telnet port to the whole internet may pose security issues as the connection has no protection. The least that could happen is people doing random stuff on your 7dtd server but it could also be that attackers find security holes in the engine and gain further access to the host.

If you have no password set for Telnet the port is only listening on the loopback interface, therefore this is not relevant!

If your server is publicly accessible you should block the ports used for Telnet by a firewall.

To block all traffic on a single port issue the following command:

iptables -A INPUT -eth0 -p tcp --dport 8081 -j DROP

This will drop all TCP packets that are received through the network interface eth0 for the destination port 8081. Adapt the port and incoming interface to your needs. If you want to block a whole range of ports, e.g. because you assign the ports 8900 to 8999 for the Telnet interfaces of multiple 7dtd instance you might simply put "--dport 8900:8999" in the command instead.

Note: See TracWiki for help on using the wiki.