Fixing Connection Issues: Ports

Basics

These are the main bits for opening ports, not fixing them. These are all OS-specific, but sorry macOS users and non-Debian OSes, instructions won’t be here for you. There will only be Windows and Debian-stretch instructions.

You can always open all ports by disabling the firewall entirely, but that isn’t recommended unless you have 65535 servers all running at once all for different programs, where everyone should be able to connect to them.

Router

These vary by router, but the general rule is you pick your IPs, ports, and protocol. You need to find a tutorial for your specific router, but some will be linked below.

Netgear / TP-Link /

Subnet (OCI)

If you have an instance running on Oracle Cloud Infrastructure, you know that all instances are part of Virtual Cloud Networks (VCNs). These control router settings, namely ingress rules. Open the subnet for your instance, then select your security list. It should be named something like “Default security list for” and your VCN name. Select it, add a new ingress rule, and choose the settings. Here are the valid options.

Protocol: Most servers work with CIDN, the default. Don’t change this unless specified by your instructions for whatever you’re setting up.
IP Range: Chooses the IP ranges that are allowed to connect to your instance. 0.0.0.0/0 is all, while something like 192.168.1.1 would be just the router. (why) Usually, 0.0.0.0/0 is fine.
Type: The common ones are TCP and UDP. Certain types require different things, like Apache2 / nginx and Minecraft Java require TCP, and Minecraft Bedrock requires UDP. Usually TCP will work unless otherwise specified.
Port: Specifies what ports people are allowed to access. Destination is the one you usually want to change, while Source you want to set to All.

Usually, CIDN, 0.0.0.0/0, TCP, All, and All will work fine.

Windows

First, you need open the Start menu and type Firewall. The first result should be the Windows Defender Firewall and it should open Control Panel. Once there, click Advanced Settings on the left. Now, you should have a window in MMC. Choose Inbound Rules, New Rule, then choose Port. Press Continue, then choose your port and protocol. Once done, just exit the menu.

Debian-stretch (Ubuntu, Debain, etc.)

First, make sure you add ingress rules on your router or subnet by following the instructions above. But, you also need to add them to the system itself. There are 2 main ways, to trust your router and disable your firewall, or to manually add the rules. To add the rules, you use IPTables. Example of an IPTables command for web servers:

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT

This adds a new rule allowing all IPs to access this instance when attempting to access port 80, the HTTP port. If you want a webserver, run that command. Here is the breakdown of sudo iptables -I INPUT 6 -m state –state NEW -p tcp –dport 80 -j ACCEPT.

sudo: What’s the magic word to get what you want? (Runs the command as root)
iptables: IPTables command.
-I: Inserts a new row with the following rule
INPUT: in the INPUT table
6: in the 6th slot
-m: Match these protocols
state: specifically these states
–state: the only state option
NEW: specifically new connections
-p: Protocol selector
tcp: The protocol you want
–dport: Destination port
80: the port that webservers use
-j: Jump rule, what happens when this is met
ACCEPT: allows the connection

If you were hosting a Minecraft Java Edition server, you would use this command.

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 25565 -j ACCEPT

Lastly, save these with this command.

sudo netfilter-persistent save

This saves the filters, and now you just have to run the server.

Troubleshooting

Run a web server.

If your not trying to run a web server, try running one. Follow the instructions for the platforms above for port 80 and any IP address, then create one.

Windows with WebStorm

If you don’t have one, create a JetBrains account and get an EAP version of WebStorm. This is completely free and does not work as a trial, so you still get to keep it. But, they only run for 2 months and about 3 times annually, so you may need to just download something else or use the trial. Once it’s downloaded, create a new React.js project. Open the terminal and type npm start and press CTRL+ENTER. This will start the project and open it in your web browser.

Now, you should have the project running on port 3000. Pull out your phone and connect to your computer’s public IP (just look up What’s my IP) and it should show the React logo. If it does, you either configured the other IP settings incorrectly or it was blocked by your ISP. If you don’t, you probably didn’t follow these instructions properly. For now, just sign up for Oracle Cloud Free Tier. See my post on setting up WordPress for details on instance creation.

Debain Stretch with Apache2

All you really need here is a list of commands, so here you go.

sudo apt install apache2
sudo systemctl restart apache2
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo netfilter-persistent save

Now, connect to your server by going to the IP in a browser. If this is an instance provided by OCI, the public IP should be in the instance information. If you see a page saying “It works!”, you either configured the other IP settings incorrectly or it was blocked by your ISP. If you don’t, you probably didn’t follow these instructions properly. If your ISP was blocking port 80, get a new ISP as soon as your contract ends. For now, just sign up for Oracle Cloud Free Tier. See my post on setting up WordPress for details on instance creation.

Try again.

Chances are, you configured things incorrectly. Try disabling your server’s firewall, then enable it and try your router’s firewall. If those don’t work still, try disabling them both. If no firewall works, your ISP may have blocked the port. If it’s a relatively common port, your ISP may block it. But, if it’s port 80 that’s being blocked, get a new ISP.

Get a PaaS provider.

Sign up for Oracle Cloud Free Tier or DigitalOcean if you don’t mind spending some money. I have steps for ingress rules for subnets above and instance creation in my WordPress installation post. If all else fails, try this.

Conclusion

I hope something helped for you, and if it did, let me know in the comments. I try to read all of them, and there are new posts every Saturday at 12:00 AM UTC.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.