Networking
Ports & firewall
For players to connect, the game and query ports must be reachable from the internet. This page lists exactly which ports to open for each game.
Default ports per game
| Game | Game port | Query port | RCON port |
|---|---|---|---|
| ARK: Survival Ascended | 7777 / UDP | 27015 / UDP | 27020 / TCP |
| Palworld | 8211 / UDP | 27015 / UDP | 25575 / TCP |
| Enshrouded | 15636 / UDP | 15637 / UDP | — |
What to open where
| Port | Firewall (machine) | Router (port-forward) | Notes |
|---|---|---|---|
| Game port | Open | Forward | Required — players connect here |
| Query port | Open | Forward | Required — server browser & status |
| RCON port | Open to panel only | Do NOT forward | Keep private — admin console |
| SSH (22) | Open to you/panel | Optional | Management only |
Important: Open game and query ports to the public, but never port-forward RCON or SSH to the whole internet. See Console & RCON.
Running several servers on one machine
Each server needs its own game, query and RCON ports. A common pattern is to step each server up by a fixed amount, e.g. server 1 on 7777, server 2 on 7779, server 3 on 7781 (ARK reserves the next port too), and matching query/RCON offsets.
Linux firewall (ufw) example — ARK
sudo ufw allow 7777/udp # game sudo ufw allow 27015/udp # query # RCON stays closed to the public; allow only the panel IP: sudo ufw allow from 188.40.172.102 to any port 27020 proto tcp sudo ufw enable
Panel infrastructure ports (reference)
These are for the panel host itself, not your game machines:
| Service | Port | Exposed |
|---|---|---|
| HTTP (Caddy) | 80 / TCP | Public — redirects to HTTPS |
| HTTPS (Caddy) | 443 / TCP | Public — the panel & docs |
| Panel app | 3002 / TCP | Localhost only (behind Caddy) |
Next: the step-by-step port forwarding guide.