Networking
Ports & firewall
For players to connect, the game and query ports must be reachable from the internet. This page lists exactly which ports to open for each game.
Default ports per game
| Game | Game port | Query port | RCON port |
|---|---|---|---|
| ARK: Survival Ascended | 7777 / UDP | 27015 / UDP | 27020 / TCP |
| Palworld | 8211 / UDP | 27015 / UDP | 25575 / TCP |
| Enshrouded | 15636 / UDP | 15637 / UDP | — |
What to open where
| Port | Firewall (machine) | Router (port-forward) | Notes |
|---|---|---|---|
| Game port | Open | Forward | Required — players connect here |
| Query port | Open | Forward | Required — server browser & status |
| RCON port | Open to panel only | Do NOT forward | Keep private — admin console |
| SSH (22) | Open to you/panel | Optional | Management only |
Important: Open game and query ports to the public, but never port-forward RCON or SSH to the whole internet. See Console & RCON.
Machine ports (SSH, FTP, Docker)
A prepared machine runs SSH (control), an IIS/vsftpd FTP server (file access) and Docker (server containers). The panel manages the machine's own firewall — on your router/edge open:
| Port | Use | Recommendation |
|---|---|---|
22 / TCP | SSH — panel control channel | Restrict to the panel IP |
21 / TCP | FTP — file access | Restrict to the panel IP |
11000-11999 / TCP | FTP passive data range | Restrict to the panel IP |
8384 / TCP | Syncthing — backup/cluster sync (optional) | Restrict to the panel IP |
Tip: Only SSH (22) is needed just to connect a machine. Game, query, FTP and Syncthing ports come into play once you run servers — for security restrict 21, 22, 8384 and 11000-11999 to the panel's IP.
Running several servers on one machine
Each server needs its own game, query and RCON ports. A common pattern is to step each server up by a fixed amount, e.g. server 1 on 7777, server 2 on 7779, server 3 on 7781 (ARK reserves the next port too), and matching query/RCON offsets.
Linux firewall (ufw) example — ARK
sudo ufw allow 7777/udp # game sudo ufw allow 27015/udp # query # RCON stays closed to the public; allow only the panel IP: sudo ufw allow from 188.40.172.102 to any port 27020 proto tcp sudo ufw enable
Panel infrastructure ports (reference)
These are for the panel host itself, not your game machines:
| Service | Port | Exposed |
|---|---|---|
| HTTP (Caddy) | 80 / TCP | Public — redirects to HTTPS |
| HTTPS (Caddy) | 443 / TCP | Public — the panel & docs |
| Panel app | 3002 / TCP | Localhost only (behind Caddy) |
Next: the step-by-step port forwarding guide.