First off I should say that I am new to all things Linux. Having only switched over from windows recently. So my problem might be simple, I just dont know. SO I am hoping someone can see something I have missed.
I recently set up a Ubuntu Server 24.04,on a purpose built barebones machine. On it I am running Jellyfin, Immich and Audiobookshelf. They have been no problem and are doing what is expected both on the lan and externally. But when I try to set up a game server for my grandchildren, (Minecraft), I am having problems connecting to external ports. I have ensured that my router has port 25565 forwarded correctly, and set up a rule in 50-cloud-init.yaml to allow that same port having access to the correct network card, (the server has 2). UFW is turned off.
The game server is accessible internally on the lan and runs as expected. But nothing I do seems to allow the port to be seen externally. I have checked with my isp and they have confirmed that it is not blocked at their end and I am not behind cgnat as I have a static ip from them.
I have tried reinstalling the os several times, ran it with and without ufw but nothing I do seems to resolve the issue. I have also bee on to canyouseeme.org to test the port from outside. It just fails it every time. Other ports for Immich, Jellyfin and Audiobookshelf pass without issue.
So I dont really know where the issue lies. I have no idea if its to do with the os or not. I have tried reaching out to the Minecraft community but no joy there. So can anyone help please? and point me in the right direction?
This is a fairly common question, and it almost always has the same answer:
If you can access your Ubuntu server on the LAN, then your server is properly configured.
If you can access Minecraft and Jellyfin and all your other services from within the LAN, then you’re done setting up your Ubuntu server. Further changes won’t accomplish anything. The connectivity problem is not on your server.
Altering netplan to assign a port to a specific network card seems curious. It should just work along with the rest of your networking automatically. This suggest you have some unusual network that we don’t understand yet.
(FYI: UFW’s default settings do not block Minecraft.)
This is also curious, as it seems to contradict the need for a separate netplan setup. If port forwarding for, say, Jellyfin works (you can access it remotely), then the same forwarding settings on your router can be used for Minecraft.
I’ve hosted a Minecraft server (and a Jellyfin server on the same machine) on Ubuntu Server for many years. Here’s what I would try next were I in your place:
Test connecting to Minecraft on the LAN.
Test connecting to Jellyfin remotely across the internet.
If both tests work properly, then go into your router and use the working Jellyfin template to re-create Minecraft port forwarding on the router. Use Minecraft’s default port 25565 to listen upon, and forward across the LAN to the server using same port number.
Test #1 and #2 again after the changes. Then test Minecraft connectivity across the internet.
If Minecraft STILL doesn’t work across the internet, then maybe your ISP is blocking that port. Back to the router. Choose a different incoming port (like 25560) for the router to listen upon. DON’T change any settings in Ubuntu. Let the Router re-map incoming 25560 external packets to 25565 LAN packets (routers are very good at this). Then test again.
Your grandchildren’s Minecraft client(s) can specify the different port easily. Just add the port to the client’s IP address windows (server address: aaa.bbb.ccc.ddd:25560)
This means that when you grandchildren visit you in person, the IP address of their Minecraft server will change to a LAN IP address. This will confuse everybody once, then it becomes just another entry on their client’s list of servers.
Security Note: Your Minecraft server WILL be detected and griefed by obnoxious vandals unless you use a whitelist. It just takes a few minutes, and will prevent hours of your grandchildren’s tears. Totally worth it.
Thank you Ian for your response. I will try to address your reply in order.
first all my work on the server has been using a terminal on my desktop. So yes that is working.
I altered netplan as I was following youtube tutorials. As I said Im new to this and thought this was what I needed to do.
Jellyfin does indeed work both locally and across the internet.
Now to your numbered points.
My grandchildren are, at the time of writing this reply, playing on the server over lan. So yes that is working.
I can connect to jellyfin over the internet. Tried that this morning.
This I will check to see if they are set up the same.
This will be done after point 3
I have to say, that despite my isp saying the problem is not at their end, and its written into their official documentation, I am not convinced. I do have a ticket open with their tech support rather than their general suppoort. But they are slow to respond. My reasoning is that I have checked other port numbers both above and below 25565, and they also appear to be not working. But again, I will check from point 3 to eliminate as many possibilities as possible.
Thank you again for your clear, and helpful response. I will post again after I run the checks
Point 3. I have compared how Jellyfin and Minecraft are setup on the router for port forwarding. Both are similar with the obvious port number being different.
Point 4. I have tested both, and asked family member to try as well. Jellyfin works internally and externally but still no access to Minecraft externally.
Point 5. This is where I think my problem is. I have, since my last post, sent an email to their customer service department wanting to know why I am paying for a service but its not being completely fulfilled. Yes I have a staic ip from them. But as I can find no other resolution, the only conclusion I can see is that either I am behind cgnat, or more likely, they are still blocking certain ports.
As to the final (security note), which I missed first time of reading, yes I have setup a whitelist. Two of my grandchildren are just into adulthood but the 3 youngest are below 10 so their safety is important.
Again thank you for the support. I will let you know if the isp responds.
Some services have configuration to restrict client access based on IP. Apache, for example, can be configured to allow clients with certain IPs to access the Web service. This may be a thing with the services you are using.
Thanks Ian. Unfortunately my isp have responded stating in writing what they have said over the phone. I am not behind cgnat, and I have a static ip which means I don not have any blocked ports. So Im still scratching my head as to what to try next.
One easy thing to try is to change the port that get forwarded.
Don’t touch the Ubuntu Server.
Don’t touch the Minecraft Server settings.
On the router only, copy the Minecraft port forwarding settings, and change the internet-side listening setting to a different port (like 8080 or 2096) in an unblocked range. Keep the LAN-side forwarding on port 25565, since that is what the Minecraft Server is listening upon.
On a Minecraft client, edit the IP address to add the new internet-side port (format: 123.456.789.012:8080).
Obviously, this will cause LAN connections to fail (wrong port). But it’s very easy to set up (and undo) for a test.
Hi Ian. Thank you that has worked. I can access via port 8080, but more importantly so can my son in a different town. So what is that now telling us about port 25565? I have 25565 set internally and 8080 externally.
Glad you got it worked out! Some ISPs block some ports or port ranges. Also, changing the port forward, also forced your router to refresh its mapping to your server, which could have helped.
