There have been a number of questions about what firewall changes are required for a user to run their own domain. @leo has likely covered this in the stack-manager thread or the “Running your own domain on Mac” thread, but I wanted to open up a post to explain exactly what ports you must have open to run your own domain-server.
40100-40105 is the only range of ports you need open.
40100 is the HTTP port used by the domain-server for its embedded webserver. This port is required by nodes to get domain settings from the domain-server. It also allows users to administer the domain-server via a web browser. We are working on a solution to lock off the administration side of the domain-server.
40102 is the port used by nodes to communicate with the domain-server over UDP.
The other ports in the range (40100, 40101, 40103, 40104, 40105) are currently unused for user domains. As we introduce functionality that uses those ports I will update this port with what they are for. We have included them in the above range so we can add functionality to the domain-server and not require that all of you run back to your firewalls and open up another port.
None of the assignment-client ports should need to be opened up via your firewall - we use industry standard hole punching techniques to create a connection between nodes other than the domain-server. Hole punching will not succeed on some more complicated networks. If somebody has an issue connecting to your domain, open up a forum post so we can see if it is related to UDP hole punching.
Feel free to ask any questions if you are seeking more clarity on these open ports or how nodes connect to each other in High Fidelity.