Open ports required to run your own domain


There have been a number of questions about what firewall changes are required for a user to run their own domain. @leo has likely covered this in the stack-manager thread or the “Running your own domain on Mac” thread, but I wanted to open up a post to explain exactly what ports you must have open to run your own domain-server.

40100-40105 is the only range of ports you need open.

40100 is the HTTP port used by the domain-server for its embedded webserver. This port is required by nodes to get domain settings from the domain-server. It also allows users to administer the domain-server via a web browser. We are working on a solution to lock off the administration side of the domain-server.

40102 is the port used by nodes to communicate with the domain-server over UDP.

The other ports in the range (40100, 40101, 40103, 40104, 40105) are currently unused for user domains. As we introduce functionality that uses those ports I will update this port with what they are for. We have included them in the above range so we can add functionality to the domain-server and not require that all of you run back to your firewalls and open up another port.

None of the assignment-client ports should need to be opened up via your firewall - we use industry standard hole punching techniques to create a connection between nodes other than the domain-server. Hole punching will not succeed on some more complicated networks. If somebody has an issue connecting to your domain, open up a forum post so we can see if it is related to UDP hole punching.

Feel free to ask any questions if you are seeking more clarity on these open ports or how nodes connect to each other in High Fidelity.

Tutorial - Quick Domain Hosting in Google Cloud

Thanks @b … do a minor edit to the post to remove 49290 from the sentence in unused ports… just for accuracy and consistency.

As you noted, I have mentioned elsewhere my concern that port 40100 is used for both serving the settings via JSON, and also for access to admin and settings pages that are openly accessible once the port is open to world.

Can this functionality be split as a matter of urgency so that the admin/settings/ stats screens are only accessible via a username and password, or that they are put on another port that can be kept behind the firewall temporarily until security is in pace?


I would go for seperate port that if its done correctly keeped behind a firewall.



I just watched @philip video using UDP over WiFi to engage with Interface.

He says, “sends them directly to via udp over wifi to a listening port on the interface client…”

I’ve done UDP packet sending via Arduino to X Plane 10 and was curious if the process is similar. I will start a new topic / thread about this if @b can confirm it is still port number 40102