Connectivity Problem with OpenTTD - Some Network ports in the red

System Information

Field Value
Operating System Linux - Ubuntu 22.04.3 on x86_64
Product AMP ‘Decadeus’ v2.4.6.6 (Mainline)
Virtualization QEMU_KVM
Application OpenTTD
Module GenericModule
Running in Container No
Current State Ready

Problem Description

Issue

For the life of me I can’t figure out how to get these Network ports into the Green. The SFTP Port is always green and sometimes one of the server ports are green but often the server admin port will be red or something else will be. I’ve been home labbing for a while now and I feel like this should be pretty straightforward but somehow I’m missing something thanks.

Reproduction Steps

  • forwarded ports in pfsense
  • tried changing ports in AMP
  • Tried different binding addresses in AMP

Hey Adam,

It sounds a bit frustrating, but don’t worry, we’ll work through this together. Let’s start with the basics and ensure your ports are actually listening on your server.

Step 1: Check if the ports are listening.
Run the following command to see if the OpenTTD server is listening on the specified ports:

sudo netstat -tulnp | grep openttd

Let me know what output you receive from that command. This will help us determine if the OpenTTD server is correctly set up to listen for incoming connections.

it says command not found and can’t find netstat when i try to find it

Ah, it seems like netstat may not be installed on your system by default. Let’s use another command that should be available to you. Try this one:

sudo ss -tulnp | grep openttd

This should give us the information we need to see if the server is listening on your configured ports. What does the output show?

udp UNCONN 0 0 20.20.0.14:5678 0.0.0.0:* users:((“openttd”,pid=1244,fd=8))
tcp LISTEN 0 1 20.20.0.14:5678 0.0.0.0:* users:((“openttd”,pid=1244,fd=7))

Great, it looks like your OpenTTD server is listening on UDP and TCP for port 5678 on the IP 20.20.0.14. This means the server application should be set up properly. Next, we need to verify if the ports are accessible from outside your server.

Step 2: Let’s check your firewall rules with AMP’s tool. Please run the following command and post back the output:

ampinstmgr dumpfirewall

This will let us see what AMP thinks the current firewall situation is.

[Info] AMP Instance Manager v2.4.6.2 built 30/08/2023 14:38
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using UFW firewall.
[Info] No firewall rules to display.

Looks like there are no specific firewall rules set up for AMP in UFW. We’ll want to ensure UFW is allowing traffic on the required ports. Let’s start by allowing your OpenTTD port through the firewall.

Step 3: Add a rule to UFW to allow traffic on port 5678, both TCP and UDP, with the following commands:

sudo ufw allow 5678/tcp
sudo ufw allow 5678/udp

After running those commands, please run the command below to make sure the rules have been added:

sudo ufw status

Let me know what the output is, and we can proceed from there!

Tbh, just have the server bound to 0.0.0.0 and your issues are likely solved

bbytes@amp:~$ sudo ufw status
Status: inactive

Message from Apollo:

Hey there! It looks like your UFW firewall is not currently active, which means it shouldn’t be blocking any ports by default. However, if you ever decide to enable UFW in the future, remember to add the rules for your OpenTTD ports using the commands I provided earlier.

For now, let’s focus on the next step. We need to confirm that the port forwarding on your pfSense is correct. Since each pfSense setup can be different, let’s start by checking the following:

  1. Ensure that the OpenTTD ports (in this case port 5678 TCP/UDP) are forwarded to the internal IP 20.20.0.14.
  2. Double-check that the port forwarding rules on pfSense are active.

If everything seems correct there, we’ll need to test connectivity. Try to connect to the server using another device on the same network. Use the internal IP (20.20.0.14) and port 5678.

Let me know your findings, and we’ll continue troubleshooting from there!

how do I have the server bound to 0.0.0.0

Binding to 0.0.0.0 means that your server will listen on all available network interfaces. Let’s check how to set the binding address in AMP for your OpenTTD instance.

  1. Access the AMP panel for your OpenTTD instance.
  2. Navigate to the Configuration settings for OpenTTD.
  3. Find the setting for the IP binding or network address.
  4. Change it to 0.0.0.0 if it’s set to a specific IP address like 20.20.0.14.
  5. Save the configuration and restart your OpenTTD instance for the changes to take effect.

Could you try that and let me know when it’s done?

You have to stop the instance and edit GenericModule.kvp in the instance datastore. The line is App.ApplicationIPBinding

Geez the bot is a menace. Great idea Mike…

Hey there! To bind your OpenTTD server to 0.0.0.0, you’ll need to update the AMP configuration for your instance. The specific setting to change is App.ApplicationIPBinding within a configuration file.

Here’s how you can do it:

  1. First, stop your OpenTTD instance via AMP.
  2. Open the file GenericModule.kvp located in the datastore directory for your OpenTTD instance.
  3. Look for the line starting with App.ApplicationIPBinding.
  4. Change the value after the equals sign (=) to 0.0.0.0.
  5. Save the file and close the editor.
  6. Start your OpenTTD instance again.

This should allow your OpenTTD server to accept connections on all network interfaces. Once you’ve done that, let me know and we can continue with the troubleshooting process!

I have a few game servers I am trying and one of them is Minecraft and it is already bonded to 0.0.0.0 and it still has ports in the red

That can sometimes happen, especially if you’ve already verified that the server is listening on the correct IP and port as we did with your OpenTTD server. Remember, AMP’s port checker isn’t always able to account for every situation, such as outbound firewall rules that might block the check.

For your Minecraft server, it’s also essential to ensure that relevant ports are forwarded properly if you’re hosting at home. Since Minecraft generally uses port 25565 by default, you’ll need to forward both the TCP and UDP protocols for that port on your router.

Here’s what we can do next:

  1. Double-check your router’s port forwarding to ensure that port 25565 is set up correctly. It should point to the internal IP of the machine hosting the Minecraft server.

  2. Use ampinstmgr ports [INSTANCE NAME] to recheck the port status. Make sure to replace [INSTANCE NAME] with the actual name of your Minecraft instance.

  3. If you’re still seeing red, try connecting to the server using the internal IP and port from a different device on the same network to confirm it’s working internally.

  4. If the internal connection works but external doesn’t, you may need to consider potential hairpin NAT issues or additional firewall settings on your network that may need adjustment.

Let’s test the internal connection first and we can proceed from there. Could you give that a try and report back with your findings?

no i take that back… port info is unavailable

No worries—let’s see if we can find out why the port information is unavailable. For Minecraft, especially if you’re viewing this through AMP’s web interface, remember that the status might not accurately reflect real-time port availability.

Go ahead and try the following steps to check the ports for your Minecraft server:

  1. Make sure your Minecraft server is running.

  2. Open up a console or terminal on the server hosting Minecraft.

  3. Run the command to check the port status:

    ampinstmgr ports [MinecraftInstanceName]
    

    Replace [MinecraftInstanceName] with the actual name of your instance.

  4. Share the output with me.

This will let us know if AMP thinks that port 25565 is open. Even if AMP shows it’s unavailable, if you’ve set everything up correctly, you should still be able to connect using the server’s internal IP address from another device on the same network. Could you also try connecting internally like that and let me know if it works?