Allowing Minecraft Traffic Through the Firewall
Your Internet-facing router acts as a firewall to protect your private internal network. A physical firewall is a divider that separates the passenger compartment from the engine compartment in an automobile; here the word “firewall” takes on a literal meaning.
In a TCP/IP computing context, a firewall is hardware and/or software that by default blocks all incoming Internet traffic to internal devices. The firewall is a good thing, believe me. The problem, if you want to call it that, is that your router’s firewall will block any Internet-based player from accessing your internal Minecraft server. That is, unless you forward the appropriate port(s).
Ports
TCP/IP ports are cool because they allow your computer, which typically has a single IP address, to participate in all sorts of communication and not get “confused.” This is even more important for your router, which is handling different traffic for different internal devices.
Think of it: You’re browsing minecraftforum.net from your laptop, while your mom streams YouTube clips to her iPad, while your sister uploads files to her WordPress blog. That’s a lot of network traffic, and it’s all different.
Here’s the deal: Different network services use different default port numbers. Here’s a rundown of some of the most popular, well-known port numbers:
- HTTP (web browsing): 80
- HTTPS (secure HTTP): 443
- FTP (File Transfer Protocl): 21
- SMTP (e-mail): 25
- Minecraft (yeah, buddy!): 25565
Of the previously given ports, the only one I want you to memorize is 25565, because that is Minecraft’s default port number.
What we want to do is forward inbound traffic on port 25565 to our Minecraft server that’s located on the private internal network. Figure 4.7 summarizes port forwarding.
FIGURE 4.7 Schematic diagram showing how port forwarding works.
You might be wondering, “How can an Internet player get Minecraft traffic to me when my server has a private IP address? The router has NAT and a public IP address, but the router isn’t the Minecraft server!”
We will give our Internet-based friends our router’s public IP address, and they’ll use that to connect to our Minecraft server. The router’s NAT capability takes care of routing the port 25565 traffic to our server.
Let me walk you through Figure 4.7, because I packed a lot of information into that picture:
- Notice that the router has a port-forwarding rule defined such that it allows traffic on port 25565 and forwards it to IP 10.1.10.16, which is our Minecraft server.
- The Internet-based Minecraft client adds a server with the connection address 71.228.251.55:25565 (adding the colon and the port number shouldn’t be necessary, but it’s wise to use just to be safe) and is successful in connecting to the Workpc1 server.
- The FTP client, also Internet based, is unsuccessful in his or her attempt to establish a File Transfer Protocol (FTP) connection to an internal network resource because (a) the router blocks the traffic because it has no firewall exceptions defined; and (b) we don’t have any FTP servers listening for connections in the first place.
I mentioned this in passing, but it bears repeating: You don’t have to include the port number to the IP address if the service uses the default port. This is why you can type
- http://yahoo.com
to reach yahoo.com, instead of this:
- http://yahoo.com:80
Likewise, if your Minecraft server listens on its default port (whose value, you’ll recall, is stored as the server-port property in your server.properties configuration file), then you shouldn’t have to include the port. However, those who want to host more than one Minecraft server on the same box will indeed need to concern themselves with port numbers.
For instance, if I configured port forwarding for a second Minecraft server instance and I used port 25566, then I’d give this address to my Internet-based friends:
- 71.228.251.55:25566
Configuring Port Forwarding
Now let’s configure our router for port forwarding!
Testing the Connection
Before we hand out our router’s public IP address to our Minecraft buddies, we should check to verify that our router is actually forwarding port 25565 as expected.
To use PortCheckTool, simply plug in your router’s public IP address in the Your IP field, enter 25565 in the What Port field, and click Check Your Port. As you can see in Figure 4.10, you’ll get a “Success!” message if the website can get port 25565 traffic through your router.
If you get a failure, (a) make sure your Minecraft server is indeed running on your internal network; and (b) log in to your router and verify that the port-forwarding rule is present and enabled.
Let’s Play!
Now run over to one of your Minecraft friends’ homes, fire up the Minecraft client, and add your newly published Minecraft server as shown in Figure 4.11.
FIGURE 4.11 You can try leaving the :25565 off the server address if you know that the target Minecraft server listens on the default port address.
If all goes well, the newly added server will appear in the server list (see Figure 4.12), and you can join the server’s world as usual. Awesomesauce!
FIGURE 4.12 It feels pretty good to see your own Minecraft server in the Minecraft client’s server list!