This page contains information on how to set up port forwarding required for Geyser to work when self-hosting. There are also guides for specific configurations, such as Docker/Pterodactyl, or on specific VPS/KVM providers, such as OVH or Oracle Cloud.
Port forwarding on Linux/Windows/macOS
To allow others to play on your server, you will need to set up port forwarding on the device hosting Geyser. Additionally, you will need to port forward the port on your router/modem (in other words, allow and route traffic on that port to the proper machine) if you want the server to be accessible outside your own home network. See here or here for helpful guides. Do note: if you do not have a static IP address, your IP address may change over time.
As an alternative to port forwarding, you can use playit.gg to create a tunnel.
To open a port on Windows, you will need to open the port through the Windows Firewall. There are multiple ways to do this:
To open a port on UDP (in our example, port 19132), run the following command in an administrator Powershell:
New-NetFirewallRule -DisplayName "Geyser" -Direction Inbound -Protocol UDP -LocalPort 19132 -Action Allow
Running this command creates a rule named “Geyser” that allows UDP traffic on port 19132.
Windows Defender Firewall with Advanced Security (GUI)
- Search for “Windows Defender Firewall with Advanced Security” in the start menu, and open it. (Image)
- Click on “Inbound Rules” in the left sidebar. (Image)
- Click on “New Rule…” in the right sidebar. (Image)
- Select “Port” as the rule type and click “Next”. (Example)
- Select “UDP” and “Specific local ports”, and enter the port you want to open (in our example, 19132). Click “Next”. (Example)
- Select “Allow the connection” and click “Next”. (Example)
- Select the profiles you want to apply the rule to (e.g. “Domain”, “Private”, “Public”), and click “Next”. (Example)
- Enter a name for the rule (e.g. “Geyser”), and click “Finish”. (Image)
Different Linux distributions, even different VPS providers ship and configure different firewalls. In the following examples, we will use
19132 as the port to open, but you should replace this with the port you are using for Geyser.
ufwis a simple firewall front-end for iptables that is commonly used on Ubuntu and Debian. To open a port on UDP, run the following command:
sudo ufw allow 19132/udp
firewalldAdd a port on UDP by running:
sudo firewall-cmd --zone=public --permanent --add-port=19132/udp
Then, reload the firewall with
sudo firewall-cmd --reload, and see all open rules with
sudo firewall-cmd --list-all.
Further helpful guides: DigitalOcean
iptablesis a common firewall that is used on many Linux distributions. To open a port on UDP, run the following command:
sudo iptables -A INPUT -p udp --dport 19132 -j ACCEPT
You will need to disable
Block all incoming connections in your Firewall settings, as that will block any connections and won’t allow you to make exceptions.
To allow incoming connections, click
Allow when getting these prompts.
If you are still facing issues, see Apple’s official guide here to open a port on macOS.
Using Docker or Pterodactyl
In addition to port forwarding the port in your server’s firewall (and, if applicable, your router/modem), you will need to assign the port in Docker/Pterodactyl.
Make sure to allocate the port to the server in the Pterodactyl panel’s
Network tab, additionally to port forwarding the port.
See here for more information.
There are also different Geyser eggs for Pterodactyl, which can be found here.
For Geyser to work under Docker (e.g. using Itzg’s Docker image), you will need to add the Geyser port on UDP to the docker-compose file. This is done by adding the following to the
ports: - "25565:25565" - "19132:19132/udp"
/udp suffix is required so that the port is exposed on UDP. If you want to run the Java server and Geyser on the same port, the following would work:
ports: - "25565:25565" - "25565:25565/udp"
Alternatively, add another port with the
-p 19132:19132/udp flag to the docker run command.
Issues with specific VPS/KVM providers
Some providers, such as OVH, Oracle Cloud, and SoYouStart, have a firewall that blocks UDP ports by default/in most cases.
OVH and SoYouStart
By default, OVHs firewall requires a TCP ping to the server before allowing UDP connections. This is not possible with Geyser, so you will need to disable the firewall.
To verify/temporary work around it:
Attempt to connect to your servers IP and port through a web browser - for example,
http://test.geysermc.org:19132. Connecting won’t work, but then try connecting through Bedrock on that same device, and it should work.
Alternatively, try connecting to the server first on Java edition, then on Bedrock with the same device.
To resolve it:
- Navigate to
- Click on the
...button on the table for your IP -> then
Configure the GAME firewall->
- Add your Geyser port into
SoYouStart (subsidiary of OVH):
- Click the IP tab.
- Click the gear at the right of the public IP address; select “Game mitigation”.
- Pick “Add a rule”.
- Select “minecraftPocketEdition” in the dropdown list and enter the target UDP ports.
- Save and wait a few seconds for the changes to come into effect.
You’ll need to allow port 19132 on UDP in both the security list and the firewall-cmd command.
Additional step for Ubuntu users:
- Remove/comment out
-A INPUT -j REJECT --reject-with icmp-host-prohibitedin the
- Then, run the following command to fix ufw:
sudo iptables-restore < /etc/iptables/rules.v4