Port forwarding

This page contains information on how to set up port forwarding required for Geyser to work when self-hosting. There are also guides for specific configurations, such as Docker/Pterodactyl, or on specific VPS/KVM providers, such as OVH or Oracle Cloud.

Port forwarding on Linux/Windows/macOS

To allow others to play on your server, you will need to set up port forwarding on the device hosting Geyser. Additionally, you will need to port forward the port on your router/modem (in other words, allow and route traffic on that port to the proper machine) if you want the server to be accessible outside your own home network. See here or here for helpful guides. Do note: if you do not have a static IP address, your IP address may change over time.


To open a port on Windows, you will need to open the port through the Windows Firewall. There are multiple ways to do this:

  • Powershell (recommended)

    To open a port on UDP (in our example, port 19132), run the following command in an administrator Powershell:

    New-NetFirewallRule -DisplayName "Geyser" -Direction Inbound -Protocol UDP -LocalPort 19132 -Action Allow

    Running this command creates a rule named “Geyser” that allows UDP traffic on port 19132.

  • Windows Defender Firewall with Advanced Security (GUI)

    1. Search for “Windows Defender Firewall with Advanced Security” in the start menu, and open it. (Image)
    2. Click on “Inbound Rules” in the left sidebar. (Image)
    3. Click on “New Rule…” in the right sidebar. (Image)
    4. Select “Port” as the rule type and click “Next”. (Example)
    5. Select “UDP” and “Specific local ports”, and enter the port you want to open (in our example, 19132). Click “Next”. (Example)
    6. Select “Allow the connection” and click “Next”. (Example)
    7. Select the profiles you want to apply the rule to (e.g. “Domain”, “Private”, “Public”), and click “Next”. (Example)
    8. Enter a name for the rule (e.g. “Geyser”), and click “Finish”. (Image)


Different Linux distributions, even different VPS providers ship and configure different firewalls. In the following examples, we will use 19132 as the port to open, but you should replace this with the port you are using for Geyser.

  • ufw is a simple firewall front-end for iptables that is commonly used on Ubuntu and Debian. To open a port on UDP, run the following command:
    sudo ufw allow 19132/udp

    Then, reload the firewall with sudo ufw reload, and see all open rules with sudo ufw status.
    Further helpful guides: DigitalOcean, Baeldung

  • firewalld Add a port on UDP by running:
    sudo firewall-cmd --zone=public --permanent --add-port=19132/udp

    Then, reload the firewall with sudo firewall-cmd --reload, and see all open rules with sudo firewall-cmd --list-all.
    Further helpful guides: DigitalOcean

  • iptables is a common firewall that is used on many Linux distributions. To open a port on UDP, run the following command:
    sudo iptables -A INPUT -p udp --dport 19132 -j ACCEPT

    Then, save the firewall with sudo iptables-save, and see all open rules with sudo iptables -L.
    Further helpful guides for iptables: DigitalOcean, Ubuntu


You will need to disable Block all incoming connections in your Firewall settings, as that will block any connections and won’t allow you to make exceptions. To allow incoming connections, click Allow when getting these prompts. If you are still facing issues, see Apple’s official guide here to open a port on macOS.

Using Docker or Pterodactyl

In addition to port forwarding the port in your server’s firewall (and, if applicable, your router/modem), you will need to assign the port in Docker/Pterodactyl.


Make sure to allocate the port to the server in the Pterodactyl panel’s Network tab, additionally to port forwarding the port. See here for more information.

Pterodactyl panel, Network section

There are also different Geyser eggs for Pterodactyl, which can be found here.


For Geyser to work under Docker (e.g. using Itzg’s Docker image), you will need to add the Geyser port on UDP to the docker-compose file. This is done by adding the following to the ports section:

    - "25565:25565"
    - "19132:19132/udp"

The additional /udp suffix is required so that the port is exposed on UDP. If you want to run the Java server and Geyser on the same port, the following would work:

    - "25565:25565"
    - "25565:25565/udp"

Alternatively, add another port with the -p 19132:19132/udp flag to the docker run command.

Issues with specific VPS/KVM providers

Some providers, such as OVH, Oracle Cloud, and SoYouStart, have a firewall that blocks UDP ports by default/in most cases.

OVH and SoYouStart

By default, OVHs firewall requires a TCP ping to the server before allowing UDP connections. This is not possible with Geyser, so you will need to disable the firewall.

To verify/temporary work around it:

Attempt to connect to your servers IP and port through a web browser - for example, http://test.geysermc.org:19132. Connecting won’t work, but then try connecting through Bedrock on that same device, and it should work. Alternatively, try connecting to the server first on Java edition, then on Bedrock with the same device.

To resolve it:


  1. Navigate to Network interfaces
  2. Click on the ... button on the table for your IP -> then ... and Configure the GAME firewall -> Add rule -> Other protocol (or minecraftPocketEdition if available)
  3. Add your Geyser port into outgoing port.

SoYouStart (subsidiary of OVH):

  1. Click the IP tab.
  2. Click the gear at the right of the public IP address; select “Game mitigation”.
  3. Pick “Add a rule”.
  4. Select “minecraftPocketEdition” in the dropdown list and enter the target UDP ports.
  5. Save and wait a few seconds for the changes to come into effect.

Oracle Cloud/OCI

You’ll need to allow port 19132 on UDP in both the security list and the firewall-cmd command.

Additional step for Ubuntu users:

  1. Remove/comment out -A INPUT -j REJECT --reject-with icmp-host-prohibited in the /etc/iptables/rules.v4 file.
  2. Then, run the following command to fix ufw:
    sudo iptables-restore < /etc/iptables/rules.v4