Opening new ports with iptables

So I’ve got Geyser all setup can connect via lan but having trouble trying to open the ports for mobile on iptables…

I’ve ran the commands:
sudo iptables -A INPUT -p udp - -dport [port] -j ACCEPT

sudo iptables -A OUTPUT -p udp - -dport [port] -j ACCEPT

Sudo iptables-save then I can see them in the iptables but am still unable to connect via IP and bedrock port. But the normal ip works fine so I think I’m doing something incorrectly on port forwarding! As I also get zero console errors after I try to connect with no luck!

Usually, only one of those commands will be necessary:

You will open up a port that allows the initial request through; this is usually -A INPUT -p udp ... -j ACCEPT. Your first line will allow udp packets through at that port, and on the way out, the packets are almost certainly going to be assigned to a completely different (random/unimporant numbered) port.

You can therefore rely on the other rule to handle reverse traffic:

-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

However, if it’s not working, there are many places that require checking. Think of this as an incremental investigation. You want to trace packets entering your system and see where they get stopped. Alright, by the numbers:

  1. Do your requests even reach the host?

a) can you ping your normal host by IP
b) where might the packets be stopping?

You can answer a) with a simple ping from your workstation. For b, look at the firewall rules:

Use the instructions here to see if your UDP rule–the one you added–counts packets triggering this rule. If you don’t see packets incrementing in real-time, it means that…

  1. your router may not be pushing these packets to your server at all
  2. your iptables aren’t matching

Check port forwarding for #2, and check where each of your packets are going, if they aren’t triggering -j ACCEPT