After upgrading to AMP v2.1.0.2 my Minecraft instance firewall rules in ufw is set to /UDP and not /TCP which is the protocol for Minecraft
AMP Firewall opens wrong protocol on ports
- 2K Views
- Last Post 10 February 2021
- Topic Is Solved
Mike
posted this
06 February 2021
For Minecraft, AMP opens both UDP and TCP as the same module is used for both Minecraft Java edition and Bedrock Edition and the firewall manager doesn't have a way to know which, so it just opens both.
cbh1608
posted this
06 February 2021
On my setup it only opens UDP
Mike
posted this
06 February 2021
Check the output of ampinstmgr dumpports amp as root - this shows what ports AMP wants to open.
Then compare it to the output of ampinstmgr dumpfirewall amp as root - this shows what port AMP thinks are open.
See if the Minecraft port is on one but not the other.
cbh1608
posted this
06 February 2021
Output of dumpports:
[Info] AMP Instance Manager v2.1.0.2 built 03/02/2021 00:33
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
Output of dumpfirewall:
[Info] AMP Instance Manager v2.1.0.2 built 03/02/2021 00:33
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using UFW firewall.
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/8080 (AMP Management Instance)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/8080 (AMP Management Instance)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
Output of ufw status:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Samba ALLOW Anywhere
Apache ALLOW Anywhere
Plex Media Server All ALLOW Anywhere
2223/tcp ALLOW Anywhere # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
12820/udp ALLOW Anywhere # AMP:ADS01:ADSModule.Network.MetricsServerPort
2224/tcp ALLOW Anywhere # AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber
25565/udp ALLOW Anywhere # AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber
8080/tcp ALLOW Anywhere # AMP Management Instance
2225/tcp ALLOW Anywhere # AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber
25566/udp ALLOW Anywhere # AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber
2226/tcp ALLOW Anywhere # AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber
25567/udp ALLOW Anywhere # AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber
OpenSSH (v6) ALLOW Anywhere (v6)
Samba (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
Plex Media Server All (v6) ALLOW Anywhere (v6)
2223/tcp (v6) ALLOW Anywhere (v6) # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
12820/udp (v6) ALLOW Anywhere (v6) # AMP:ADS01:ADSModule.Network.MetricsServerPort
2224/tcp (v6) ALLOW Anywhere (v6) # AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber
25565/udp (v6) ALLOW Anywhere (v6) # AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber
8080/tcp (v6) ALLOW Anywhere (v6) # AMP Management Instance
2225/tcp (v6) ALLOW Anywhere (v6) # AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber
25566/udp (v6) ALLOW Anywhere (v6) # AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber
2226/tcp (v6) ALLOW Anywhere (v6) # AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber
25567/udp (v6) ALLOW Anywhere (v6) # AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber
AbhorrentJoel
posted this
06 February 2021
Can confirm that AMP is duplicating the UDP port instead of doing both TCP+UDP on instances that use both protocols. I already posted about that here.
stuart_jjj
posted this
07 February 2021
- Last edited 07 February 2021
I am having the exact same issue after upgrade to 2.1.0.2.
cbh1608
posted this
08 February 2021
After updating to v2.1.0.4 the firewall module is still not opening the /TCP ports
AbhorrentJoel
posted this
08 February 2021
It does not look like v2.1.0.4 was listed as fixing this issue anyway. I have updated and can also confirm this is still happening.
The temporary solution if you are using AMP's firewall sync is to add the additional ufw rules yourself that are not getting added by using the following command as root (or as a user with sudo access, just use 'sudo' before'):
ufw allow <port>/tcp
Or you could just exclude the instances from the firewall management and just do it yourself until it is fixed. Here is a little wiki that can help you achieve in the meantime.
capnjosh
posted this
09 February 2021
I see the same thing - with "v2.1.0.4, built 09/02/2021 00:51". Fresh install, this time with a dedicated controller host and separate nodes for game instances.
- 25565/udp is opened and managed
- 25565/tcp is not added to ufw. I can manually add it, but that's a bummer ;)
Below is my output of "ampinstmgr dumpports amp" root@mc-rlcraft:/home/amp/.ampdata/instances/ADS01# ampinstmgr dumpports amp
[Info] AMP Instance Manager v2.1.0.4 built 09/02/2021 00:53
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:Minecraft01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
cbh1608
posted this
09 February 2021
I am aware of this and this is my temporary solution, but it is not something that I would be doing as a permanent thing
AbhorrentJoel
posted this
09 February 2021
I don't expect perfection, but it's a little bit disappointing how many bugs there are in the last few releases of AMP - also when considering it is a software in "release" version.
Mike
posted this
10 February 2021
I've identified the issue. It's a regression caused by fixing something else.
AMP is at that point where it's a big enough piece of software that fixing one bug fixes another, so it's occasionally a game of whack-a-mole. But each time one of these is identified I produce a new set of tests to try and make sure it doesn't reoccur.
cbh1608
posted this
10 February 2021
Does this mean a fix will be coming soon?
Mike
posted this
10 February 2021
Yes, today in fact.
AbhorrentJoel
posted this
10 February 2021
Seems to be fixed and working now from the initial observations. ampinstmgr dumpfirewall amp shows the correct ports:
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
And ufw status, as a result, shows both protocols:
25565/udp ALLOW Anywhere # AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber
25565/tcp ALLOW Anywhere # AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber
However, ampinstmgr dumpports amp still duplicates:
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
Just thought I'd note this, even though it does not impact the firewall.
Mike
posted this
10 February 2021
That's actually a hangover from where it wasn't working before. Next update is going to have a command to remove all of the rules AMP added so you can start with a clean slate.
DumpPorts is getting it wrong because I only fixed the bug in UpdateFirewall, but DumpPorts will get it correct too in the next update.
I'll keep an eye on this though and I'll be putting new tests together for this.
