What are the required outbound IPs and ports on a spigot server?

What are the required outbound IPs and ports on a spigot server? - Cables Connected to Ethernet Ports

Note: I am not absolutely sure that the question is on topic, even though this Meta discussion suggests it is. The question is specifically about a game server, not general server administration.

I run a Spigot (Minecraft) server for my children and friends and would like to limit the outbound connections as much as possible (just in case the server is hacked via the application).

Is there a definite list of IPs which are required for the server to:

  • Just run
  • Run and make all required checks (of plugin versions for instance)

Ideally, for the first case, this list would be empty (I would check manually from time to time) but it may be that there are some IPs which must be reachable.

As for the second case, I saw a few IPs being reached via HTTP during startup:

ec2-54-175-97-178.compute-1.amazonaws.com
ns511765.ip-198-27-66.net

They are resolved from more generic names so they are probably round robin ones (or possibly a load balancer, though it should not expose the internal IPs).

Is there an explicit list of the IPs for these servers?

minecraft-java-editionserver-administrationnetworkingminecraft-spigot


Best Answer

For any Minecraft Server (including custom ones such as Spigot, Sponge and Bukkit/CraftBukkit), these are the only ports and addresses that you require in and out-bound traffic allowed to:

  • Port 25565 (or whatever number you've set the server-port variable in your server.properties file) so that clients can connect.
  • All client's IPs and handshaked ports.
    This is dynamic and differs from connection to connection. There isn't really a way to predict the port, but users on the same IP generally means that they're from the same internet connection (within a family household) or VPN... node. With dynamic IP allocation by ISPs, things get a lot more complicated from that point on... Anyway, moving on;
  • https://authserver.mojang.com and http://login.minecraft.net to handle authentication.
    Authentication is confirmed both server- and client-side. That's why we have the "User not Premium" error.

Anything else (due to the nature of plugins in Bukkit/Spigot/Sponge), all those other connections, as you said:

As for the second case, I saw a few IPs being reached via HTTP during startup:

ec2-54-175-97-178.compute-1.amazonaws.com
ns511765.ip-198-27-66.net

Are probably due to:

  • Metrics
  • Update Checking
  • External Functions (ie. PlotSquared connects to a central server to upload/download schematics when a user chooses to import or export one)

Is there an explicit list of the IPs for these servers?

Try using a nameserver lookup.

ec2-54-175-97-178.compute-1.amazonaws.com = 54.175.97.178  
ns511765.ip-198-27-66.net = 198.27.66.94

These are entry-point servers for accepting inputs to cloud services.



Pictures about "What are the required outbound IPs and ports on a spigot server?"

What are the required outbound IPs and ports on a spigot server? - Cables Connected on Server
What are the required outbound IPs and ports on a spigot server? - Green and Grey Circuit Board
What are the required outbound IPs and ports on a spigot server? - Close Up Photo of Cables Plugged into the Server


What ports to use for Minecraft server?

Minecraft Ports Needed To Run The Game The default Minecraft ports are: TCP Port: 25565. UDP Port: 19132.

How to allow port 25565?

Under the service type, make sure TCP/UDP is selected. For the internal and external port ranges, enter the default Minecraft port \u201c25565\u201d. Finally, for the interal IP address, enter the private IP that you found in step #7. Click apply, and then your changes will be saved.

What Protocol do Minecraft servers use?

In the case of Minecraft servers, just a reminder that the default ports vary depending on the version of the game: Minecraft Java Edition uses TCP/25565 while Minecraft Bedrock Edition uses UDP/19132.

What Protocol for Minecraft port forward?

If it asks for a name, you can make up whatever name you like (Such as "minecraft"). If there is a protocol option, set it to TCP/UDP (both) or TCP. If you have used the default port, set the port to 25565 (or port range to 25565-25565), otherwise replace 25565 with your port choice.


How to open port in Ubuntu 16.04 | 18.04 | 20.04



More answers regarding what are the required outbound IPs and ports on a spigot server?

Answer 2

For most servers, it isn't necessary to connect to an IP, since they can run without an internet connection. However, this disables things like enable-snooper.

If you are using Spigot, the list is far too dynamic. Spigot changes their software frequently, and plugins might connect to anything. You would need to give the exact spigot version and a list of plugins to generate a list of IPs.

Sources: Stack Exchange - This article follows the attribution requirements of Stack Exchange and is licensed under CC BY-SA 3.0.

Images: Brett Sayles, Brett Sayles, Craig Dennis, Brett Sayles

Related Topics

Where did the world go?

How to calculate the area of a region of any shape (Minecraft Java Edition 1.18)

Turn into passenger on collision (fabric 1.18.2) [closed]

Command block says "get off the grass" if a player is on grass next to it

How to make an armor that gives you potion effects?

Is it possible to locate the position of a specific block in Minecraft Java

Not able to connect to Minecraft server after client joins on specific PC

How to summon lightning bolt at normal (and not charged) creepers only?

Is there a plugin that allows entity to get damage before 10 ticks? [closed]

Is it possible to create a custom ore and add it to world generation with a Datapack?

How can I push this headless piston?

Is there a way to keep playing sound at zombie's location?

What's wrong with my Minecraft command? [1.18+] [duplicate]

How do I find bastions?

How to increment potion effects?