What firewall ports need to be open to see multi player?

I’ve been using MSFS for a little over a year and had never seen other players even though I’ve always had show all players enabled.
While I was diagnosing a different software problem, I changed my router firewall setting to low, and forgot to change it back when I finished with that problem. Now I suddenly see other players nameplates everywhere, which is great!
But I don’t really want to leave my router firewall wide open so I would like to know what specific ports I could open in custom firewall settings to keep this working?

5 seconds intelligent google search:

TCP: 3074, 27014-27050

UDP: 3074, 3478, 4379-4380, 27000-27031, 27036

Define “need to be open”?

Because I have made no specific changes on my firewall for multiplayer to work in this sim – or any other modern game.

It has been a long time since hacking ports on a firewall has been a necessity. Any game or sim designed in the past 8 years should have been designed with built in support for NAT/PMP and it should “just work”, worst case scenario being enabling uPNP on the router/firewall (but enabling it in a secure fashion, e.g. for only certain hosts and denying uPNP to all others.

Any game or sim that is designed to need ports mapped on a firewall is not going to work with two players on the same internal net, and that is just bad designed.

I really don’t think that is what is going on with MSFS 2020.

What firewall are we talking about here which has a “low” setting? Perhaps you mean windows firewall? All you should do there is make sure that flightsimulator.exe has permissions to network on both TCP and UDP. Or, delete the entries and windows should prompt you the next time you run it.

1 Like
  1. He means the firewall in his router
  2. If he does not want to use uPNP he needs the ports to open in his Router FW

For troubleshooting questions, kindly use the Community Support category. This thread has been moved there.

Thanks for the tips. I tried opening those ports but it still didn’t work. I think it also needs some port forwarding. I’ll try that next but I guess worst case I can just turn the firewall to low while using msfs and turn it back when not using it.

Might be a dumb question.
Why do you not just use the Windows build in FW?
I mean you have the FW in your router and FW in Windows.
That’s 2 fences where 1 is enough?

Well, I have lots of internet connected devices, tvs, tablets, phone, roku, etc. They may not all have good built in firewalls to prevent them from being hacked, so having some protection at the router is a good idea in my opinion.

1 Like

It is not uncommon, or wrong, to have a device acting as a firewall to your internal network and also windows firewall on the actual endpoint – or a third party security package.

MSFS2020 can, and does, work in such a configuration. The results one gets are going to be dependent upon exactly what device is being used to provide firewalling for the internal net.

I tend to recommend serious gamers/simmers to stay away from firewall/router devices that are targeted towards consumers, because how that handles NAT/uPnP/PMP is anyone’s guess. And it isn’t likely to be very good implementation unless the device is designed as a gaming router.

Instead, I recommend DD-WRT or Open WRT to replace the stock firmware – if your device is supported by those alternatives. Doing that will get you a much better set of firewalling service with good support for things like SIP, NAT/PMP, etc.

Ideally, I recommend a pfsense device to take on the firewalling/routing functions, and just use consumer grade wireless routers as access points. You can actually stand up a mini-pc running pfsense for about the same amount you will pay for a “gaming” router, and end up with something that is still better.

Those options might not be feasible, and trust me I get the concept of financial constraints.

What I recommend, to try to get what the OP has running, is to troubleshoot this as a NAT problem. If you run the XBox companion app, and no you don’t have to have an xbox, go to “settings” and then “network”.

It will run some tests and give some insight. It shoudl end up saying “Connected”, that Xbox services are “Up and running”, and under xbox multiplayer you should see NAT Type = “Open” and Server connectivity = “Connected”

I am going to take a wild guess that you see something else, complete inability to connect, it might be complaining about “teredo tunnel”, and/or it might say NAT type = “Strict”

With NAT Type = Strict, that is going to be the root of multiplayer issues in many games. Ideally , you want it to be “Open”, or at least “Moderate”.

How you get that to happen with the specific firewall device is something I can’t answer. If you run DD-WRT firmware, you should be able to get to “Open” or “Moderate”. Stock firmware might be able to do it too… or not.

If I were working on it, I’d connect the PC straight to the internet and see if multiplayer works. At least then you know its a network/firewall issue, and you can focus on that. Obviously, if you do that and MP still doesn’t work, its windows firewall or windows settings related.

Your network is showing as “Private”, right? Not public?

Work out whatever issues keep you from having good multiplayer, and then put the firewall back in the equation.

Obviously, there is some risk here, but putting a windows box on the public internet for a short period is not the problem it used to be.

It is also possible that the ISP is the problem. Perhaps a double-natting situation. Possible, but not likely, as ISPs these days know customers expect things like multiplayer gaming to not be mucked up by the ISP.

And about uPnP and security. There are plenty of articles that proclaim how bad that is for security, but the reality is that gamers often need it. If you can’t get game X to work in multiplayer unless uPnP is enabled, and you know everything else is right, then it is time to enable uPnp.

But the right way to do that is to deny uPnP by default to all IPs on the internal net, and specifically allow just the gaming endpoints to use uPnp. Again, consumer grade router/firewalls may or may not give the ability to secure uPnP.

But using DD-WRT or pfsense, you get full configurability of features like this. Hence why I tend to steer people down those paths.

Having your network router firewall set to “LOW” is not the same as “OPEN”. Check with your router’s support for their recommendations for firewall settings. I doubt you are the only one using their router and running MSFS.

Thanks all for the help, I set my router firewall to medium and it still works, that is probably good enough, but I may still just set it to that while I’m flight simming and set it higher at other times.

There are lots of automated scripts out there poking around looking for weaknesses and vulnerabilities, one doesn’t have to be singled out as a target. People have had their smart tvs taken over by ransomware in the recent past, etc. Usually good to be a little paranoid with internet security.