AMP Firewall opens wrong protocol on ports

  • 283 Views
  • Last Post 4 weeks ago
  • Topic Is Solved
cbh1608 posted this 5 weeks ago

After upgrading to AMP v2.1.0.2 my Minecraft instance firewall rules in ufw is set to /UDP and not /TCP which is the protocol for Minecraft

Order By: Standard | Newest | Votes
Mike posted this 5 weeks ago

For Minecraft, AMP opens both UDP and TCP as the same module is used for both Minecraft Java edition and Bedrock Edition and the firewall manager doesn't have a way to know which, so it just opens both.

cbh1608 posted this 5 weeks ago

On my setup it only opens UDP

Mike posted this 5 weeks ago

Check the output of ampinstmgr dumpports amp as root - this shows what ports AMP wants to open.

Then compare it to the output of ampinstmgr dumpfirewall amp as root - this shows what port AMP thinks are open.

See if the Minecraft port is on one but not the other.

cbh1608 posted this 5 weeks ago

Output of dumpports:

[Info] AMP Instance Manager v2.1.0.2 built 03/02/2021 00:33
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)

Output of dumpfirewall:

[Info] AMP Instance Manager v2.1.0.2 built 03/02/2021 00:33
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using UFW firewall.
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/8080 (AMP Management Instance)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/8080 (AMP Management Instance)
[Info] TCP/2225 (AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25566 (AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/2226 (AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25567 (AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber)

Output of ufw status:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Samba                      ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
Plex Media Server All      ALLOW       Anywhere                  
2223/tcp                   ALLOW       Anywhere    # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
12820/udp                  ALLOW       Anywhere    # AMP:ADS01:ADSModule.Network.MetricsServerPort
2224/tcp                   ALLOW       Anywhere    # AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber
25565/udp                  ALLOW       Anywhere    # AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber
8080/tcp                   ALLOW       Anywhere    # AMP Management Instance
2225/tcp                   ALLOW       Anywhere    # AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber
25566/udp                  ALLOW       Anywhere    # AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber
2226/tcp                   ALLOW       Anywhere    # AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber
25567/udp                  ALLOW       Anywhere    # AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Samba (v6)                 ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)             
Plex Media Server All (v6) ALLOW       Anywhere (v6)             
2223/tcp (v6)              ALLOW       Anywhere (v6)    # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
12820/udp (v6)             ALLOW       Anywhere (v6)    # AMP:ADS01:ADSModule.Network.MetricsServerPort
2224/tcp (v6)              ALLOW       Anywhere (v6)    # AMP:MAUMinecraftServer:FileManagerPlugin.SFTP.SFTPPortNumber
25565/udp (v6)             ALLOW       Anywhere (v6)    # AMP:MAUMinecraftServer:MinecraftModule.Minecraft.PortNumber
8080/tcp (v6)              ALLOW       Anywhere (v6)    # AMP Management Instance
2225/tcp (v6)              ALLOW       Anywhere (v6)    # AMP:MAUCreativeServer:FileManagerPlugin.SFTP.SFTPPortNumber
25566/udp (v6)             ALLOW       Anywhere (v6)    # AMP:MAUCreativeServer:MinecraftModule.Minecraft.PortNumber
2226/tcp (v6)              ALLOW       Anywhere (v6)    # AMP:MAUSkyblockServer:FileManagerPlugin.SFTP.SFTPPortNumber
25567/udp (v6)             ALLOW       Anywhere (v6)    # AMP:MAUSkyblockServer:MinecraftModule.Minecraft.PortNumber

AbhorrentJoel posted this 4 weeks ago

Can confirm that AMP is duplicating the UDP port instead of doing both TCP+UDP on instances that use both protocols. I already posted about that here.

stuart_jjj posted this 4 weeks ago

I am having the exact same issue after upgrade to 2.1.0.2.

cbh1608 posted this 4 weeks ago

After updating to v2.1.0.4 the firewall module is still not opening the /TCP ports

AbhorrentJoel posted this 4 weeks ago

It does not look like v2.1.0.4 was listed as fixing this issue anyway. I have updated and can also confirm this is still happening.

The temporary solution if you are using AMP's firewall sync is to add the additional ufw rules yourself that are not getting added by using the following command as root (or as a user with sudo access, just use 'sudo' before'):

ufw allow <port>/tcp

Or you could just exclude the instances from the firewall management and just do it yourself until it is fixed. Here is a little wiki that can help you achieve in the meantime.

capnjosh posted this 4 weeks ago

I see the same thing - with "v2.1.0.4, built 09/02/2021 00:51". Fresh install, this time with a dedicated controller host and separate nodes for game instances.

  • 25565/udp is opened and managed
  • 25565/tcp is not added to ufw. I can manually add it, but that's a bummer ;)

Below is my output of "ampinstmgr dumpports amp" root@mc-rlcraft:/home/amp/.ampdata/instances/ADS01# ampinstmgr dumpports amp

[Info] AMP Instance Manager v2.1.0.4 built 09/02/2021 00:53
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info] TCP/2224 (AMP:Minecraft01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)

cbh1608 posted this 4 weeks ago

I am aware of this and this is my temporary solution, but it is not something that I would be doing as a permanent thing

AbhorrentJoel posted this 4 weeks ago

I don't expect perfection, but it's a little bit disappointing how many bugs there are in the last few releases of AMP - also when considering it is a software in "release" version.

Mike posted this 4 weeks ago

I've identified the issue. It's a regression caused by fixing something else.

AMP is at that point where it's a big enough piece of software that fixing one bug fixes another, so it's occasionally a game of whack-a-mole. But each time one of these is identified I produce a new set of tests to try and make sure it doesn't reoccur.

cbh1608 posted this 4 weeks ago

Does this mean a fix will be coming soon?

Mike posted this 4 weeks ago

Yes, today in fact.

AbhorrentJoel posted this 4 weeks ago

Seems to be fixed and working now from the initial observations. ampinstmgr dumpfirewall amp shows the correct ports:

[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] TCP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)

And ufw status, as a result, shows both protocols:

25565/udp                  ALLOW       Anywhere                   # AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber
25565/tcp                  ALLOW       Anywhere                   # AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber

However, ampinstmgr dumpports amp still duplicates:

[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)
[Info] UDP/25565 (AMP:Minecraft01:MinecraftModule.Minecraft.PortNumber)

Just thought I'd note this, even though it does not impact the firewall.

Mike posted this 4 weeks ago

That's actually a hangover from where it wasn't working before. Next update is going to have a command to remove all of the rules AMP added so you can start with a clean slate.

DumpPorts is getting it wrong because I only fixed the bug in UpdateFirewall, but DumpPorts will get it correct too in the next update.

I'll keep an eye on this though and I'll be putting new tests together for this.

Close