How to Open Ports for Hytale Server (2026 Guide)

Opening ports correctly is essential for players to connect to your Hytale server from outside your local network. This guide covers port forwarding on home routers, firewall configuration for Windows and Linux, and cloud VPS firewall setup.

What you'll learn: Understanding Hytale's UDP protocol, configuring router port forwarding, setting up firewalls on Windows and Linux, and managing security groups on AWS, DigitalOcean, and other cloud providers.

Critical: Hytale Uses UDP, Not TCP

Hytale uses QUIC protocol over UDP for all server connections. This is different from most games that use TCP. Every port forwarding rule and firewall configuration must explicitly specify UDP, or players will not be able to connect.

Protocol: UDP (not TCP)

Default Port: 5520

Port Range: Single port (not a range)

Before You Begin

Prerequisites

▸A running Hytale server (see our setup guides for Windows, Linux, or Docker)
▸Access to your router's admin panel (for home networks)
▸Administrator access to your server
▸Your server's local IP address (home network) or public IP (VPS)

What Port to Open

By default, Hytale servers use UDP port 5520. If you configured a custom port using --bind 0.0.0.0:XXXXX, use that port instead.

Tip: Keep the default port 5520 unless you have a specific reason to change it. Players will expect this port when connecting.

Home Network: Router Port Forwarding

If you're hosting from home, you need to configure port forwarding on your router to allow external connections to reach your server.

Step 1: Find Your Server's Local IP Address

On Windows:

# Open Command Prompt and run:
ipconfig

# Look for "IPv4 Address" under your active adapter
# Example: 192.168.1.100

On Linux:

ip addr show
# Or use:
hostname -I

On macOS:

ifconfig | grep "inet "

Step 2: Assign a Static IP (Recommended)

To prevent your server's IP from changing, assign a static IP in your router's DHCP settings:

1.Log into your router's admin panel
2.Find DHCP Reservation or Static IP settings
3.Bind your server's MAC address to its current IP

Step 3: Access Router Admin Panel

Most routers can be accessed at one of these addresses:

192.168.1.1

192.168.0.1

10.0.0.1

router.asus.com (ASUS routers)

routerlogin.net (Netgear routers)

Enter this address in your web browser and log in with your router credentials. If you don't know them, check the sticker on your router or consult your ISP.

Step 4: Create Port Forwarding Rule

The exact location varies by router brand, but look for these menu items:

▸Port Forwarding
▸NAT Forwarding
▸Virtual Servers
▸Advanced → Port Forwarding

Create a new rule with these settings:

Service/Application Name: Hytale Server

Protocol: UDP (CRITICAL: not TCP!)

External Port: 5520

Internal Port: 5520

Internal IP Address: Your server's local IP (e.g., 192.168.1.100)

Enabled: Yes

Router-specific guides: Visit portforward.com and search for your router model for detailed screenshots and instructions.

Step 5: Save and Reboot Router

1.
Save your port forwarding configuration
2.
Reboot your router if required (some routers apply changes immediately)
3.
Wait 1-2 minutes for the router to fully restart

Windows Firewall Configuration

Even with port forwarding configured, Windows Defender Firewall must allow UDP traffic on port 5520. See our Windows setup guide for detailed instructions.

Quick Method: PowerShell

Open PowerShell as Administrator and run:

New-NetFirewallRule -DisplayName "Hytale Server" -Direction Inbound -Protocol UDP -LocalPort 5520 -Action Allow

GUI Method: Windows Defender Firewall

1.
Search for "Windows Defender Firewall" in Start menu
2.
Click "Advanced settings"
3.
Click "Inbound Rules" → "New Rule..."
4.
Select "Port" → Next
5.
Select "UDP" and enter "5520" → Next
6.
Select "Allow the connection" → Next
7.
Check all profiles → Next
8.
Name it "Hytale Server" → Finish

Linux Firewall Configuration

Linux servers typically use UFW or iptables for firewall management. See our Linux setup guide for more details.

Using UFW (Ubuntu/Debian)

# Allow UDP port 5520
sudo ufw allow 5520/udp

# Enable firewall if not already active
sudo ufw enable

# Verify rule was added
sudo ufw status

Using iptables (CentOS/RHEL)

# Add rule for UDP port 5520
sudo iptables -A INPUT -p udp --dport 5520 -j ACCEPT

# Save rules (Ubuntu/Debian)
sudo iptables-save | sudo tee /etc/iptables/rules.v4

# Save rules (CentOS/RHEL)
sudo service iptables save

Using firewalld (Fedora/RHEL 8+)

sudo firewall-cmd --permanent --add-port=5520/udp
sudo firewall-cmd --reload

Cloud VPS Firewall Configuration

Cloud providers have their own firewall systems (security groups, firewall rules) that must be configured in addition to your server's OS firewall.

AWS EC2 - Security Groups

1.
Go to EC2 Dashboard → Security Groups
2.
Select your instance's security group
3.
Click "Edit inbound rules" → "Add rule"
4.
Configure the rule:
Type: Custom UDP
Port range: 5520
Source: 0.0.0.0/0 (Anywhere IPv4)
5.
Click "Save rules"

DigitalOcean - Firewall Rules

1.
Go to Networking → Firewalls
2.
Select your firewall or create a new one
3.
Under "Inbound Rules", click "New rule"
4.
Configure:
Type: Custom
Protocol: UDP
Port Range: 5520
Sources: All IPv4, All IPv6
5.
Apply to your droplet

Google Cloud - Firewall Rules

1.
Go to VPC Network → Firewall
2.
Click "Create Firewall Rule"
3.
Configure:
Name: hytale-server
Direction: Ingress
Action: Allow
Targets: All instances or specified tags
Source IP ranges: 0.0.0.0/0
Protocols and ports: udp:5520
4.
Click "Create"

Vultr - Firewall Configuration

1.
Go to Networking → Firewall Groups
2.
Select your firewall group or create one
3.
Add IPv4 rule: Protocol UDP, Port 5520, Source 0.0.0.0/0
4.
Link the firewall to your instance

Linode - Cloud Firewall

1.
Go to Firewalls → Create Firewall
2.
Under Inbound Rules, add: Protocol UDP, Port 5520, Source All IPv4 / All IPv6
3.
Attach to your Linode instance

Testing Your Port Configuration

Find Your Public IP

Visit one of these sites to find your public IP address:

▸whatismyipaddress.com
▸whatismyip.com

Test Port Accessibility

Use an online port checker to verify UDP port 5520 is open:

▸YouGetSignal Port Check
▸Use command-line tools like nmap or nc

Important: Many port checkers only test TCP ports. For UDP testing, the most reliable method is to have a friend try connecting to your server with the Hytale client.

Test with Hytale Client

The best way to test is to connect with the Hytale client:

1.
Ensure your server is running
2.
Launch Hytale client on a different device (not the server)
3.
Connect using: your-public-ip:5520
4.
If it connects, your ports are correctly configured!

Troubleshooting Connection Issues

Can't Connect From Outside Network

Common causes:

▸Port forwarding configured for TCP instead of UDP—double-check protocol
▸Firewall blocking UDP port 5520—verify OS firewall rules
▸Internal IP changed—set static IP or update port forwarding rule
▸ISP blocking ports—some ISPs block server hosting on residential connections
▸Double NAT—if you have multiple routers, configure forwarding on all devices

ISP or Network Restrictions

Some ISPs block incoming connections on residential plans. If port forwarding isn't working after trying everything, consider:

▸Contact your ISP to ask about port forwarding restrictions
▸Upgrade to a business plan if available
▸Use a VPS from a cloud provider (see our Docker VPS guide)

Local Connection Works, External Doesn't

If you can connect using localhost or 127.0.0.1 but not your public IP:

▸This confirms the server is running correctly
▸Focus on router port forwarding and firewall configuration
▸Verify you're testing from outside your network (use mobile data or ask a friend)

Port Already in Use

If another application is using port 5520, either stop that application or configure Hytale to use a different port with --bind 0.0.0.0:XXXXX and update your firewall/port forwarding accordingly.

Security Best Practices

Only Open Required Ports

Only forward port 5520 (or your custom port). Don't enable DMZ or open all ports—this exposes your network to security risks.

Keep Your Server Updated

Regularly update your Hytale server and OS to patch security vulnerabilities. Subscribe to Hytale's security announcements.

Use Strong Passwords

If your server has admin accounts or RCON access, use strong, unique passwords. Consider IP whitelisting for administrative access.

Monitor Server Logs

Regularly check server logs for suspicious connection attempts or unusual activity. Set up automated alerts if possible.

Your Ports Are Open!

You've successfully configured port forwarding and firewall rules for your Hytale server. Players can now connect from anywhere using your public IP and port 5520. Share your server with the community and start building your player base!

List Your Server Add Mods Guide →

Related Guides