Skip to main content

Ports & firewall

To communicate with clients, plugNmeet and LiveKit use several ports. Before installing plugNmeet, ensure that those ports are not blocked by your firewall.


When installing plugNmeet behind a firewall, make sure the following ports are open:

80TCPYesUsually required when issuing an SSL certificate with Let's Encrypt.
443TCPYesThe primary HTTPS port for communicating with haproxy. Haproxy will interact with other services.
7881TCPYesUsed when the client could not connect via UDP (e.g. VPN, corporate firewalls)
50000-60000UDPYesLiveKit advertises these ports as WebRTC host candidates (each participant in the room will use two ports)

Configure firewall

Based on your server provider you can follow:

Testing the firewall

After you have made the changes to you firewall settings, before proceeding to the installation, take a moment and test that you have configured the firewall correctly.

To test connections on various ports needed by plugNmeet, you will use a tool called netcat to listen for connections. You'll use netcat on the plugNmeet server and on external server (outside the firewall) to generate connections. If the connections test fails, the firewall configuration is incorrect.

First, install netcat on the plugNmeet server using the following command:

sudo apt install netcat

If you've already installed plugNmeet server using the installation script, you'll need to stop haproxy and plugnmeet server before testing. Otherwise ports will be keep using.

systemctl stop plugnmeet
systemctl stop haproxy

We can now run netcat in our plugNmeet server to listen on ports and try connecting from an external computer. As root, run the following command:

nc -l 80

netcat is now going to echo to the terminal any text it receives on port 80 (you can quit the command later using Ctrl/Control + c).

Next, on a second computer that is outside of the firewall, it must go through the firewall to access the plugNmeet server – install netcat as well. If you're using Windows, you can get netcat from here. Replace YOUR_SERVER_IP with your plugNmeet domain or IP address of your plugNmeet server, run the following command


and type the word test and press ENTER. If the firewall is forwarding incoming connections on port 80 to the internal plugNmeet server, you should see the word test appear after the nc -l 80 command, as in

nc -l 80

If the word test does not appear, double-check the firewall configuration to ensure it's forwarding connections on port 80 and then test again.

Repeat these tests with port 443 & 7881 as well as. That covers the TCP ports testing.

Next, we need to test that UDP connections in the range 50000-60000 are forwarded as well. On your plugNmeet server, run the following netcat command to listen for incoming data via UDP on port 50008 (here, we’re picking a port in the range 50000-60000).

nc -u -l 50008

Again, on a computer outside the firewall, replace YOUR_SERVER_IP with your plugNmeet domain or IP address of your plugNmeet server and run the command

nc -u YOUR_SERVER_IP 50008

Type test into the terminal and press ENTER. You should see the word test appear on the terminal of the plugNmeet server, as in

nc -u -l 50008

As before, if the above test fails, double-check the settings of the firewall to ensure its properly forwarding UDP packets in the range 50000-60000 and test again.