There may be various firewalls in between the JetStream server and clients. Exceptions or other rules may need to be added to the firewalls protecting the server to allow clients to connect. Typically this means opening and possibly forwarding port 8886 (both TCP and UDP). See JetStream Primer for a list of ports potentially used by the server.

OS Firewalls

The OS on the machine hosting the JetStream may be running a software firewall. The following are the most common default firewalls.

CentOS 7

By default, the CentOS 7 firewall firewalld is enabled. To allow connection to the JetStream server, you will need to configure or disable the firewall. For instance:

  • Allow port 8886 through the firewall:
    # sudo firewall-cmd --permanent --zone=public --add-port=8886/tcp --add-port=8886/udp
    # sudo systemctl restart firewalld
  • Disable the firewall:
    # sudo systemctl stop firewalld
    # sudo systemctl disable firewalld

Ubuntu 16.04

By default, the Ubuntu firewall ufw is disabled. If you choose to enable it, then you will need to configure it to allow connections to the JetStream server. For instance:

# sudo ufw allow 8886


By default, the macOS firewall is disabled. It can be configured by navigating to System Preferences ‣ Security & Privacy ‣ Firewall. When enabled, the default setting Automatically allow downloaded signed software to receive incoming connections should allow connections to the JetStream server. If this option is off, or JetStream is blocked for any reason, then an exception can be added by selecting jetstream from the presented list:



By default, the Windows firewall is enabled. The JetStream installation automatically adds an exception to allow connections to the JetStream server.

To adjust the firewall configuration, navigate to Start menu ‣ Windows Administrative Tools ‣ Windows Defender Firewall with Advanced Security.

External Firewalls

To allow clients to connect to the JetStream server from an external network, any external firewalls between the server and the internet will need to be configured. Typical configuration tasks include:

  • Port Forwarding: Allow ports 8886/tcp and 8886/udp to be redirected to the JetStream server.
  • Deep Packet Inspection: Some enterprise firewalls provide “Deep Packet Inspection” or “Layer 7 Scanning” options that can block JetStream traffic. These systems can miscategorize JetStream network traffic and therefore block it, sometimes after many hours of operation. In these cases, add an exception according to the firewall documentation.