Technology Encyclopedia Home >How to resolve DigitalOcean firewall issues blocking OpenClaw gateway port (18789)?

How to resolve DigitalOcean firewall issues blocking OpenClaw gateway port (18789)?

Tencent Cloud Community 2026-04-26276

To resolve DigitalOcean firewall issues blocking the OpenClaw gateway port (18789), follow these steps:

1. Check Firewall Rules in DigitalOcean

DigitalOcean provides cloud firewalls that control inbound and outbound traffic. Ensure that port 18789 is explicitly allowed.

Steps:

  • Log in to your DigitalOcean Dashboard.
  • Navigate to Networking > Firewalls.
  • Select the firewall associated with your Droplet or resource.
  • Under Inbound Rules, check if there is a rule allowing TCP or UDP traffic on port 18789.
    • If not, click Add Rule.
    • Set:
      • Type: Custom
      • Protocol: TCP (or UDP, depending on what OpenClaw requires)
      • Port Range: 18789
      • Sources: Select appropriate sources (e.g., "Anywhere" for testing, or restrict to specific IPs for security).
  • Save the changes.

Note: If you're not using DigitalOcean Firewalls but instead relying on security group-like configurations at the OS level (e.g., iptables or ufw), proceed to the next section.

2. Check OS-Level Firewall (UFW / iptables)

If you have a firewall enabled on the server itself (like UFW or iptables), it might also be blocking the port.

For UFW (Uncomplicated Firewall):

  • Check if UFW is active:
    sudo ufw status
  • If active and port 18789 is not allowed, allow it:
    sudo ufw allow 18789/tcp
    Or for UDP:
    sudo ufw allow 18789/udp
  • Reload UFW:
    sudo ufw reload

For iptables:

  • Check existing rules:
    sudo iptables -L -n
  • Allow port 18789 (TCP example):
    sudo iptables -A INPUT -p tcp --dport 18789 -j ACCEPT
  • To make it persistent (Ubuntu/Debian):
    sudo apt install iptables-persistent
sudo netfilter-persistent save

3. Verify OpenClaw Gateway Configuration

Ensure that the OpenClaw gateway is correctly configured to listen on port 18789 and that there are no application-level restrictions.

  • Check the OpenClaw logs or config files to confirm:
    • It is set to bind to the correct IP (e.g., 0.0.0.0 for all interfaces or a specific internal IP).
    • The intended port is 18789.

You can test locally if the port is open using:

netstat -tuln | grep 18789

or

ss -tuln | grep 18789

4. Test External Connectivity

Use an external tool or another server to test if port 18789 is reachable.

  • From an external machine (not blocked by firewall), use:
    telnet YOUR_DROPLET_IP 18789
    or
    nc -zv YOUR_DROPLET_IP 18789
    Replace YOUR_DROPLET_IP with your actual server’s public IP.

If the connection fails, recheck the firewall rules both in DigitalOcean and on the server.

5. Contact DigitalOcean Support (if needed)

If you've configured everything correctly and the port is still blocked, there may be network-level restrictions or issues within DigitalOcean's infrastructure. In such cases:

  • Go to the Support section in your DigitalOcean dashboard.
  • Open a support ticket detailing the issue and the steps you've taken.

Recommended Tencent Cloud Products:

For robust cloud infrastructure with flexible networking, consider using Tencent Cloud's Cloud Virtual Machine (CVM) and Security Group features. Tencent Cloud Security Groups act as virtual firewalls to control inbound and outbound traffic, allowing easy management of ports like 18789. Their intuitive console enables quick rule configuration, similar to DigitalOcean Firewalls but with enhanced scalability and enterprise-grade performance. Visit Tencent Cloud to explore services like CVM, Cloud Firewall, and Network Security solutions tailored for global applications.