# Forward Ports for Peering Servers in the XRP Ledger peer-to-peer network communicate over the [peer protocol](/docs/concepts/networks-and-servers/peer-protocol). For the best combination of security and connectivity to the rest of the network, you should use a firewall to protect your server from most ports, but open or forward the peer protocol port. While your `rippled` server is running, you can check to see how many peers you have by running the [server_info method](/docs/references/http-websocket-apis/public-api-methods/server-info-methods/server_info). The `peers` field of the `info` object shows how many peers are currently connected to your server. If this number is exactly 10 or 11, that usually means your firewall is blocking incoming connections. Example of a `server_info` result (trimmed) showing only 10 peers, likely because a firewall is blocking incoming peer connections: ```json $ ./rippled server_info Loading: "/etc/opt/ripple/rippled.cfg" 2019-Dec-23 22:15:09.343961928 HTTPClient:NFO Connecting to 127.0.0.1:5005 { "result" : { "info" : { ... (trimmed) ... "load_factor" : 1, "peer_disconnects" : "0", "peer_disconnects_resources" : "0", "peers" : 10, "pubkey_node" : "n9KUjqxCr5FKThSNXdzb7oqN8rYwScB2dUnNqxQxbEA17JkaWy5x", "pubkey_validator" : "n9KM73uq5BM3Fc6cxG3k5TruvbLc8Ffq17JZBmWC4uP4csL4rFST", "published_ledger" : "none", "server_state" : "connected", ... (trimmed) ... }, "status" : "success" } } ``` To allow incoming connections, configure your firewall to allow incoming traffic on the peer protocol port, which is served on **port 51235** in the default config file. The instructions to open a port depend on your firewall. If your server is behind a router that performs Network Address Translation (NAT), you must configure your router to forward the port to your server. If you use the `firewalld` software firewall on Red Hat Enterprise Linux, you can [use the `firewall-cmd` tool](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_zones_to_manage_incoming_traffic_depending_on_source) to open **port 51235** to all incoming traffic. *Assuming `--zone=public` is your public [zone](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-working_with_zones#sec-Listing_Zones).* ```sh $ sudo firewall-cmd --zone=public --add-port=51235/tcp ``` Then, restart the `rippled` server: ```sh $ sudo systemctl restart rippled.service ``` To make it permanent: ```sh $ sudo firewall-cmd --zone=public --permanent --add-port=51235/tcp ``` For other software and hardware firewalls, see the manufacturer's official documentation. If you are using a hosting service with a virtual firewall (for example, [AWS Security Groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html)), you do not need to use `firewalld`, but you still need to allow inbound traffic from the open internet on the peer port. Make sure you apply the relevant rules to your host or virtual machine. ## See Also - **Concepts:** - [Peer Protocol](/docs/concepts/networks-and-servers/peer-protocol) - [The `rippled` Server](/docs/concepts/networks-and-servers) - **Tutorials:** - [Capacity Planning](/docs/infrastructure/installation/capacity-planning) - [Troubleshoot the `rippled` Server](/docs/infrastructure/troubleshooting) - **References:** - [connect method](/docs/references/http-websocket-apis/admin-api-methods/peer-management-methods/connect) - [peers method](/docs/references/http-websocket-apis/admin-api-methods/peer-management-methods/peers) - [print method](/docs/references/http-websocket-apis/admin-api-methods/status-and-debugging-methods/print) - [server_info method](/docs/references/http-websocket-apis/public-api-methods/server-info-methods/server_info)