Good evening. I am new to Linux in general and networking. I installed a custom app and it needs port 9696 open. I just don’t know how to set that port to open. Maybe it’s simple but everything I try just doesn’t work. Is there something else I need to install to set certain ports to allow traffic in/out? Someone please help an old man out.
On ZimaOS, you normally do not “open” ports manually like traditional Linux firewall setups.
Most of the time the issue is simply that the container/app was not mapped to the host port correctly.
Port 9696 is commonly used by apps like Prowlarr, so first check whether the app container actually exposes that port.
In Docker terms, you want something like:
ports: - 9696:9696
That means:
HOST:CONTAINER9696:9696
You can verify what ports are currently exposed with:
docker ps
Look in the PORTS column.
You should see something similar to:
0.0.0.0:9696->9696/tcp
If you do not see that, then the port is not published to the network yet.
Also check:
- The app is actually running
- The app inside the container is listening on 9696
- You are connecting to the correct IP address of the ZimaOS machine
Example:
http://192.168.x.x:9696
ZimaOS itself usually does not block local LAN ports with a firewall by default, so this is very often a Docker port mapping issue rather than Linux firewall rules.
If you paste:
- your Docker Compose / Custom Install config
- or a screenshot of the app settings
- plus output of:
docker ps
then people here can probably spot the problem very quickly
I’m gonna try to cover everything you said so bear with me. I ran “sudo docker ps”. It returned what you said it should: 0.0.0.0:9696→9696/tcp, :::9696→9696/tcp
You are correct in that it is Prowlarr. The issue is I have a program, Torbox, which isn’t on my server cant connect to Prowlarr. Prowlarr has no issue connecting to indexers out in the wild, I just can’t bring the connection from Torbox in.
Ah okay, that changes things a bit
Your Docker port mapping is already correct, so ZimaOS itself is not blocking port 9696.
The important part is this:
0.0.0.0:9696->9696/tcp
That means Prowlarr is listening externally on the server.
So now the problem is most likely one of these:
- Router/NAT forwarding
- CGNAT from your ISP
- Torbox requiring HTTPS/public DNS
- Using a private/local IP instead of a public reachable address
If Torbox is cloud hosted (outside your home network), then using:
192.168.x.x:9696
will never work because that is only reachable inside your LAN.
You would need:
- port forwarding on your router
- your public IP or domain
- ideally HTTPS via reverse proxy
Before exposing Prowlarr publicly though, be careful.
Raw exposure of services like Prowlarr directly to the internet is generally not recommended.
Safer options are:
- Cloudflare Tunnel
- Tailscale
- reverse proxy with authentication
Also very important:
some ISPs use CGNAT, which prevents inbound connections entirely unless you pay for a public IP.
Quick test:
Search Google for:
what is my ip
Then compare that IP with the WAN IP shown in your router.
If they are different, you are probably behind CGNAT.
Honestly from what you described, this no longer looks like a ZimaOS issue at all. Your Docker/container side appears to be working correctly
I believe I will have to look into Cloudflare or Tailscale then. I have already tested to see if my ISP uses CGNat. The addresses matched when I used what is my ip. I will try those options and see what I get. Thank you.
1 Like
It seems like it’s always something else. I install Tailscale, I try to login, it gives me an error message. I install Cloudflare, I need to also do this and that. Same thing with Nginx. I’m beginning to see why Linux isn’t more widely adopted.
Honestly, I completely get the frustration there.
What catches a lot of people with self-hosting is that the actual app installation is usually the easy part now. Docker and ZimaOS handle that part pretty well.
The difficult part is exposing services securely to the outside internet, because that moves into networking territory:
- NAT
- DNS
- HTTPS certificates
- router/firewall rules
- authentication/security
And unfortunately every setup is slightly different, so one guide works perfectly for one person and fails for another because of one small networking difference.
Once you get one remote-access method working though, it becomes much easier afterwards because you reuse the same setup for future apps.
Honestly, for newer users, Zima Client/ZimaNet is probably the simplest starting point inside the Zima ecosystem before jumping into Cloudflare, Nginx or Tailscale setups.
Linux itself is usually the stable part. It’s the networking side of self-hosting that tends to become the rabbit hole.