Ports reference¶
Every port you might need to open on a Bitcoin Gold (BTG) infrastructure host, grouped by service. The "Risk" column is a quick gut-check: anything on a public IP without auth is high-risk.
Mainnet¶
| Port | Protocol | Service | Risk if exposed | Notes |
|---|---|---|---|---|
| 8338 | TCP | Bitcoin Gold (BTG) P2P | Low | Open to the internet — the network needs you. |
| 8332 | TCP | Bitcoin Gold (BTG) RPC | Critical | Localhost only. Never expose. |
| 50001 | TCP | ElectrumX (TCP) | Medium | Encrypted, no auth. Use SSL on prod. |
| 50002 | TCP | ElectrumX (SSL) | Medium | TLS, no client auth. |
| 50003 | TCP | ElectrumX (WebSocket) | Medium | Newer wallets only. |
| 38335 | TCP | ZMQ (hashblock) |
Low | Bind to localhost — it's for local Blockbook. |
| 53 | UDP + TCP | DNS seeder | Medium | Open only on the seeder host. Reflection/amplification risk. |
| 80 | TCP | HTTP (cert challenge) | Low | Only needed for HTTP-01 ACME. |
| 443 | TCP | HTTPS (explorer) | Medium | Use TLS + X-Robots-Tag if not public. |
| 3333 | TCP | Stratum (pool) | Low | Standard pool port. |
| 3334 | TCP | Stratum SSL (pool) | Low | |
| 3335 | TCP | Stratum fixed-diff (pool) | Low | |
| 22 (or 4444) | TCP | SSH | High | Move off 22, use key auth + fail2ban. |
Testnet v3¶
| Port | Protocol | Service |
|---|---|---|
| 18338 | TCP | Testnet P2P |
| 18332 | TCP | Testnet RPC (localhost only) |
| 50001–50003 | TCP | ElectrumX (testnet) — usually shares the same instance with NET=testnet |
| 53 | UDP + TCP | DNS seeder (testnet hostnames are different) |
Comparison with Bitcoin¶
| Service | Bitcoin | Bitcoin Gold |
|---|---|---|
| Mainnet P2P | 8333 | 8338 |
| Mainnet RPC | 8332 | 8332 |
| Testnet P2P | 18333 | 18338 |
| Testnet RPC | 18332 | 18332 |
| Default Electrum | 50001/50002 | 50001/50002 (same) |
Do not confuse with Bitcoin
If you copy a Bitcoin bitcoin.conf, the port=8333 line will make your Bitcoin Gold (BTG) node fail to bind. The actual Bitcoin Gold (BTG) mainnet P2P is 8338.
Firewall cheatsheet¶
A complete Bitcoin Gold (BTG) infrastructure host (full node + Electrum + Blockbook front-end, no seeder, no pool):
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # change to your SSH port
sudo ufw allow 8338/tcp # Bitcoin Gold (BTG) P2P
sudo ufw allow 50001/tcp # ElectrumX TCP
sudo ufw allow 50002/tcp # ElectrumX SSL
sudo ufw allow 80/tcp # for ACME HTTP-01
sudo ufw allow 443/tcp # Blockbook front-end
sudo ufw enable
A seeder host:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # SSH
sudo ufw allow 53/udp # DNS
sudo ufw allow 53/tcp # DNS (large replies)
sudo ufw allow out 8338/tcp # crawler reaches the Bitcoin Gold (BTG) network
sudo ufw enable
A pool host:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw allow 3333/tcp
sudo ufw allow 3334/tcp
sudo ufw allow 3335/tcp
sudo ufw allow 80,443/tcp
sudo ufw enable
What about RPC?¶
bgoldd's RPC is on 8332/tcp. Even though bitcoingold.conf should bind to 127.0.0.1 only, do not open 8332 in ufw. The two layers of defence are:
rpcbind=127.0.0.1— daemon-level.- No
ufw allow 8332— firewall-level.
If either fails, the other still protects you.
This matches the production host at bitcoingold.services
The live bitcoingold.conf at var/lib/bitcoingold/.bitcoingold/bitcoingold.conf uses rpcbind=127.0.0.1 and the firewall is set to default-deny with only 22/tcp open — confirming the pattern above. If your config drifts from that, treat it as a regression.
IPv6¶
Default Bitcoin Gold (BTG) configurations in this library use onlynet=ipv4 because the seeder and other infrastructure typically don't have stable IPv6. If you do want IPv6:
- Remove
onlynet=ipv4frombitcoingold.conf. - Make sure
rpcbind=127.0.0.1(NOT::) — IPv6 loopback rules differ.
Where to go from here¶
- Full node — opens P2P only.
- Electrum server — opens 50001/50002/50003.
- Blockbook — opens 443 via nginx, no Bitcoin Gold (BTG)-specific ports.
- DNS seeder — opens 53.
- Mining pool — opens 3333-3335.