yep, I ran nmap locally and was like...well, it's listening. I ran nmap remotely and it returned filtered.

Perhaps the weirdest thing is that before when I have tried to install manually with the firewall on things have gotten in an unrecoverable stat.

This latest install I was using Ansible, and the Ansible playbook seems to have taken care of the port situation.

That said, maybe the port stuff was a bug that was fixed when I moved to # 2.1 and # 3.16. I think 3.16 may still strictly speaking be RC, but...whatever.