Hey everyone. Working to setup a new unregistered relay for DDos protection. Used the CoinCashew guide. However, I currently have 38 outgoing peers & 0 incoming. My block producer now went from 1 in 1 out, to 1 in 2 out.
My goal is to of course have the 2nd relay show incoming peers and have the block producer show 2 in 2 out. I have not registered the relay or updated the pool.cert in any way, I want the IP to remain hidden. Any suggestions?
check if the cnode set on startRelay script match with the cnode port which is set inside env file (default is 6000)
then check if you opened the port in firewall to accept connections from any
You either run topology script or register in blockchain your relay or hopefully both. If you did none of this, then nobody will know about your relay existence and nobody will connect.
For hidden relays you need to run topology script, if you are running that, then you need to make sure that port is open to outside world. Check your topology updater logs too.
this is true but the producer has a static connection inside topology file; so the producer must be seen on relay as IN peer.
ok, restart the node and see if now you see the Producer as IN peer.
from producer you can try
telnet Relay_IP 6001
do u see connected?
here u should use the cnode port for Producer → on Producer glive what port do you see? use it here on relaytopologypull.sh
Hey Alex, telnet Relay_IP 6001 gave an error message when input on my BP. I changed all the ports back to 6000 in the env, relay topology, mainnet topology, and startrelay files. Still no incomings. I am sure this PC is port forwarded for both external and internal on port 6001.
My BP’s topology is aimed at my other relay’s IPv4 at port 6000 and this relay’s IPv4 at port 6001. GLiveView on the producer shows port 6000
Has the new relay node fully synced yet?
You can check if port open here:
Or from any other remote server, by using telnet.
You are right @jeremyisme if node is not synced then it will not accept new connections.
Yes I have let it fully sync with each test and port 6001 registers as open. However, on gliveview the relay port still shows as 6000 even at full sync (when it should be 6001 since my first relay is using 6000).
The relay I am attempting to setup is on 1.33.0 whereas my BP and 1st relay are on 1.31.0 still, i wonder if that could be the issue
u must open env file, modify the cnode port from 6000 to 6001, save the file and restart the node
1.33.0 or 1.33.1? 1.33.0 was the latest release I thought
I don’t understand the reasoning, here. It’s a second relay on another machine with another IP, isn’t it? Then, it can use the same port. They would only be conflicting if on the same machine.
But it would still be visible to all the other nodes that you want incoming connections from, wouldn’t it? They obviously can’t connect to your relay if they don’t know your IP.
apologies, its 1.33.0. Updated my prior comment
This worked partially. I now have 1 incoming connection on the relay and 2 out 2 in on the BP. I did this by switching the 2nd relay’s ports to 6000 as well, then closing the 6001 port as it is no longer being used.
My router allows ports to be opened only for specific machines and I had already opened 6000 for my 1st relay. Naturally I assumed a 2nd port would need to be opened for a 2nd relay. I guess this is not the case (unless the relay is outside of network?)
I’m going to continue working with it to try to get those incoming connections up, any suggestions would be appreciated. Thanks.
Ah, both are behind the same router?
Then, you’re right that they need different ports on the router. On the router, you can configure to forward that other port to port 6000 on your relay.
But, then this whole endeavour seems to make no sense, anyway. Both (it’s both relays or the block producer and the second relay or even all three?) will have the same public IP (the one of the router). A DDOS will hit your router and the second relay behind that router will give you next to nothing.
If u use PF then I believe u will need different ports… otherwise how the router will know to which server/relay forward the traffic?
My goal is to build the 2nd relay (get it all ready) on my home network then bring it to a friend’s house 20 minutes away. I’ll pop open his port forward and register that IP for the stake pool. This way, my local BP and relay node IP address will remain anonymous and any DDOS attack would hit non-local relay, while my 1st relay and BP would remain unaffected. Is this possible? I may be approaching this the wrong way…
PS: love your shirt in profile picture lol. TNG is the best