Adding A 2nd Relay But No Incoming Peers

And a DDOS hits your friend? Strange, but if he’s okay with it. …

Seems to me that you then can’t fully test it on your home network, because once the non-local relay is at the other location, it can’t reach the BP by local IP anymore and vice versa.

At the very minimum, your BP and the relay next to it need different ports and they have to be forwarded by the router, so that the non-local relay can reach the BP.

1 Like

It was actually his idea lol. They’re also participating in the pool so its important to him as well.

I appreciate all your help. I’ll do some troubleshooting on my end and report back later tonight. Thanks guys.

1 Like

Just a few thoughts:

  • Up to now, your IP is on the pool cert, isn’t it? So, it will remain publicly visible on the blockchain forever, even if you change the newest pool cert to point at your friend. I don’t know how many DDOS attacks there are and if they also try IPs from old certs, but you should at least know that.
  • The old working setup is: Your router forwards port 6000 to port 6000 on your relay and your relay connects to your BP on port 6000 on its local IP?
  • If you have a non-local relay, it has to connect to the BP over non-local Internet. So, your BP will have to have a port open on your router that is forwarded to it. You probably, won’t want 6000, there, so it’s not so easily found and your relay can keep its already established connections. So, forward 6042 or something like that to the 6000 on the BP. If your router permits it, you can restrict to only accept connections from the non-local relay on that port.
  • So, the local relay will keep local IP of the BP, port 6000, as connection to the BP, while the non-local relay will use public IP, port 6042. While you setup the non-local relay locally, it might make sense to give it port 6001 on the router and forward that to its local 6000. Once, it’s at the other location, it will get that public IP, and can probably get the standard 6000, there.
1 Like

If you want to setup a couple of relays at different physical locations I would suggest the following:

  1. Buy a domain name and setup DNS records for your relays. Call them relay1.yournewdnsname.com and relay2.yournewdnsname.com etc. Configure the DNS settings to return your home IP and your mates IP. If you want you can also configure another DNS name relays.yournewdnsname.com to return both IPs.
  2. Register your pool using the DNS names in your pool registration certificate. Now you can change the IP addresses of each of your relays if you need to by just updating the DNS records and without having to re-register your pool.
  3. If you want to setup a secure local network between the block producer and both relays you could then also optionally use wireguard (VPN)

If you use wireguard this will provide an extra level of security and a degree of “hidden-ness”. Wireguard lets you configure a nice VPN between the three devices each with its own private IP address to communicate over. You can also put your home management PC on the wireguard VPN and therefore connect seemlessly to each device over the VPN to manage things. Furthermore, if you need to manage things from another location, you can setup wireguard on a laptop and connect into your VPN from anywhere you can get a wifi internet connection. Wireguard is not “chatty” and does not respond to port scans (unless packets are encrypted with the key) so other people cannot then see if you have ssh or other ports open on the individual machines.

You will still need to provide port forwarding and firewalling to allow external connections to each of your relays.

1 Like

Do I need to register the new relay by submitting a new pool.cert in order to get incomings connections?

This would make a lot of sense and it’s the only thing I haven’t tried so far…

Both the relays will be public if I do this, but at this point I really just want the 2nd relay up and running.

No, u will not need to register it, but u need to keep the port opened and also run the topology updater

1 Like

I’ve done both of these but still no incoming connections…perhaps I missed a step somewhere along the line. I’ll just wipe the drive and rebuild it from scratch at this point. I appreciate your help.

Just to clarify, if I run this relay from another IP I can use port 6000 for both relay node 1 & 2? And just direct topology via public IP?

Yes, u can use same port (6000) for both

Don’t u see the Producer as IN peer? Did u added the Relay inside the Producer topology? Also u will need to restart the Producer if u didn’t.
try from producer
telnet Relay_IP 6000 do u see connected?

1 Like

Yes it says it’s connected to the relay, that’s the weird part: my producer says it’s connected with the relay (2 in / 2 out), but the relay still says 0 in / 22 out

the relay is fully synced?

1 Like

Yes the relay is fully synced

Can u share the start script for relay?

1 Like

I will post it tomorrow as soon as I can. Thank you Alex :slightly_smiling_face:

1 Like

check here the IP + port

should be opened

Nope, not registering is the issue… How is on glive?
Also compare the config.json for relay1 and relay2…

1 Like

The GLiveView says that the port is 6000, although it should be 6007. Might that be an issue?

Also: The “process ID list syntax error” is still strange.

Skimming through gLiveView 1.22.4 error: process ID list syntax error?, maybe setting CNODE_PORT in the env file might help for both?

1 Like

We got it folks!! My problem was the CNode port which both Alex and Hepta suggested. I had tried these items before but i must have messed something else up along the way.

I now have 1 connection in (my BP)/ 23 out on the 2nd relay - which i assume is okay considering this relay is not registered and should not have other incoming connections?

BP shows 2 in/2 out, 1st relay still working as normal i just need to update the node now.

nope, u only need to run topology updater for IN peers… u should have logs for topology updater script… what is the last message received?

1 Like

oh crud you’re right. I skipped over the part in step 14 where you’re supposed to wait 4 hours before proceeding after creating the crontab. What would you suggest doing now?

waiting for other nodes to connect … it can take up to 24 hours

1 Like