All incoming peers are unreachable

Folks, is it normal that all incoming peers are unreachable?

image

The port numbers from these incoming peers look like dynamically opened ports as a result from an incoming connection to the respective hosts. I would expect the respective firewalls to deny access to those ports, but why would gLiveView display zero traffic and those peers to be “Unreachable”?

My understanding is, that the IP:Port of this node finds its way into the mainnet-topology of those peers and that is why this node has incoming connections from those peers.

What do you see in gLiveView for incoming peers?

do you use topology updater?

restart the cnode, aand let us know the staatus of the new IN peers.

Yes, the topology updater is running. I see Tx being processed BTW.

i guess atleast your own producer should be reachable. i only have 3 incoming now and 1 is unreachable. had up to 7 yesterday i think. 3 or 4 where unreachable then

  1. for which node you speak?’
    as you you have many OUT, it is a relay.
    thats why you have also topology updater.

pleasse restart the cnode.

Here you go: … “it is not uncommon to see many unreachable peers”

image

In fact, it would be a security issue on their end, if they were reachable :wink:

3 Likes

exactly, i was discussing about this topic with another SPO, and we believe is only ICMP test and nothing more.
when the nodes need to communicate for the blockchain, i believe it will work properly based on open port for the service.

Are you filtering ICMP packets? It is part of some guides and causes your nodes to not respond to ping anymore.

Check your ‘sudo nano /etc/ufw/before.rules’ for the following rule: ‘-A ufw-before-input -p icmp --icmp-type echo-request -j DROP’ (under: # ok icmp codes for INPUT)

I checked it on my nodes and it did exactly that.

Good to know this, thanks tomdx!
So I’m now worried for those that are reachable in some of my IN peers.

Thanks for posting this. I just spent the last couple hours investigating the same phenomenon and was about to open up more ports on my firewall because gLiveView makes it look like something is not working. Thankfully I thought of posting the question on this forum first and your post came up as a suggestion as I was writing the post. This is probably making some pools less secure than they should be. They should remove that from the tool.

You may want to file an issue about this and hear what they say

Good idea. Done

I’ll try and open up a pull request for it over the weekend.