I have recently begun the journey of operating a stake pool. Everyone is so helpful in this community! I have a few questions regarding the AWS firewall and updating my BN in particular.
Right now my Block nodes security settings are blocking all inbound connections save for relay. The block node’s only outbound is the relay server through the same port.
My question is this: Is this the correct configuration?
Hello and welcome aboard!
Right now my Block nodes security settings are blocking all inbound connections save for my SSH to my IP address and the relay server through another port. The block node’s only outbound is the relay server through the same port.
It is ok; keep all ports closed except for relay, ssh
My question is this: Is this the correct configuration? I am unable to update any programs or install new ones on my block node (Grafana, CNCLI, ect.) is this working as intended or do I need to loosen the security on my block node?
It is the correct configuration; anyway, u should be able to install grafana or cncli… what errors are u receiving?
Also, the CNCLI installation does not specify whether I need to run it on my block, relays, or both?
Cncli should run on BP only
Thank you for the quick reply! I have seen how you are a pillar on this forum, so I wanted to thank you for your contributions to this community!
Other than this, everything seems to be running correctly in GLiveview on my block and relay nodes, I am processing TX and peers/tips/ect looks good.
So for example, when I try to install chrony, I get this error:
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 220 kB of archives.
After this operation, 535 kB of additional disk space will be used.
0% [Connecting to us-west-1.ec2.archive.ubuntu. com (xx.xx.xx.xx)]
Err:1 ht>p: //security. ubuntu. com/ubuntu focal-updates/main amd64 chrony amd64 3.5-6ubuntu6.2
Could not connect to ), connection timed out
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
I installed Chrony on my relay this morning with no issues, so I’m guessing it has to do with the security settings on my block node?
I mean, if the block node is only allowed to connect with the relay nodes because of the security settings I implemented this makes sense. I am just wondering how I am supposed to add programs/updates to the block node from elsewhere when the BN is only designed to communicate with the relays. Does this make sense?
Should not be any issues;
What is the difference between BP and Relay?
- on BP u accept on cnode port incoming connections only from ur relay
- on Relay u accept on cnode port incoming connections from any
The fw is active for both right?
Are u using cntools?
I have the same config and I don’t have this issue