@DavidNC ,
Can you please let me know the exact ufw setting for my specific case (BP, Relay) I am afraid I mess up the setting and not able to connect to server.
thanks
I have the following on relay , after sudo ufw status:
To Action From
22/tcp LIMIT Anywhere
600/tcp ALLOW Anywhere
6000/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
600/tcp (v6) ALLOW Anywhere (v6)
6000/tcp (v6) ALLOW Anywhere (v6)
Is this correct?
Yes, who is 600?
I just deleted 600, here is new status, should #1 be ALLOW instead of LIMIT?
To Action From
-- ------ ----
[ 1] 22/tcp LIMIT IN Anywhere
[ 2] 6000/tcp ALLOW IN Anywhere
[ 3] 22/tcp (v6) LIMIT IN Anywhere (v6)
[ 4] 6000/tcp (v6) ALLOW IN Anywhere (v6)
Limit = allow limited … so it’s fine
The FW rules are ok now
Here is the BP, should I restart both node and try? Is it going to be another 4 hours?
To Action From
-- ------ ----
[ 1] 22/tcp LIMIT IN Anywhere
[ 2] 6000/tcp ALLOW IN 3.142.247.56
[ 3] 22/tcp (v6) LIMIT IN Anywhere (v6)
Perfect ! Looks ok
Yes, restart the nodes and check IN/OUT peers
1 Like
That looks good. You can remove the ipv6 for 22 if you aren’t using it.
It should be automatically updated to allow communication, but you can restart the node if it isn’t reflecting. It won’t need the 4 hours if your relay is already registered.
This is another problem ,
Looks like my relay is not register in this topology.json
https://explorer.mainnet.cardano.org/relays/topology.json
Telnet from relay to producer on port 6000… is ok?
Will be after u will see the message: “glade u are staying with us” in topology updater log message
Then, please check the script u configured for topology updater… check the customer peer… if u wrote the correct IP and port…
also check the relay topology file… have been other peers including ur Producer added automatically?
The updater.sh script do not have the cusotm port I have to manually changed?
Which one in specific I need to change?
#!/bin/bash
shellcheck disable=SC2086,SC2034
USERNAME=ubuntu
CNODE_PORT=6000 # must match your relay node port as set in the startup command
CNODE_HOSTNAME=“CHANGE ME” # optional. must resolve to the IP you are requesting from
CNODE_BIN="/usr/local/bin"
CNODE_HOME=/home/ubuntu/cardano-my-node
CNODE_LOG_DIR="{CNODE_HOME}/logs"
GENESIS_JSON="{CNODE_HOME}/mainnet-shelley-genesis.json"
NETWORKID=$(jq -r .networkId GENESIS_JSON)
CNODE_VALENCY=1 # optional for multi-IP hostnames
NWMAGIC=(jq -r .networkMagic < GENESIS_JSON)
[[ "{NETWORKID}" = “Mainnet” ]] && HASH_IDENTIFIER="–mainnet" || HASH_IDENTIFIER="–testnet-magic {NWMAGIC}"
[[ "{NWMAGIC}" = “764824073” ]] && NETWORK_IDENTIFIER="–mainnet" || NETWORK_IDENTIFIER="–testnet-magic ${NWMAGIC}"
export PATH="{CNODE_BIN}:{PATH}"
export CARDANO_NODE_SOCKET_PATH="${CNODE_HOME}/db/socket"
blockNo=(/usr/local/bin/cardano-cli query tip {NETWORK_IDENTIFIER} | jq -r .blockNo )
Not here, u also created another script… something with push… or fetch
This one I customize with BP node’s DNS address (in relay-topology_pull.sh)
#!/bin/bash
BLOCKPRODUCING_IP=ec2-18-221-48-241.us-east-2.compute.amazonaws.com
BLOCKPRODUCING_PORT=6000
curl -s -o /home/ubuntu/cardano-my-node/mainnet-topology.json “https://api.clio.one/htopology/v1/fetch/?max=20&customPeers={BLOCKPRODUCING_IP}:{BLOCKPRODUCING_PORT}:2|relays-new.cardano-mainnet.iohk.io:3001:2”
Eee … there ( BLOCKPRODUCING_IP=) write the ipv4 address of the Producer
Add permissions and pull new topology files.
On relaynode1
chmod +x relay-topology_pull.sh
./relay-topology_pull.sh
The new topology takes after restarting your stake pool.
sudo systemctl restart cardano-node
Press i [info] and read why (it’s normal; mines are too)
ah, I see it is due to the firewall. However, I still don’t see my relay node show up on topology file
│
https://explorer.mainnet.cardano.org/relays/topology.json, is that something still not correct?
It will be 
Check the last topology updater log messges… it must run once/hour … check in crontab with:
crontab -e (must not be duplicated)
Cheers,