Firewall setting question

Hello,

I’ve been following the Coin Cachew instruction and have a question on the firewall setting

On my relay node and the block producing node, I set the rules as follows

6000/tcp ALLOW Anywhere
2244/tcp ALLOW Anywhere

2244 for ssh login and 6000 for my nodes.
and also I deleted (v6) port

Should I open the port 3001 as the port number shown in the topology file?
and v6 port as well?

cat > $NODE_HOME/${NODE_CONFIG}-topology.json << EOF
{
“Producers”: [
{
“addr”: “<BLOCK PRODUCER NODE’S PUBLIC IP ADDRESS>”,
“port”: 6000,
“valency”: 1
},
{
“addr”: “relays-new.cardano-mainnet.iohk.io”,
“port”: 3001,
“valency”: 2
}
]
}
EOF

6000/tcp ALLOW Anywhere
2244/tcp ALLOW Anywhere
2244 for ssh login and 6000 for my nodes.
and also I deleted (v6) port

Relay should accept from any on port 6000
BP should accept connection only from the Relay on port 6000

Should I open the port 3001 as the port number shown in the topology file?
and v6 port as well?

Nope, it’s for out so u don’t need, u are filtering only the incoming traffic

1 Like

Thanks Alex,
If my relay is out syncing how the other nodes know my port number?

For this u will use the topology updater script, to announce the IP + port to the network + u will register the relay to the network, but for the moment wait for the nodes to sync; can take 1-2 days

1 Like

##On your Relays
ufw default deny incoming
ufw default allow outgoing
ufw limit proto tcp from any to any port [ssh port]
#Open port on relays.
ufw allow proto tcp from any to any port [relay node port]

##On your BP
ufw default deny incoming
ufw default allow outgoing
ufw limit proto tcp from any to any port [ssh port]
#Open a port for your public_address. This is the port other nodes will connect to.
sudo ufw allow from [relay 1 ip] to any port [bp node port] proto tcp
sudo ufw allow from [relay 2 ip] to any port [bp node port] proto tcp

1 Like