Issue connecting to AWS relay nodes

Good morning all,

I would like to state upfront that I am VERY new to this and my background is in evolutionary biology :slight_smile:

I have set up 2 relays as AWS ec2 instances, they are running very well and are in sync with the blockchain. Now I would like my local machine to talk exclusively to them, but I am having trouble. So:

I have modified the mainnet-topology.json file in both relays to look like this:
{
“Producers”: [
{
“addr”: “relays-new.cardano-mainnet.iohk.io”,
“port”: 3001,
“valency”: 8
},
{
“addr”: “x.x.x.x”,
“port”: 3001,
“valency”: 1
}
]
}
Where x.x.x.x is my local machine IP address as detected by both AWS and services like “what is my IP” by Google.

I have modified the mainnet-topology.json file on my local machine to look like this:
{
“Producers”: [
{
“addr”: “x.x.x.x”,
“port”: 8778,
“valency”: 1
},
{
“addr”: “y.y.y.y”,
“port”: 8778,
“valency”: 1
}

]
}
Where x.x.x.x and y.y.y.y are the public IPv4 addresses of the two instances as shown in their AWS description (not the DNS server names).

I have also modified the security group (both instances are under the same one) on AWS to reflect these changes: the default security group allows ssh connection by private key only from my IP (this is what I use to connect to the instance via terminal). I have added a security group that allows “all traffic” from my IP (as detected by AWS) on the inbound rules. On the outbound rules I have allowed all traffic to my IP (as detected by AWS). I might tighten these once I get it to work.

I have also checked that my machine is not running a firewall (sudo ufw status) and left it disabled for the sake of this initial testing. I will tighten this once I get it to work, by allowing inbound traffic only from the relays.

These steps did not seem to work. When running the node on my local machine, it starts up as usual, reading all the data it already has (which is pretty close to the current epoch/slot) and then nothing really happens. I do not get error messages, but it just doesn’t “tick over” showing epoch/slot in the liveview. I left it running all night, thinking it may be slow due to only 2 relays, but nothing changed.

I have tried to write gibberish addresses in the mainnet-topology file, just to see if I could get an error message, but never did.

Also, I have tried to ping the public IPv4 addresses of the 2 AWS ec2 instances, and I get consistent replies. However, if I try to ping my local machine’s IP address (as detected by AWS and Google "what is my IP) from the terminal of either of the ec2 instances I get no response. If I understand correctly, one cannot ping from ec2 instances to the outside (https://stackoverflow.com/questions/36886722/how-to-ping-to-my-local-machine-from-aws-ec2-instance), so maybe the latter isn’t a huge surprise. Nonetheless, it seems to me that the problem is that, although my local machine can talk to the ec2 instances, THEY will not talk back.

Is there a way to verify that the ec2 instances can talk to my machine? Do I need to setup the security groups in a different way? Do I need to modify the mainnet-config.json files for any of these changes to take effect? Or am I altogether missing the point here?

I hope this all makes sense, let me know if you have any suggestions/comments or if you think I should direct this elsewhere. Thank you for your time,

A

Hello Adrem,

You will need to setup port forwarding on your router for the external AWS machines to communicate with your local machine ip (to route comms to your local ip and then to your local node port). Try to Google port forwarding for specific your router, as each router will entail its own process.

As your firewall is down, and with the local node running, you should be able to use this tool to confirm whether your port forward implementations successful:

https://www.yougetsignal.com/tools/open-ports/

Hi @ADAfrog,

thank you for your input, it saved my sanity! I had thought it may be a simple matter, but I just didn’t have the background to know how to solve it: it was doing my head in :thinking:

The port forwarding worked well and so did the website you suggested for checking. I can keep working on this now, knowing I will encounter more issues that this great community will help me solve!

Have a great day and thanks again,

A

1 Like

My pleasure, Adrem, I am glad you are moving forward again.