TopologyUpdater.sh Problems

Hey guys, I’m trying to setup a stake pool and am trying to get the topologyUpdater.sh script to work. I am running on a server that is behind the a public facing router. I have followed the directions on guild operators and ran the deploy-as-systemd script. When I check my port using Open Port Check Tool - Test Port Forwarding on Your Router it says that it is open. I put in my router’s public IP and port # . I just checked my topologyUpdater_lastresult.json file under logs and it still shows

{ "resultcode": "403", "datetime":"2022-04-15 21:22:59", "clientIp": "xx
.xx.xx.xx", "iptype": 4, "msg": "glad you want to stay with us, but please check and enable your IP:port reachability" }

Today I configured port forwarding rules on the router to send 10106 traffic to my server and I have opened the port in the firewall and confirmed via ufw status verbose. What am I missing?

hello

please make sure you are synced to head before attempting to register in topology updater.
Double check again if your TCP port is open.

@werkof should be able to troubleshoot deeper this situation. Otherwise you should add your public IP of your relay to allow us to check public facing port

I believe I am synced. When I look at the block number and look on cardono-explorer my block, and slot all match up in the latest epoch?. Is there a better way to confirm that I am synced?

output of ufw status verbose

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
10021                      ALLOW IN    Anywhere                  
10301                      ALLOW IN    Anywhere                  
10303                      ALLOW IN    Anywhere                  
10304                      ALLOW IN    Anywhere                  
10600                      ALLOW IN    Anywhere                  
10106                      ALLOW IN    Anywhere                  
10106/tcp                  ALLOW IN    Anywhere                  
10106/udp                  ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
10021 (v6)                 ALLOW IN    Anywhere (v6)             
10301 (v6)                 ALLOW IN    Anywhere (v6)             
10303 (v6)                 ALLOW IN    Anywhere (v6)             
10304 (v6)                 ALLOW IN    Anywhere (v6)             
10600 (v6)                 ALLOW IN    Anywhere (v6)             
10106 (v6)                 ALLOW IN    Anywhere (v6)             
10106/tcp (v6)             ALLOW IN    Anywhere (v6)             
10106/udp (v6)             ALLOW IN    Anywhere (v6)

I double checked on port forwarding tester and it says my port is open.
If it matters, the firewall default is to deny incoming, but that should be fine for topology as the port used in my env is 10106 and that is allowed in.

Perhaps I have my operations out of order. But I have not yet stood up the block producer, it has the chain synced, I just haven’t created the cold keys yet or made the pool metadata. I have gotten hung up on this issue, that may be my bad, but I don’t think that is the source of this particular issue. Please correct me if I am wrong.

Wait, is this a block producer? Then you should not use topology updater, unless you are not going to have relays.

In a standard setup (BP + Relays) BP is peering only with your relays.

ufw looks fine. udp is not needed, you can delete it. 22/tcp you sure you want it opened to everyone?

Are you sure you are publicily routable? I mean you could be behind a NAT, Carrier Grade NAT and similar.
When it comes to port scanning I personally only trust nmap scans, I don’t trust online services like Open Port Check Tool - Test Port Forwarding on Your Router, it may give you false positives.

Sorry for adding confusion. No, this machine is not a block producer. It will be a relay. I was just adding the detail that I have not yet configured the block producer yet. I didn’t think that was relevant but just in case I wanted to share that fact. I will remove the udp rules and the 22/tcp. I am definetly behind a router. I have port forwarding on the router enabled to route the 10106 to this node. I set the IP address in topologyUpdater.sh to the publicly available address of the router, not the private IP of the machine. When I check the NAT setting on the router it appears to be disabled.

I am doing a nmap scan now. The command is nmap -Pn -T4 {xx.xx.xx.xx}. I will update with the results.

host is up (0.030s latency).
Not shown: 999 filtered ports
PORT   STATE  SERVICE
22/tcp closed ssh

Nmap done: 1 IP address (1 host up) scanned in 244.80 seconds

Does this mean that while everything may be good firewall rule/port opened on the server, the router is closed up too tight?

I checked log. Is this what I should be seeing if everything is working correctly

{ "resultcode": "204", "datetime":"2022-04-15 22:23:01", "clientIp": "70.88.27.38", "iptype": 4, "msg": "glad you're staying with us" }
{ "resultcode": "204", "datetime":"2022-04-15 23:23:03", "clientIp": "70.88.27.38", "iptype": 4, "msg": "glad you're staying with us" }
{ "resultcode": "204", "datetime":"2022-04-16 00:23:04", "clientIp": "70.88.27.38", "iptype": 4, "msg": "glad you're staying with us" }

I had made some router changes hours before making this post and there had been resultcode 403’s since then, I don’t know why the result code would have suddenly changed.
Do these last three result codes mean everything is working? My topology.json files has the confiugred maximum number of entries (15). I take it this means everything is working correctly?

yes, you are up and running.

sorry to show up only now, was on a short vacation.
Good to see experienced TU users help each others. Thanks @anon6816007