Drafting up my design for the stakepool and configuring my routes and firewall rules. So it leads me into my question on what ports are used for inbound and outbound traffic? or more specifically, what are some of the firewall rules the stake operators have configured on their nodes?
EDIT: Default CNtools - 6000 default Cardano Shelley - 3001
I have the same question.
It could be good to see added to the official documentation an output of a command such as “ufw status” for both relay and producting nodes for a configuration considered as “correct” and “secured”
The incoming ports that are specified by the relays (plus the one specified by the stake pool if it connects directly to the network rather than indirectly via a relay). The outgoing ports that are specified in the topology files for all the stake pools and relays.
@Andy_Hendrikx can you clarify which part of Shelley does not support cnames? I have successfully utilized cnames within my topology.json file of my relays to link back to my node and node to my relays utilizing cnames successfully. So are you saying registration of a stake pool doe not support cnames?
If you follow the IOHK recommendation of a block producing node with a relay node, then only the relay node would accept incoming TCP traffic from the internet on the port that you defined.
But how the producer node communicates with the relay? Which ports? Every time i restart the cardano-node service it starts in another port, for instance, 44001 or 33141, which is unpredictable. After changing the firewall to accept all traffic (which is a really bad idea) finally got connection between the 2 nodes (relay and producer). So, any thoughts on this?
Thanks
Hello,
When u start the node u use a port. When u registered the Relay u registered not only the IP but also the port
If for eg u decided to use port 6000 for Producer and 6001 for Relay than when u are starting the nodes u should use 6000 for Producer and 6001 for Relay
On Producer u should accept incoming connection only from ur Relay for port 6000, also u will add manually the ip + port (6001) of ur Relay in topology file
On Relay u should keep open the port 6001 for incoming connections, also u should run topology updater script (add in script your BP ip+ port)
Cheers
thanks for the help. Tried to run the topology updater and got this message error:
{ “resultcode”: “502”, “datetime”:“2021-01-28 22:17:48”, “clientIp”: “3.238.121.90”, “msg”: “invalid blockNo [0]” }
Your nodes are synced?
no. on LiveView shows Status: Starting…
Then, wait to sync… what version did u installed?
how much time? It’s been on this state about 12h. Is it normal, should I stay waiting longer?
The version is 1.24.2 but got the message that is a new version (1.25.1).
I used the coin cashew tutorial to install the nodes. Best practices to update the cardamon node?
Yes, it can take more than 12 hours
ok thanks. I’ll have to wait
On glive it’s saying starting but u can see the epoch orr sync status on top- left side?
Could be the problem that u are using a new file which is not comparible with gliveview yet
For example for mainnet the problem is solved with this config file
wget -N https://hydra.iohk.io/build/5102327/download/1/mainnet-config.json
sed -i ${NODE_CONFIG}-config.json
-e “s/TraceBlockFetchDecisions”: false/TraceBlockFetchDecisions": true/g"
on top left side says: Epoch 0 [0.0%] (node)
the only thing that is changing is: Tip (ref) : 20309119… and this number is increasing
Great, take the new file and it will work
I mean check the above one and compare with urs
Already made that change. On the tutorial was that note. On the mainnet-config.json that line is:
“TraceBlockFetchDecisions”: true,
Yes, but u compared it? There are no orher lines added?
only the first part… I’ll download it 
and made the change.
Thanks