Step by step description of how to port-forward nodes for these pre-beta testnets

image2801×2631 1.45 MB

No logs just hanging on that screen. Do you know how to open the pi firewall please?

Try sudo ufw status see what it spits out and if ufw is your firewall.

Says inactive

It’s not got an error start another terminal session and check in the logs folder see what’s going on or better yet vdash if you have it installed.

Can someone who has a working node running through port forwarding please answer these questions

1. What type of connection (eg home router, vpn, data-centre)
2. external port
3. internal port
4. cli command to run the node
5. any changes for 2 or more nodes
6. does it work every time, any issues?
7. any other required parameters/information

Please only answer if you were successful in earning test-SNT

Thank you for any responses. I wish to edit the opening post with relevant information so people can use the info without having to read the whole topic if all they are after is the required info

1- Home router
2- External port: whatever you want to use over 1024. Normally you specify a range, because you will have more than one node. To be on the safe side, take 50 consecutive ports in the range. Not my setup (I don’t want to disclose my ports), but for example you could choose: 13500-13550
3- Internal port: for simplicity, just take the same range as before. It should work with different range, but whatever… 13500-13550
4- I’m using the script from @neik , but it does something like this. Let’s take an example with 10 nodes:

sudo ufw allow 13500:13509/udp comment 'safe nodes'
for (( c=13500; c<=13509; c++ ))
do 
   sleep 2 && safenode --port $c --max_log_files 10 --max_archived_log_files 0 2>&1 > /dev/null & disown
   echo "starting node on port $c with 2 second delay"
done

5- I already considered more than one node
6- Provided you opened the range of ports as UDP in the router, yes, it works.
7- Yes, some problem I faced. My nodes are inside a docker container, and I needed to open the ports there as well. The command I’m running my container with, just in case someone finds it useful:

docker run -td -p 24700-24750:24700-24750/udp --cap-add=NET_ADMIN --cpus=1.5 -m 800m --name safe safedebian:latest

I’m also capping the number of cpus to 1.5 (Raspberry pi 4 has 4 cpus), and the memory to 800 MB (from 8 gigs). The image I’m using is based on Debian (I will try to move to something based on openSUSE soon), this is the docker file:

~> $ cat docker/safe/Dockerfile 
# Using official debian image as a parent image
FROM debian:latest

# Setting the working directory to /root
# Probably not needed
WORKDIR /root

# Copy the needed script into the container at /root
COPY safescript.sh /root

# Set timezone
RUN ln -sf /usr/share/zoneinfo/Europe/Madrid /etc/localtime

# Getting the updates for Debian installing dependencies and doing cleanup afterwards
RUN apt-get -y update && apt-get install -y vim whiptail curl wget which sudo ufw build-essential psmisc procps iproute2 && apt-get clean

# Install Rust
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y

# Set path for Rust and custom tools
ENV PATH=":${PATH}:/root/.cargo/bin:/root/.local/bin"

# Install vdash
RUN cargo install vdash

# Enable ufw
#RUN ufw enable

# Run safescript.sh when the container launches
#CMD ["bash", "safescript.sh"]

1. Home router.
2. 12000
3. 12000
4. nohup safenode --port=12000 &
5. I previously did separate settings on my router for each node with their own external and internal ports: 12001, 12002, 12003 etc. Now I have some of them left, but also one setting with a range 12004 - 12030, for external and internal.
6. Yes it works, though my router doesn’t tolerate many connections very well. But it is not about this.
7. I have set my home WiFi to have static local IP’s so that the laptops I use for testing always have the same IP (called internal host, in my router’s settings). Also for the port forwarding on my router, I set the external host to be any, which is done with * symbol.

1. 200/200 Mbit home connection, public IP via 1:1 NAT (I get 10.x.x.x address on WAN)
2. 12000-14000
3. 12000-14000
4. For every machine I use something like this:

for i in  {0..49}
do 
	port=$((12300 + i))
	nohup safenode --ip=192.168.12.25 --port=$port --max_log_files=50 --max_archived_log_files=0&
        sleep 600
        
done

5. I change number of nodes to run
6. Works fine, 70k connections eats only 20 % of CPU on Mikrotik hAP ax² router
7. Firewall and port forwarding on router, set DHCP to keep same addresses for computers in LAN

This to check if nodes are earning:

cd .local/share/safe/node/
for i in *; do  safe wallet balance --peer-id=$i | grep "balance"; done

In the next day or two I will attempt to make a generic list of points one must achieve to successfully do a port forwarded setup. There maybe others who will add to the points above.

[EDIT] And i am running later. If anyone else wants too do it then I will put it into the OP

I created a share on my FRITZ!Box router, it was a breeze to create the port share. I just added a UDP share for one port (45000 in this case) and then launched a safenode with that port (for BbbbBadNet):

safenode --port 45000

I installed vdash to confirm too:

Screenshot from 2024-03-21 09-41-511414×778 59.7 KB

(ofc, this assumes the above is running as expected… given there are rewards happening, I’m assuming so!)

(The sleep 2 should be on a separate line there. This script starts all but the first node 2s delayed.)

i fear big brother has preempted my plans…
my attempts to navigate to my router redirect me to Optimum.net
with some digging, i find their “manage my router” and then “set up port forwarding”
they gave me a list of every device on the LAN, none of which were the router itself
i selected my #1 Pi and set internal and external to the suggested 12000 TCP/UDP
will go back in right now and see if the single box for port will let me do 12000-12050
any experience with this NOT working? i have a #2 Pi also, but it disallowed me using the same 12000 port. so the port for the #2 Pi could be 12050-12099, yes?

i have a #2 Pi also, but it disallowed me using the same 12000 port. so the port for the #2 Pi could be 12050-12099, yes?

Yes, you definitely have to have a different port or range for another device.

my attempts to navigate to my router redirect me to Optimum.net
with some digging, i find their “manage my router” and then “set up port forwarding”

Ouch! Yes, it sounds like your ISP has control of the router and is very kindly giving you a page on the internet that you can manage it from. In one way that is good because you can administer it while away from home.

Maybe consider getting your own router and then you have proper control over the settings and know that it can’t be messed up either accidentally or on a whim by the ISP. You’d have to either transfer the credentials for your connection to it from the old router or ask the ISP for them. They might make a fuss about needing people to use the supplied equipment but I think they will eventually supply them. You’d be on your own for setting it up. But there will be guides on the internet or you might be able to get help here. And it would be possible to set it up with a VPN so you can administer it remotely as well and connect to your computers while you are away.

yes
or as I have had it in the past

BigboxPC 12000-12000
Pi1 13000-13050
Pi2 14000-14050

just to keep it all separate

Just so I am sure and its clearer. Doesn’t each node node only use one port and has to be unique? Then each computer will have a range of ports to allow multiple nodes on that port?

Did you get your PC’s IP address and change the last octave to 1
For me with an example if my computer’s IP address was 192.168.2.34, I would try 192.168.2.1 to access the router.

yes IIRC I had something like
80 nodes running on BigBox 10.0.0.100 ports 12000-12079
10 nodes on Pi1 10.0.0.201 ports 13000-13009
10 nodes on Pi2 10.0.0.201 ports 14000-14009

then nodes from home stopped working…

I should set up the Pis again cos i can run nodes from home OK now

oh yes. i’m actually accustomed to owning my equipment which is how i naturally tried 192.168.1.1 cuz that’s always been my router.
i’m a bit creeped out by the auto redirect to the mothership bc optimum (owns or is owned or DBA suddenlink) is one part of a big, big thing called Altice. quite the opposite of decentralized anything and eerily deeply funded. they are laying gazillions of miles of cable in rural america, opening up broadband service to a phenomenal # of dsl/satellite customers. yes, just 4 short months ago i was rocking a SINGLE phone wire dsl connection. 2024. amazing.
anyhoo, big Altice feels a lot like big brother, and i’m wary of how they will treat any traffic flowing to/from any form of “little-guy-empowering” “decentralizing” “not-under-their-control” kind of operations.
thank you for the recs @storage_guy , i will surely pursue the VPN option when i get my own equipment here in a couple months.
actually, that reminds me of my follow up question regarding safety and security.
so, i just opened a hole in my firewall. am i to assume that the software i just dl and installed controls the traffic coming/going through this port and my system and network are still safe?

If by ‘the software’ you mean the Safenode and/or Safe Client then your system and network will be safe. MaidSafe is trustworthy and because the software they produce is open source it is verifiable by anyone with the skills. Not everyone has those skills (I certainly don’t) but a lot of people do and would start screaming if there were something in the code that was doing something dodgy. Things that are open source tend not to be malicious. They also tend not to have security holes because they know what they are doing is open for all to see.

There’s nothing to stop other software you have installed or might install also trying to use those ports and trying to see the contents of communication with the network but that’s another ballgame entirely. But which ports would they target? The ‘–home-network’ uses random ports. If you opt to not use that and do port forwarding you choose your own ports. It’s not like safe by default uses a known port(s) so something trying to see the communication would know what to target. Maybe someone could write something that scans for ports in use by Safe and tries to read traffic or send malicious traffic and get it installed on your computer but the point is that only node or client software that conforms to what it is supposed to do and has the keys should be able to communicate with the rest of the network. Otherwise it shouldn’t be able to.

Bottom line is that I wouldn’t worry about it because lots of other people are doing things to make it not a worry! Base level users like us can trust that the good guys know their stuff. Those with the skills will verify.