How can I connect public and private node through a reverse SSH tunnel? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node

Lagrange four-squares theorem --- deterministic complexity

What would you call this weird metallic apparatus that allows you to lift people?

Most bit efficient text communication method?

Why does 14 CFR have skipped subparts in my ASA 2019 FAR/AIM book?

Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode

Crossing US/Canada Border for less than 24 hours

Why are my pictures showing a dark band on one edge?

Significance of Cersei's obsession with elephants?

Is multiple magic items in one inherently imbalanced?

Does "shooting for effect" have contradictory meanings in different areas?

Is CEO the "profession" with the most psychopaths?

Drawing spherical mirrors

Random body shuffle every night—can we still function?

Why weren't discrete x86 CPUs ever used in game hardware?

How does the math work when buying airline miles?

What does this say in Elvish?

How often does castling occur in grandmaster games?

Why do early math courses focus on the cross sections of a cone and not on other 3D objects?

What does 丫 mean? 丫是什么意思?

A letter with no particular backstory

Google .dev domain strangely redirects to https

How does Belgium enforce obligatory attendance in elections?

Karn the great creator - 'card from outside the game' in sealed

Do I really need to have a message in a novel to appeal to readers?



How can I connect public and private node through a reverse SSH tunnel?



Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node










6















I have set up my baker with:



  • a public non-baking node with public IP, let's call it "A.A.A.A"

  • a private baking node without public IP

To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



Additionally, I have tried adding different trust entries like:




  • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


  • ./tezos-admin-client trust address A.A.A.A:9732 on private node


  • ./tezos-admin-client trust peer idxxxxxx on both private and public node

All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



What can I do or check to get closer to connecting my nodes?






node p2p







share|improve this question




























    6















    I have set up my baker with:



    • a public non-baking node with public IP, let's call it "A.A.A.A"

    • a private baking node without public IP

    To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



    I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



    And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



    Additionally, I have tried adding different trust entries like:




    • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


    • ./tezos-admin-client trust address A.A.A.A:9732 on private node


    • ./tezos-admin-client trust peer idxxxxxx on both private and public node

    All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



    What can I do or check to get closer to connecting my nodes?






    node p2p







    share|improve this question


























      6












      6








      6


      1






      I have set up my baker with:



      • a public non-baking node with public IP, let's call it "A.A.A.A"

      • a private baking node without public IP

      To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



      I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



      And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



      Additionally, I have tried adding different trust entries like:




      • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


      • ./tezos-admin-client trust address A.A.A.A:9732 on private node


      • ./tezos-admin-client trust peer idxxxxxx on both private and public node

      All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



      What can I do or check to get closer to connecting my nodes?






      node p2p







      share|improve this question
















      I have set up my baker with:



      • a public non-baking node with public IP, let's call it "A.A.A.A"

      • a private baking node without public IP

      To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



      I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



      And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



      Additionally, I have tried adding different trust entries like:




      • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


      • ./tezos-admin-client trust address A.A.A.A:9732 on private node


      • ./tezos-admin-client trust peer idxxxxxx on both private and public node

      All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



      What can I do or check to get closer to connecting my nodes?






      node p2p




      node p2p






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 11 at 14:11







      Svante

















      asked Apr 11 at 12:59









      SvanteSvante

      42910




      42910




















          1 Answer
          1






          active

          oldest

          votes


















          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "698"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06















          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06













          6












          6








          6







          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer













          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 11 at 14:00









          Bo ByrdBo Byrd

          3705




          3705







          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06












          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06







          1




          1





          Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

          – Svante
          Apr 11 at 14:06





          Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

          – Svante
          Apr 11 at 14:06

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Tezos Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          រឿង រ៉ូមេអូ និង ហ្ស៊ុយលីយេ សង្ខេបរឿង តួអង្គ បញ្ជីណែនាំ

          Image
          វីលាម សេកស្ពៀររឿង ទុំទាវ (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)nu003Ca rel="nofollow" class="external text" href="https://twitter.com/KhmerWikipedia"u003ETwitteru003C/au003E ()); រឿង រ៉ូមេអូ និង ហ្ស៊ុយលីយេ ដោយវិគីភីឌា Jump to navigation Jump to search រ៉ូមេអូ និង ហ្ស៊ុយលីយេ (Romeo and Juliet) ជារឿងប្រលោមលោកមនោសញ្ចេតនាមួយ ដែលនិពន្ធតដោយ លោកវីលាម សេកស្ពៀរ ។​ រឿងនេះ ជាប្រលោមលោកស្នេហា ដ៏កំសត់ និង មានលក្ខណៈស្រដៀងនឹង រឿង ទុំទាវ របស់ព្រះភិក្ខុសោម។ រឿងនេះ ត្រូវបានរាប់ចូលជា អក្សរសីល្ប៍ខ្មែរ យូរមកហើយ ហើយនៅតែជារឿងពេញនិយមដល់បច្ចុប្បន្ន។ សង្ខេបរឿង រឿងនេះស្ថិតនៅក្នុងក្រុង វីរ៉ូណា (Verona) ប្រទេសអ៊ីតាលី។ ចាប់ផ្ដើមឡើងដោយជំលោះគ្រួសារ ម៉ុង់តាហ្គោ (Montague) និង កាប់ពុយឡែត (Capulet) ។ ជំលោះគ្រួសារទាំងពីមិនដឹងជាកើតឡើងពីពេលណាទេ។ រ៉ូមេអូ ជាកូនក្នុងគ្រួសារ ម៉ង់តាហ្គោ បានស្រលាញ់ រ៉ូសាលីន (Rosaline) តែនាងមិនស្រលាញ់វិញ។ ហ្ស៊ុយលីយេ ជាកូនស្រីអាយុ ១៣ ឆ្នាំរបស់គ្រួសារ កាពុយឡែត។ ឪពុកម្ដាយរបស់
          Read more

          Crop image to path created in TikZ? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Crop an inserted image?TikZ pictures does not appear in posterImage behind and beyond crop marks?Tikz picture as large as possible on A4 PageTransparency vs image compression dilemmaHow to crop background from image automatically?Image does not cropTikzexternal capturing crop marks when externalizing pgfplots?How to include image path that contains a dollar signCrop image with left size given

          Image
          Is it possible to boil a liquid by just mixing many immiscible liquids together? Why is there no army of Iron-Mans in the MCU? New Order #5: where Fibonacci and Beatty meet at Wythoff Fishing simulator Is there a canonical way to handle JSON data format changes? Why use gamma over alpha radiation? When to stop saving and start investing? How to select CMU Sans Serif Bold in XeTeX? Estimate capacitor parameters How to pronounce "criar"? If A makes B more likely then B makes A more likely" What do you call a plan that's an alternative plan in case your initial plan fails? Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system? Are my PIs rude or am I just being too sensitive? Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast? Are Luton Airport to London National Express transfer hours fixed according to my reservation? How wi
          Read more

          QGIS export composer to PDF scale the map [closed] Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Print Composer QGIS 2.6, how to export image?QGIS 2.8.1 print composer won't export all OpenCycleMap base layer tilesSave Print/Map QGIS composer view as PNG/PDF using Python (without changing anything in visible layout)?Export QGIS Print Composer PDF with searchable text labelsQGIS Print Composer does not change from landscape to portrait orientation?How can I avoid map size and scale changes in print composer?Fuzzy PDF export in QGIS running on macSierra OSExport the legend into its 100% size using Print ComposerScale-dependent rendering in QGIS PDF output

          Image
          Project Euler #1 in C++ How can I prevent/balance waiting and turtling as a response to cooldown mechanics I got rid of Mac OSX and replaced it with linux but now I can't change it back to OSX or windows How to ask rejected full-time candidates to apply to teach individual courses? Why is it faster to reheat something than it is to cook it? The Nth Gryphon Number Co-worker has annoying ringtone Why weren't discrete x86 CPUs ever used in game hardware? How many time has Arya actually used Needle? Random body shuffle every night—can we still function? GDP with Intermediate Production malloc in main() or malloc in another function: allocating memory for a struct and its members My mentor says to set image to Fine instead of RAW — how is this different from JPG? Simple HTTP Server The test team as an enemy of development? And how can this be avoided? Did Mueller's report provide an evidentiary basis for the claim of Russian govt election interferen
          Read more