How can I connect public and private node through a reverse SSH tunnel? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node
Lagrange four-squares theorem --- deterministic complexity
What would you call this weird metallic apparatus that allows you to lift people?
Most bit efficient text communication method?
Why does 14 CFR have skipped subparts in my ASA 2019 FAR/AIM book?
Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode
Crossing US/Canada Border for less than 24 hours
Why are my pictures showing a dark band on one edge?
Significance of Cersei's obsession with elephants?
Is multiple magic items in one inherently imbalanced?
Does "shooting for effect" have contradictory meanings in different areas?
Is CEO the "profession" with the most psychopaths?
Drawing spherical mirrors
Random body shuffle every night—can we still function?
Why weren't discrete x86 CPUs ever used in game hardware?
How does the math work when buying airline miles?
What does this say in Elvish?
How often does castling occur in grandmaster games?
Why do early math courses focus on the cross sections of a cone and not on other 3D objects?
What does 丫 mean? 丫是什么意思?
A letter with no particular backstory
Google .dev domain strangely redirects to https
How does Belgium enforce obligatory attendance in elections?
Karn the great creator - 'card from outside the game' in sealed
Do I really need to have a message in a novel to appeal to readers?
How can I connect public and private node through a reverse SSH tunnel?
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node
I have set up my baker with:
- a public non-baking node with public IP, let's call it "A.A.A.A"
- a private baking node without public IP
To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.
I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A
And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732
Additionally, I have tried adding different trust entries like:
./tezos-admin-client trust address 127.0.0.1:19732on public node./tezos-admin-client trust address A.A.A.A:9732on private node./tezos-admin-client trust peer idxxxxxxon both private and public node
All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.
What can I do or check to get closer to connecting my nodes?
node p2p
asked Apr 11 at 12:59
SvanteSvante
42910
add a comment |
I have set up my baker with:
- a public non-baking node with public IP, let's call it "A.A.A.A"
- a private baking node without public IP
To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.
I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A
And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732
Additionally, I have tried adding different trust entries like:
./tezos-admin-client trust address 127.0.0.1:19732on public node./tezos-admin-client trust address A.A.A.A:9732on private node./tezos-admin-client trust peer idxxxxxxon both private and public node
All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.
What can I do or check to get closer to connecting my nodes?
node p2p
asked Apr 11 at 12:59
SvanteSvante
42910
add a comment |
I have set up my baker with:
- a public non-baking node with public IP, let's call it "A.A.A.A"
- a private baking node without public IP
To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.
I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A
And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732
Additionally, I have tried adding different trust entries like:
./tezos-admin-client trust address 127.0.0.1:19732on public node./tezos-admin-client trust address A.A.A.A:9732on private node./tezos-admin-client trust peer idxxxxxxon both private and public node
All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.
What can I do or check to get closer to connecting my nodes?
node p2p
asked Apr 11 at 12:59
SvanteSvante
42910
I have set up my baker with:
- a public non-baking node with public IP, let's call it "A.A.A.A"
- a private baking node without public IP
To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.
I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A
And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732
Additionally, I have tried adding different trust entries like:
./tezos-admin-client trust address 127.0.0.1:19732on public node./tezos-admin-client trust address A.A.A.A:9732on private node./tezos-admin-client trust peer idxxxxxxon both private and public node
All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.
What can I do or check to get closer to connecting my nodes?
node p2p
node p2p
asked Apr 11 at 12:59
SvanteSvante
42910
asked Apr 11 at 12:59
SvanteSvante
42910
edited Apr 11 at 14:11
Svante
asked Apr 11 at 12:59
SvanteSvante
42910
asked Apr 11 at 12:59
SvanteSvante
42910
asked Apr 11 at 12:59
SvanteSvante
42910
42910
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
1
Holy smokes, you where right! Doing asudo ufw allow out from anyand connecting from the private node solved it.
– Svante
Apr 11 at 14:06
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "698"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
1
Holy smokes, you where right! Doing asudo ufw allow out from anyand connecting from the private node solved it.
– Svante
Apr 11 at 14:06
add a comment |
I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
1
Holy smokes, you where right! Doing asudo ufw allow out from anyand connecting from the private node solved it.
– Svante
Apr 11 at 14:06
add a comment |
I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
answered Apr 11 at 14:00
Bo ByrdBo Byrd
3705
3705
1
Holy smokes, you where right! Doing asudo ufw allow out from anyand connecting from the private node solved it.
– Svante
Apr 11 at 14:06
add a comment |
1
Holy smokes, you where right! Doing asudo ufw allow out from anyand connecting from the private node solved it.
– Svante
Apr 11 at 14:06
1
1
Holy smokes, you where right! Doing a
sudo ufw allow out from any and connecting from the private node solved it.– Svante
Apr 11 at 14:06
Holy smokes, you where right! Doing a
sudo ufw allow out from any and connecting from the private node solved it.– Svante
Apr 11 at 14:06
add a comment |
Thanks for contributing an answer to Tezos Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
