How can I connect public and private node through a reverse SSH tunnel? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node

Lagrange four-squares theorem --- deterministic complexity

What would you call this weird metallic apparatus that allows you to lift people?

Most bit efficient text communication method?

Why does 14 CFR have skipped subparts in my ASA 2019 FAR/AIM book?

Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode

Crossing US/Canada Border for less than 24 hours

Why are my pictures showing a dark band on one edge?

Significance of Cersei's obsession with elephants?

Is multiple magic items in one inherently imbalanced?

Does "shooting for effect" have contradictory meanings in different areas?

Is CEO the "profession" with the most psychopaths?

Drawing spherical mirrors

Random body shuffle every night—can we still function?

Why weren't discrete x86 CPUs ever used in game hardware?

How does the math work when buying airline miles?

What does this say in Elvish?

How often does castling occur in grandmaster games?

Why do early math courses focus on the cross sections of a cone and not on other 3D objects?

What does 丫 mean? 丫是什么意思?

A letter with no particular backstory

Google .dev domain strangely redirects to https

How does Belgium enforce obligatory attendance in elections?

Karn the great creator - 'card from outside the game' in sealed

Do I really need to have a message in a novel to appeal to readers?



How can I connect public and private node through a reverse SSH tunnel?



Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Private Node disconnects from public nodeWhat should I do about “connection from untrusted peer” reports from tezos-node?Error: Protocol not supported when trying to connect eztz-cli to tezos nodeBinding the node to any address, not just localhostHow do I remove the private mode setting from my node? My node is not connecting to peerDoes the baker, endorser and accuser have to run next to the same node?Run Alphanet and Mainnet on the same VPSExtremely slow node sync on alphanetNode re-connection problemsHow can I migrate my Tezos baking address to Ledger Nano?Run two nodes with same identity or migrate identity to a new node










6















I have set up my baker with:



  • a public non-baking node with public IP, let's call it "A.A.A.A"

  • a private baking node without public IP

To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



Additionally, I have tried adding different trust entries like:




  • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


  • ./tezos-admin-client trust address A.A.A.A:9732 on private node


  • ./tezos-admin-client trust peer idxxxxxx on both private and public node

All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



What can I do or check to get closer to connecting my nodes?










share|improve this question




























    6















    I have set up my baker with:



    • a public non-baking node with public IP, let's call it "A.A.A.A"

    • a private baking node without public IP

    To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



    I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



    And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



    Additionally, I have tried adding different trust entries like:




    • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


    • ./tezos-admin-client trust address A.A.A.A:9732 on private node


    • ./tezos-admin-client trust peer idxxxxxx on both private and public node

    All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



    What can I do or check to get closer to connecting my nodes?










    share|improve this question


























      6












      6








      6


      1






      I have set up my baker with:



      • a public non-baking node with public IP, let's call it "A.A.A.A"

      • a private baking node without public IP

      To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



      I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



      And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



      Additionally, I have tried adding different trust entries like:




      • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


      • ./tezos-admin-client trust address A.A.A.A:9732 on private node


      • ./tezos-admin-client trust peer idxxxxxx on both private and public node

      All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



      What can I do or check to get closer to connecting my nodes?










      share|improve this question
















      I have set up my baker with:



      • a public non-baking node with public IP, let's call it "A.A.A.A"

      • a private baking node without public IP

      To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.



      I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A



      And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732



      Additionally, I have tried adding different trust entries like:




      • ./tezos-admin-client trust address 127.0.0.1:19732 on public node


      • ./tezos-admin-client trust address A.A.A.A:9732 on private node


      • ./tezos-admin-client trust peer idxxxxxx on both private and public node

      All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.



      What can I do or check to get closer to connecting my nodes?







      node p2p






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 11 at 14:11







      Svante

















      asked Apr 11 at 12:59









      SvanteSvante

      42910




      42910




















          1 Answer
          1






          active

          oldest

          votes


















          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "698"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06















          6














          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer


















          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06













          6












          6








          6







          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.






          share|improve this answer













          I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 11 at 14:00









          Bo ByrdBo Byrd

          3705




          3705







          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06












          • 1





            Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

            – Svante
            Apr 11 at 14:06







          1




          1





          Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

          – Svante
          Apr 11 at 14:06





          Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.

          – Svante
          Apr 11 at 14:06

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Tezos Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          រឿង រ៉ូមេអូ និង ហ្ស៊ុយលីយេ សង្ខេបរឿង តួអង្គ បញ្ជីណែនាំ

          Crop image to path created in TikZ? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Crop an inserted image?TikZ pictures does not appear in posterImage behind and beyond crop marks?Tikz picture as large as possible on A4 PageTransparency vs image compression dilemmaHow to crop background from image automatically?Image does not cropTikzexternal capturing crop marks when externalizing pgfplots?How to include image path that contains a dollar signCrop image with left size given

          Romeo and Juliet ContentsCharactersSynopsisSourcesDate and textThemes and motifsCriticism and interpretationLegacyScene by sceneSee alsoNotes and referencesSourcesExternal linksNavigation menu"Consumer Price Index (estimate) 1800–"10.2307/28710160037-3222287101610.1093/res/II.5.31910.2307/45967845967810.2307/2869925286992510.1525/jams.1982.35.3.03a00050"Dada Masilo: South African dancer who breaks the rules"10.1093/res/os-XV.57.1610.2307/28680942868094"Sweet Sorrow: Mann-Korman's Romeo and Juliet Closes Sept. 5 at MN's Ordway"the original10.2307/45957745957710.1017/CCOL0521570476.009"Ram Leela box office collections hit massive Rs 100 crore, pulverises prediction"Archived"Broadway Revival of Romeo and Juliet, Starring Orlando Bloom and Condola Rashad, Will Close Dec. 8"Archived10.1075/jhp.7.1.04hon"Wherefore art thou, Romeo? To make us laugh at Navy Pier"the original10.1093/gmo/9781561592630.article.O006772"Ram-leela Review Roundup: Critics Hail Film as Best Adaptation of Romeo and Juliet"Archived10.2307/31946310047-77293194631"Romeo and Juliet get Twitter treatment""Juliet's Nurse by Lois Leveen""Romeo and Juliet: Orlando Bloom's Broadway Debut Released in Theaters for Valentine's Day"Archived"Romeo and Juliet Has No Balcony"10.1093/gmo/9781561592630.article.O00778110.2307/2867423286742310.1076/enst.82.2.115.959510.1080/00138380601042675"A plague o' both your houses: error in GCSE exam paper forces apology""Juliet of the Five O'Clock Shadow, and Other Wonders"10.2307/33912430027-4321339124310.2307/28487440038-7134284874410.2307/29123140149-661129123144728341M"Weekender Guide: Shakespeare on The Drive""balcony"UK public library membership"romeo"UK public library membership10.1017/CCOL9780521844291"Post-Zionist Critique on Israel and the Palestinians Part III: Popular Culture"10.2307/25379071533-86140377-919X2537907"Capulets and Montagues: UK exam board admit mixing names up in Romeo and Juliet paper"Istoria Novellamente Ritrovata di Due Nobili Amanti2027/mdp.390150822329610820-750X"GCSE exam error: Board accidentally rewrites Shakespeare"10.2307/29176390149-66112917639"Exam board apologises after error in English GCSE paper which confused characters in Shakespeare's Romeo and Juliet""From Mariotto and Ganozza to Romeo and Guilietta: Metamorphoses of a Renaissance Tale"10.2307/37323537323510.2307/2867455286745510.2307/28678912867891"10 Questions for Taylor Swift"10.2307/28680922868092"Haymarket Theatre""The Zeffirelli Way: Revealing Talk by Florentine Director""Michael Smuin: 1938-2007 / Prolific dance director had showy career"The Life and Art of Edwin BoothRomeo and JulietRomeo and JulietRomeo and JulietRomeo and JulietEasy Read Romeo and JulietRomeo and Julieteeecb12003684p(data)4099369-3n8211610759dbe00d-a9e2-41a3-b2c1-977dd692899302814385X313670221313670221