Mdthbs

Button changing its text & action. Good or terrible?

Is Cinnamon a desktop environment or a window manager? (Or both?)

Is it okay to consider publishing in my first year of PhD?

Will it cause any balance problems to have PCs level up and gain the benefits of a long rest mid-fight?

Why can't wing-mounted spoilers be used to steepen approaches?

What does もの mean in this sentence?

How do PCB vias affect signal quality?

A female thief is not sold to make restitution -- so what happens instead?

Variable with quotation marks "$()"

How can I have a shield and a way of attacking with a ranged weapon at the same time?

Can there be female White Walkers?

How to type a long/em dash `—`

Why are there uneven bright areas in this photo of black hole?

How to support a colleague who finds meetings extremely tiring?

How to charge AirPods to keep battery healthy?

Worn-tile Scrabble

What do these terms in Caesar's Gallic Wars mean?

How do you keep chess fun when your opponent constantly beats you?

How to add class in ko template in magento2

Getting crown tickets for Statue of Liberty

What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?

Did Scotland spend $250,000 for the slogan "Welcome to Scotland"?

Output the Arecibo Message

Geography at the pixel level

How can I connect public and private node through a reverse SSH tunnel?

5

1

I have set up my baker with:

• a public non-baking node with public IP, let's call it "A.A.A.A"


• a private baking node without public IP

To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.

I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A

And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732

Additionally, I have tried adding different trust entries like:

• 
  ./tezos-admin-client trust address 127.0.0.1:19732 on public node


• 
  ./tezos-admin-client trust address A.A.A.A:9732 on private node


• 
  ./tezos-admin-client trust peer idxxxxxx on both private and public node

All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.

What can I do or check to get closer to connecting my nodes?

node p2p

share|improve this question

edited 16 hours ago

Svante

asked 17 hours ago

SvanteSvante

3809

add a comment | 

5

1

I have set up my baker with:

• a public non-baking node with public IP, let's call it "A.A.A.A"


• a private baking node without public IP

To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.

I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A

And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732

Additionally, I have tried adding different trust entries like:

• 
  ./tezos-admin-client trust address 127.0.0.1:19732 on public node


• 
  ./tezos-admin-client trust address A.A.A.A:9732 on private node


• 
  ./tezos-admin-client trust peer idxxxxxx on both private and public node

All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.

What can I do or check to get closer to connecting my nodes?

node p2p

share|improve this question

edited 16 hours ago

Svante

asked 17 hours ago

SvanteSvante

3809

add a comment | 

I have set up my baker with:

• a public non-baking node with public IP, let's call it "A.A.A.A"


• a private baking node without public IP

To lock down the private node (and also because it does not need a public IP), I have set up a reverse SSH tunnel for port 9732 from the private to the public node on 19732. Thus, the public node can connect to the private node via its own 127.0.0.1:19732, which forwards to the private nodes port 9732.

I'm running the private node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --private-mode --no-bootstrap-peers --bootstrap-threshold=1 --connections 1 --peer A.A.A.A

And I'm running the public node with: ./tezos-node run --rpc-addr 127.0.0.1:8732 --peer 127.0.0.1:19732

Additionally, I have tried adding different trust entries like:

• 
  ./tezos-admin-client trust address 127.0.0.1:19732 on public node


• 
  ./tezos-admin-client trust address A.A.A.A:9732 on private node


• 
  ./tezos-admin-client trust peer idxxxxxx on both private and public node

All I keep getting in the private nodes log is: p2p.connection-pool: [private node] incoming connection from untrused peer rejected! and the public node tries, but can never successfully connect to the private node or the other way around.

What can I do or check to get closer to connecting my nodes?

node p2p

share|improve this question

edited 16 hours ago

Svante

asked 17 hours ago

SvanteSvante

3809

share|improve this question

edited 16 hours ago

Svante

asked 17 hours ago

SvanteSvante

3809

share|improve this question

edited 16 hours ago

Svante

asked 17 hours ago

SvanteSvante

3809

asked 17 hours ago

SvanteSvante

3809

asked 17 hours ago

SvanteSvante

3809

1 Answer
1

active

oldest

votes

4

I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.

share|improve this answer

answered 16 hours ago

Bo ByrdBo Byrd

3505

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.
  
  – Svante
  16 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "698"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f1057%2fhow-can-i-connect-public-and-private-node-through-a-reverse-ssh-tunnel%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

4

I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.

share|improve this answer

answered 16 hours ago

Bo ByrdBo Byrd

3505

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.
  
  – Svante
  16 hours ago
  

  
  
  
  

add a comment | 

4

I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.

share|improve this answer

answered 16 hours ago

Bo ByrdBo Byrd

3505

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Holy smokes, you where right! Doing a sudo ufw allow out from any and connecting from the private node solved it.
  
  – Svante
  16 hours ago
  

  
  
  
  

add a comment | 

I had same exact situation. It seems that (and I did not see this documented anywhere) when using private mode, the private node must initiate the connection. In my case it was a firewall rule preventing the private node from establishing the connection, and after I permitted that everything worked great.

share|improve this answer

answered 16 hours ago

Bo ByrdBo Byrd

3505

share|improve this answer

answered 16 hours ago

Bo ByrdBo Byrd

3505

answered 16 hours ago

Bo ByrdBo Byrd

3505

answered 16 hours ago

Bo ByrdBo Byrd

3505