Running the node on a server inside with private IP, forwarded and NAT-ted port 11420 to this machine on the router. The gateway server is completely running outside with only a public IP. Firewalls are setup correctly. Both ports 11420 and 22840 are open on the node server, only 11420 is reachable from outside and on the gateway both ports are open.
Can see the connection in the gateway log to port 11420 of the node gateway-logs/gateway.log sometimes I can see connection errors to the public IP address of the node: Connecting to xxx.xxx.xxx.xxx:11420. Attempt number 2 of 2147483647 etc… but not for long, some real stuff is going on…
Inside the node server, where serious stuff is going on, I get the same connection errors sometimes in the log node-logs/node.log, which is obvious as it tries to connect to its own public IP address, but this machine does not have a direct public address.
Is it possible somehow to set the working IP address of the node server to its private IP, so these errors won’t happen on the node, the gateway can connect to this machine on port 11420, this is enough or not?
sudo iptables -t nat -A OUTPUT -p tcp -d <your-public-ip>/32 --dport 11420 -j DNAT --to-destination 127.0.0.1:11420
sudo apt-get install iptables-persistent
to setup iptables to allow connections to the public address from inside lan and fix the issue.
thanks, implemented it, the node server is in “WAITING position” now so nothing happening to check if the errors are gone. Communication is established.
Please tell me if you are running the node and the gateway from the same machine.
I am running mine from the same machine, node + gateway, read your post and after i thought to apply what @alexdupre wrote : "sudo iptables -t nat -A OUTPUT -p tcp -d /32 --dport 11420 -j DNAT --to-destination 127.0.0.1:11420
sudo apt-get install iptables-persistent "
After that, when i reboot i noticed that the netfilter-persistent service is FAILED on Boot sequence.
I check status, is “Failed”, and then restart the service with “sudo systemctl restart netfilter-persistent.service”
Now the service is Active agatin, but when i reboot, the service is still “FAILED”.
I have checked the /etc/iptables/rules.v4 file and the modifications are added there - BUT i am not sure if i needed to run this command from start :(sudo iptables -t nat -A OUTPUT -p tcp -d /32 --dport 11420 -j DNAT --to-destination 127.0.0.1:11420)
Can i restore my old configuration ? i don’t know for sure what was in the rules.v4 file.
Here is my content now in the rules.v4
: POSTROUTING ACCEPT [15:1023]
-A OUTPUT -d /32 -p -tcp --dport 11420
What was here before ? my private ip from (ip addr) or 0.0.0.0 ?
Hi, running the gateway on a separate VPS Server outside of LAN of the node.
I guess the rules weren’t there at all before you installed the iptables-persistent package, using ufw and later adding iptables-persistent. In my gateway server no iptables directory exists because this package is not installed
Yes, the rules weren’t there in the first place.
I solved the problem by uninstalling the iptables-persistent using “sudo apt-get remove --auto-remove iptables-persistent” and then “sudo apt-get remove --purge iptables-persistent”.