i don’t think thats an issue on your side… some connections just fails for various reasons.
if it shows up a lot i would look at it… but else it is most likely irrelevant…
my firewall is pretty strict and i got no issues.
Thought the same, but what’s with port 47377? My firewall does not allow using it. Maybe that’s why I see this in the log. Are there other “secret” ports we should open for the storage node to function properly?
not that i’m aware off, looks like its an outgoing packet so really your firewall should just allow it.
i just run a slightly modified version of pfsense… and all i had to do was setup the NAT for the storagenode port on UDP and TCP.
i think pfsense default blocks local traffic from going out and blocks all ingoing that not replying to opened connections and then it allows most outgoing online stuff from the network, which software then can use to keep connections open to await reply’s and thus have two way communication, even when “everything is blocked”.
setting up a 100% custom firewall is pretty tricky and pretty much unrequired today, as there are plenty of good easy solutions to use like pfsense.
personally i wouldn’t even try to make my own firewall from scratch, because i think it would be less secure, more difficult to use and cause a ton of problems.
i think you are fine… just enjoy that it’s working now lol
like i stated i believe that is the common praxis for most firewalls today, even on an enterprise level, ofc which pfsense is one of the major open source providers.
one will need two way communication over many ports for most modern services, and to avoid people being able to affect ones network, its controlled by the internal network requesting using the port, opening a connection which is then allowed to be answered over that same port number, maybe from specific online addresses…
the nitty gritty of it all gets very advanced which is why i doubt making ones own firewall is a viable option… ofc it is very secure if most stuff doesn’t work.
until hit by something that one didn’t anticipate, the it might be more flawed than the standards of the industry.
your computer would also be much more secure if the OS disk was read only and upon reboot everything resets, but thats not really very viable.
If you run storagenode on the Enterprise server with a lot of employers behind it - you probably need to block outgoing connections for unknown ports, but this is the end for the storagenode, because it’s a p2p software, it’s designed to use not static ports.
You can use literally any.
So, if you would start to block outgoing connections, your download rate will go to zero. With a high probability your node will be considered as offline by the satellites too (because they will not receive responses on audit requests) and sooner or later it will be disqualified.
If you want to run storagenode - do not block any outgoing connections from the storagenode, you should allow only one port for inbound connections - the node’s port, all remained may be blocked.