Install guide is slightly incorrect for Windows

I think it would be a good idea to update the install guide:

1…) the “identity” is not called “identity_windows_amd64.exe” - its been changed to “identity.exe” but the docs has not been updated.

2.) If you “copy” any powershell commands (from the doc) it might copy the line numbers, from line 2. This was using IE (crappy browser but I’ve seen a number of users here using “Windows Server*” os.

3.) there are still no list available on the outgoing port requirements. As the node needs to accept inbound requests, forcing me to place the node in my DMZ. I want to specify the ports for outbound connections.

You should disable that ASAP, it’s not a good idea to expose everything on the server to the internet (especially Windows has some ports that history has proven should not be opened like SMB and RDP). You only need to port forward the storagenode port, which is by default 28967

Why do you think placing a node in DMZ would expose it to the internet? I know consumer routers can be a bit stupid but I’m using a Juniper SRX firewall and I can assure you the only inbound port that is open is 28967 - I’m talking about outbound, not inbound in my request for ports.

The entire point of having DMZ is having to not open ports it allowes every single port to be opened to that IP that you set to DMZ. You should never do this less your opening that to another Router on your network.

1 Like

DMZ is equivalent to port forwarding all ports. All outbound connection are allowed by default in almost any router, inbound connections need to be explicitly defined (“port forwarding”) because NAT

That is incorrect. Please read the consensus about DMZ

What no your misunderstanding what DMZ actually does. DMZ infacts opens every single port to the IP that you set to use DMZ. The IP that you set is now completely Open to the outside world you firewall on your router does nothing.

No its not.
Did you read the link I posted?
Did you read what @deathlessdd posted ?
Did you read that I’m using an enterprise firewall?
this is OT for this forum - my STORj node sits behind the firewall with only one port open, in the DMZ

I think @deathlessdd and I were talking about the “DMZ host” option in consumer routers, not a DMZ network. The wikipedia page you linked has a section on “DMZ host”.

There is no reason to place the node in a DMZ network unless you don’t trust the storagenode software. It does not attempt to access any devices on your LAN, and only accepts inbound requests on one port.

the documentation has already been updated to reflect the new naming of identity binaries:

Sorry no I didn’t see that you had an enterprise router I don’t know the names of certain brands that are enterprise or consumer.

You don’t speak nativity English yes? It’s good that my post made the doc update.

Most router manufacturers mean “exposed host” when they talk about DMZ, which is not the same.

No they don’t, show me one manufacturer that does

I think you meant to say ¨native English¨ rather than ¨nativity¨ English. In any case, I don´t know what that should have to do with updating the docs. We were already working on updating the docs before this thread started. We were just waiting for some reviews before publishing.

I’m not sure whether you meant me. You neither replied to nor quoted any post.

It’s the opposite, show me one consumer router with a real DMZ.

Just a quick search gave me this

The wikipedia page you linked earlier has a section on this:

Some home routers refer to a DMZ host , which—in many cases—is actually a misnomer. A home router DMZ host is a single address (e.g., IP address) on the internal network that has all traffic sent to it which is not otherwise forwarded to other LAN hosts.

In other words, the “DMZ” host has all ports exposed (unless a different port forwarding rule exists to a different IP address).

I found this setting in all four consumer routers I have owned

1 Like

And not only that, the exposed host is in the same network as all other pc’s. I don’t know who started calling it DMZ. I guess some marketing guy at a router manufacturer.

I can confirm that nearly every consumer router I’ve tingled with in the last 15 years has such an option and most of them name it “exposed host” to avoid confusion since “DMZ” clearly is just plain wrong.

Also @OP, move your storj server out of your DMZ-

1 Like