[Solved] Need help forwarding port through two routers


So I have successfully installed my SN on a dedicated Win10x64Pro Pc. The dashboard is accessible, but show offline. I have read and followed the info on how to set up port forwarding, so the Windows firewall should be good to go. However, our LAN is behind two routers:

ZTE612 fibre access point, which is a NAT router and DHCP server. This is owned by the ISP, but I do have access to it and set up port forwarding to my Linksys X3000 wifi router’s WAN IP. On this I have set up forwarding to the PC. The X3000 is my gateway and DHCP server. The PC has a reserved DHCP address. When I run the port forwarding tester it shows the port as closed. Debug logging on the ZTE shows nothing, but I don’t know whether that might be normal behaviour. The incoming connections log on the X3000 shows nothing incoming at all.

The physical layout: WAN - FON - X3000 - LAN

I tried turning off firewalls on PC and X3000, but no change. I also cannot access the dashboard from my laptop, which is strange, as I had a Burstcoin miner running on it and never had a problem getting to its web page. I also set up an incoming firewall rule on the SN PC for TCP port 14002 and turned off the firewall on the laptop. With the firewall on I get timeout, with fw off I get “connection refused”.

I have used these as guides:

I have considered making the ZTE our gateway, but I am worried that one day the ISP will replace it and then I will have a bigger problem.

One thing appears strange to me: the IP address that the ZTE shows as being its public address does not correspond to what online tools show as my public address.

Thanks for any help people can provide here.

This means you’re behind a CGNAT. ISPs use this to deal with the limited supply of IPv4 addresses and it sucks if you want to run your own server.

ISPs are often surprisingly open to changing this for customers who need a public IP, so it’s worth giving them a call and just asking for a public IP. If that doesn’t work out you can use a vpn that supports port forwarding. This is less ideal as it will add latency to the connection.

By default the dashboard is only available on the node machine itself. You can change this by editing the config.yaml and removing the IP address from the console.address.

It should look like this.

# server address of the api gateway and frontend app
console.address: :14002
1 Like


Ahhh, the sweet feeling of success after days of headbanging.

We called the telco’s local office and they had no idea what we were talking about. My wife had to do the talking, because I don’t speak Thai, which made it harder still. In the end they said I could have a fixed IP - for a charge. I tried to tell them it could be dynamic, just visible from the outside. No understand.

Called the call centre. I could tell the operator,too, had no idea what I was talking about, until I mentioned that I wanted to access my IP cam. That was his AHA! moment. :smiley:

Result: fixed IP, no charge, apparently. Actioned immediately! Full marks.

Thanks to them and @BrightSilence the dashboard is up on my laptop and there is already data coming in. Strangely, it also shows repair data. That’s confusing. If I’m not storing any data yet, how can there be repair data? No matter, I’m sure it’s all good now.

Thank you, BrightSilence!



That is clever! Much better than trying to explain Storj to ISP support. I’ll keep this tip in mind if someone else runs into CGNAT issues.

This is actually your node receiving pieces from a repair action on the network (PUT_REPAIR). If piece availability drops below a repair threshold, the satellite recreates missing pieces and puts them on other nodes. You’re seeing the benefit of that. It’s completely normal and in fact good for your node.

Later on you may see GET_REPAIR as well, this means the satellite is downloading the piece on your node to repair it because other nodes with pieces of the same segment have lost them. Just like PUT_REPAIR, this doesn’t mean your node is having any issues, it means your node is helping out with repairing data lost by other nodes. In case of GET_REPAIR you even get paid for that download traffic.

Anyway, welcome on board!


Thanks for the explanation. I understand the repair basics. I just assumed that a new node that is unvetted would not get such traffic, esp. seeing that I have passed only 33-40% of uptime checks.

Can I see which satellite the traffic is coming from?

You can select different satellites in the web dashboard. With a mouseover you can see what part of traffic is repair.

Whether repair or upload traffic, your node gets a small share, even while it’s not yet vetted. It doesn’t really matter how pieces end up on your node, what matters is that not too many pieces of a segment are on unvetted nodes. This is guaranteed by only sending around 5% of traffic to new nodes.

1 Like

It turns out this was not the end of the story. This morning our connection went down. ISP made me reboot the FON and after that our address was changed. I don’t know what happened to our fixed address, but I suspect that there is a charge for this service and so a boss decided to turn it off again - without telling us. We now have a dynamic address, but accessible from outside, so all good in the end.

As the expats say: TiT (This is Thailand).

I don’t think you ever got a fixed IP. Very few ISPs offer that, though I have been surprised to learn that many ISPs are willing to offer public IP’s to customers who were put behind a CGNAT. They probably just misspoke when they said fixed IP and instead meant a public IP. Either way, with DDNS set up you can easily work around a dynamic IP anyway, so this will do.

I agree. Though, some ISPs do effectively fixed IPs, meaning they don’t declare it fixed, but change only rarely—rarely enough that customers may think it’s fixed. For example, my family’s ISP, a small local company in a city with saturated market and declining population, had not changed the IP assigned to their router for ten years.

Easy mistake to think it is actually fixed.

1 Like

I hear what you are saying, but the operator used the word fixed, she made me write down the address and repeat it back and my request for a dynamic address accessible from the outside was not understood. On top of that, our connection went down and only a FON reboot fixed it.

We will never know what went on behind the scenes, but TiT: somebody makes a decision, boss says you can’t do that without charging, so it gets undone without any further action. Prevent loss of face at any cost (people kill for that).

Having said all that, it may well have been the dynamic address I asked for from the start. :smiley:

Just one more question: what happens after one month, when my NO-IP host needs renewing? Will I get an email, click a link, log in and re-create it? They didn’t mention that.

Thank you to all,

… confirm that it is still active.

1 Like