I’ve set
server.address: :28967
And kept
# contact.external-address: ""
commented out
It started working. Now I need to remove all of the unneeded rules added to ufw
2 Likes
That’s great news! I think all along (altering docker-compose, config.yml, firewall rules) you were 95% there… you were just a different 95% after every change 
. And just needed things to line up.
If you ever set up a node again… you shouldn’t need to touch config/config.yaml in the container - anything you need to tweak should be outside in docker-compose.
Congrats! Prepare to receive some high unvetted-node ingress for the next few weeks!
1 Like
I hope this will be helpful to future newbies of storj.
The only thing I’m concerned about is that this thread may contain some confidential information about my system.
Maybe @Alexey as a leader can do something about it
Yes. The portscanner tries to initiate a TCP connection with a SYN packet. Since TCP is end-to-end, the service on that port is who needs to accept the TCP connection. Everything inbetween just routes or filters. If the service behind the port sends back a SYN/ACK package (confirming the SYN request) we know that the port is open and a service is running and answering on that port.
There could be a RST package (“sorry, port’s closed”) returned instead. This way the scanner knows for sure the port is closed.
There could also be no answer at all. This could mean the router is configured to not answer with RST package on closed ports but drop packets instead. But could also mean firewall is dropping the packet, network is misconfigured, service is not running or many other possible causes.
Most portscanners default to TCP scan only since it’s highly unlikely to get an answer on UDP and they would either receive an unreachable error (port’s closed) or no answer at all (port’s open or not, who knows).
About confidential information I would get rid of all mentions of you dyndns and if you can’t change your public IP address then this too (don’t forget it is also in the first logs you posted).
Normally it would be just an IP address from many, but in combination with your alias which you are using on github as well some bad actor is just a quick google search away from getting your IP address in case they were targeting you as a person. (for whatever reason they might have)
At least nothing of it seems to be in the screenshots, so it should be an easy ctrl+f.
1 Like
@toyberg90 I appreciate your very detailed explanation. So bascically I’ll get answer “closed” if":
- received RST package
- no answer
and “open” if: - SYN/ACK package
Unfortunately I cannot remove/replace all of the ddns and WAN IP mentions, so I’m waiting for @Alexey or other super admin edits. Thanks.
1 Like
On online portscanners yes, they mosty differentiate just between port open or port not open (and call that closed).
If you’re running nmap yourself from outside the network there are other states like filtered or filtered|open, the tool is kinda taking an educated guess there.
But this would be way to detailed for this forum and nmap has a really good documentation where they also explain the technicalities, if you are ready to deep dive into this topic even more 
Yes, I can - You Shouldn’t Touch The config.yaml File If You Are Running a Docker Storagenode. 
You Should Modify Only docker run Command, Nothing Else, Especially - In a Config File, Related To Ports, unless you use a --network host option in your docker run command…
I believe I removed everything. Please check
Left here:
and
Thanks, cleaned these too.
And your reply
1 Like
I would like to ask on more thing to add more detail and clearance:
If I’d want to recreate the config.yml file from scratch, I’d need to use that docker command with flag SETUP from the docs? I mean this one:
docker run --rm -e SETUP="true" \
--user $(id -u):$(id -g) \
--mount type=bind,source="<identity-dir>",destination=/app/identity \
--mount type=bind,source="<storage-dir>",destination=/app/config \
--name storagenode storjlabs/storagenode:latest
at https://docs.storj.io/node/get-started/install-node-software/cli/storage-node
please NEVER run this command for a working node, you may destroy it!
This command should be executed ONCE for the new identity and never again.
However, if you want just re-create a config.ysml file, it’s fine, just specify a different storage directory (maybe in /tmp), but not your real storage directory. This command will create folders there and config.yaml.