Error:
Error: segment error: ecclient error: successful puts (0) less than or equal to repair threshold (35); segment error: ecclient error: successful puts (0) less than or equal to repair threshold (35)
When uploading 1 GB file. Sometimes it seems to upload 64 MB but errors after that.
That looks like none of the uploads are succeeding. Strange. Could you turn on debug logging and write the log to a file, then try it again and post the log here?
Also, it looks like it won’t fail unless the number of successful uploads is below the repair threshold now! That’s good news.
Thanks for your help. Debug helped to figure out what was going on.
It seems that port 28967 was not open. I had followed the instructions but either missed the firewall instructions or they are not present.
Port 28967 for uplink? That sounds strange because that is the storagenode port.
Yes it is strange. But when I open it, it works, when I close it, it does not work.
Log shows connection failures to any node ip with closed port.
oh so it’s an outgoing firewall problem. Yeah that makes sense.
However, I’m wondering… As a storagenode operator I can set my port to something else than 28967 which I currently do on my 2nd and 3rd node. Doesn’t that mean you wouldn’t be able to upload anything to those 2 nodes?
Yes I wondered about that too. Currently it seems that I would not be able to connect to a storage node if it uses a different port.
Correct, you will risk not reaching the threshold and failing the entire upload if too many nodes don’t use the default port. You may also see a drop in performance. And after repair has been triggered pieces of your files could still end up on nodes that don’t use the default port. Long term this could also impact the retrievability of your file.
That’s not how it should be.
You shouldn’t be blocking outbound traffic from the uplink process on any port 
Or rather you should be allowing it for all ports.
I have tried multiple different settings now. My firewall requires permission for inbound and outbound traffic otherwise uploads to nodes fail. So to connect to all potentially available node ports I have to allow all incoming and all outgoing traffic on all ports. That’s basically the same like turning firewall off which obviously does not make sense.
That doesn’t make sense. I tried the gateway on a lxc container which has no open ports to the outside and it works fine. An inbound port rule should not be needed since no connection from the outside is created to your uplink/gateway.
My client is behind a NAT-Router and gateway where the firewall sits on.
So your router requires permissions to open outbound ports? Otherwise you can’t connect to e.g. example.com:8443 ?
That’d be a bit excessive… but of course more secure…
The firewall. Yes.
But for Storj it seems even worse as I need to allow incoming and outgoing traffic and I need to allow it on all ports as storj ist not exclusive bound to ports 7777 and 28967. I guess 7777 are the satellites. As node operators can potentially select any port for their service, I would need to open all of them.
So its the same like turning firewall off, which I won’t do.
No, you do not need any open port on inbound to use gateway/uplink. That’s why I presented my scenario. There are no open inbound ports.
But of course you’d need to allow all outbound ports to reach all storagenodes.
You absolutely do not need to open any inbound ports.
Let me restart/reset router and firewall and check again. Right now it wants an incoming rule. or it does not work.
So after resetting the router and reentering the firewall rule uploading is working with outbound rules only. I have no idea what was wrong. I haven’t tested downloading yet.
However still it requires all outbound ports to be open?
This leads to another question: By opening or closing ports I would be able to control to which nodes I upload to or download from? And on the other hand, the node operator could control if I am able to download my data by switching ports?
Let’s say I allow only outgoing default port when I upload. Then for whatever reason I have to block that port or some nodes holding my data switch to a different port, then what? To me this sounds that my data would become inaccessible then.
It would, but through nobodies fault but your own. And you can easily fix it by allowing the outbound ports. While there are some uses for blocking outbound traffic, they are usually rare and most useful when trying to control what software can talk to the outside. Because of that I would recommend whitelisting outbound traffic on all ports on a per process basis, though I’m not sure how to do that if the firewall is not on the same machine. You could of course allow outbound traffic for this machine on the router and run a local firewall to block outbound traffic except for the processes like uplink who require it.
But if you’re blocking all outbound traffic on any port you’re going to run into these problems a lot. Most software expects outbound traffic to be fine as it poses much less of a risk.