Opening all ports on my bitcoind server

[arnoudk]

I've made a small change to one of my bitcoind server's configuration, allowing the machine to serve bitcoin requests on all ports (except one!) for one IP address.

Normally, bitcoind will only listen on port 8333. But if you have a provider that blocks this port for whatever reason, or limits access to it somehow, most of the bitcoin network has become unreachable for you.

So this is a solution to those with restrictive firewalls - or if you have a fetish for sending data over random ports (could be fun for a provider trying to do some meta analysis on your data traffic!)

Feel free to test this. Please note though that I have temporarily blocked the bitnodes crawler from accessing the system, as I did not want to bloat the bitnodes overview pages with 65k hosts. I am not sure if it would have limited itself, but after 15 inclusions on the list for my system I decided to block it!

Feel free to try it out if you wish. You can add it to your bitcoind conf file as follows:
addnode=138.128.120.229:911

Or in the debug window as follows:
addnode 138.128.120.229:911 add

Or in the linux command line as follows:
bitcoin-cli addnode 138.128.120.229:911 add

(in place of 911, you can type ANY number between 1 and 65536.)

Let me know what you think!

[harrymmmm]

Good idea.

These days I think most ISP's have been forced to use deep packet inspection (to make p2p at least hard for people thus saving lots of bandwidth), so your idea works ... until they decide to look for bitcoin protocol packets.
We really need encrypted communications.

[creationlayer]

Good idea.

These days I think most ISP's have been forced to use deep packet inspection (to make p2p at least hard for people thus saving lots of bandwidth), so your idea works ... until they decide to look for bitcoin protocol packets.
We really need encrypted communications.

Tor is always an option, albeit you'd want to sync or torrent the bootstrap not on tor.

Have you guys had any luck running a node through a VPN? I'm curious how that looks.

[harrymmmm]

Good idea.

These days I think most ISP's have been forced to use deep packet inspection (to make p2p at least hard for people thus saving lots of bandwidth), so your idea works ... until they decide to look for bitcoin protocol packets.
We really need encrypted communications.

Tor is always an option, albeit you'd want to sync or torrent the bootstrap not on tor.

Have you guys had any luck running a node through a VPN? I'm curious how that looks.

Tor would be difficult. To be reachable by others, it would need to be running inside Tor as a service.

Like most (I think) home computers these days, mine doesn't have an internet facing network connection. There's a nasty ISP NAT, so no incoming connections work.
My VPS in the USA doesn't have the disk space to handle the blockchain, so I'm fkd as far as running a full node goes. Maybe I will pay for a cloud node one day.

In the past, I've tried running things like that thru a vpn to my vps. Difficult routing setup, and then when you get it working finally, something changes somewhere and you need to go thru it all again. PITA.

[arnoudk]

Have you guys had any luck running a node through a VPN? I'm curious how that looks.

I have not tried this yet, but I am sure that it would work. I have used VPN services in the past, and (if using windows) all you do is install a piece of software that connects to the VPN. This creates a virtual network interface and sets that as the default one to use. It then routes all traffic, including P2P, over that virtual network interface. I have not used VPNs on Linux yet, but I suspect it also creates a virtual network interface.

I'm looking into VPNs and may get one in the future. Although I must say that, while VPN providers solve a need, it is unfortunate that they are needed. It is a form of centralization of the Internet.

I really hope mesh networks with bitcoin micropayment channels can take off. I have some ideas there (which I think could work, at least theoretically) but I don't have the expertise to build a proof of concept to prove the idea nor would I be able to build hardware to make that efficient. If there is someone on this forum who really understands the intricacies of packet switching and would like to give feedback.... let me know.

[arnoudk]

Like most (I think) home computers these days, mine doesn't have an internet facing network connection. There's a nasty ISP NAT, so no incoming connections work.

My connection is the same, there is no way that I am able to have incoming ports. A traceroute shows that, once the packet leaves my network, it will travel quite a distance on another private network before reaching an Internet IP.

My VPS in the USA doesn't have the disk space to handle the blockchain, so I'm fkd as far as running a full node goes. Maybe I will pay for a cloud node one day.

I also run bitcoin full nodes on VPSes. I chose to have multiple cheap VPSes in multiple datacenters, rather than one more expensive and presumably more reliable VPS. Because that gives me more capacity than needed, I also run bitcoind on all machines. If one or two VPSes go down at the same time (which hardly ever happens), I don't care about it too much. However, if that happens then it is the bitcoind client that I will be switching off. So I have some simple code that checks the load on the machine and pauses the bitcoind daemon if it gets too high.

You could run a bitcoin node for under $50 per year using the "specials" at e.g. https://www.servermania.com/linux-ssd-vps-specials.htm. I run a bitcoind node on one of these $48 a year machines. It takes a bit of tweaking (especially managing the load of the machine, servermania has a strange habit of shutting down nodes that use "excessive CPU" - while I would have assumed that it is the responsibility of the VPS provider to throttle CPU usage. But I now just do that myself. My nodes are now, each, sending approx 1.5 TB of data per month. Well within the 3 TB that is included, but if that traffic increases over time I will be limiting traffic as to not use too much (or get my other services shut down).

I'll tell you what, if you want some help to set up a node on this cheap VPS I'll be happy to help. I've just got one condition: that you contact ServerMania and ask them to accept payments in bitcoin. I have asked them twice now, but no luck yet. If you get the sales rep to check with his boss and get back to you - regardless of what the boss decides - I'll be happy to configure one for you (let me know so I can let you know which OS I work with). Assuming you'd be comfortable giving me temporary access to the node

In the past, I've tried running things like that thru a vpn to my vps. Difficult routing setup, and then when you get it working finally, something changes somewhere and you need to go thru it all again. PITA.

I'd never route my traffic through my server in the US. That hardly seems like a plan that improves privacy as I would be the only one using that IP. For incidental use (ie bypassing some stupid country restriction checks) I'll tunnel some traffic through an SSH tunnel. Works well enough (I've used it in the past to enable Skype in a country that blocked it, and it worked well with audio and video combined). This takes just moments to set up.

[harrymmmm]

Have you guys had any luck running a node through a VPN? I'm curious how that looks.

I have not tried this yet, but I am sure that it would work. I have used VPN services in the past, and (if using windows) all you do is install a piece of software that connects to the VPN. This creates a virtual network interface and sets that as the default one to use. It then routes all traffic, including P2P, over that virtual network interface. I have not used VPNs on Linux yet, but I suspect it also creates a virtual network interface.

My only experience is with rolling my own vpn. It may well be that commercial client/server software is better at the routing than I was.
You have the problem that opening a listening socket on a port (say 8333) on your own computer does not easily make a listening port on the vpn server host. If it doesn't, you can't be connected to.
To make those incoming connections to the server get back to your node, you need to get (at least) 2 things right.
1) the guys trying to connect to you must be directed to your server. So your client can't broadcast it's own address; it must be told (somehow) to broadcast the server address; like a NAT. Then you get the problem that some of these types of clients pass their address in the messages they send - you don't have a way to fix that quite often (I dunno about bitcoind).
2) you must get the routing right so an incoming port 8333 connection to your server sends the packets back to your pc. This is called port forwarding

I found all that sometimes not possible without source code changes to the client, quite tricky at the best of times, and always very brittle.

I'm looking into VPNs and may get one in the future. Although I must say that, while VPN providers solve a need, it is unfortunate that they are needed. It is a form of centralization of the Internet.

I really hope mesh networks with bitcoin micropayment channels can take off. I have some ideas there (which I think could work, at least theoretically) but I don't have the expertise to build a proof of concept to prove the idea nor would I be able to build hardware to make that efficient. If there is someone on this forum who really understands the intricacies of packet switching and would like to give feedback.... let me know.

Ask away. But I've probably forgotten a lot by now.

Packet routing is quite logical but I've found that working with a router's interface is always tricky coz they don't implement things as they should be.
IOW, they're wrong and i'm right. Haha.

[harrymmmm]

Like most (I think) home computers these days, mine doesn't have an internet facing network connection. There's a nasty ISP NAT, so no incoming connections work.

My connection is the same, there is no way that I am able to have incoming ports. A traceroute shows that, once the packet leaves my network, it will travel quite a distance on another private network before reaching an Internet IP.

Yes, I think it's way more common than most people think.

You could run a bitcoin node for under $50 per year using the "specials" at e.g. https://www.servermania.com/linux-ssd-vps-specials.htm. I run a bitcoind node on one of these $48 a year machines.

Thanks for that. I might be looking for a new vps soon, but I won't choose one that's not accepting bitcoin.

I'll tell you what, if you want some help to set up a node on this cheap VPS I'll be happy to help. I've just got one condition: that you contact ServerMania and ask them to accept payments in bitcoin. I have asked them twice now, but no luck yet. If you get the sales rep to check with his boss and get back to you - regardless of what the boss decides - I'll be happy to configure one for you (let me know so I can let you know which OS I work with). Assuming you'd be comfortable giving me temporary access to the node

Thx for the offer. I think I'd enjoy setting another one up tho. And it won't be there if they don't take my btc.

In the past, I've tried running things like that thru a vpn to my vps. Difficult routing setup, and then when you get it working finally, something changes somewhere and you need to go thru it all again. PITA.

I'd never route my traffic through my server in the US. That hardly seems like a plan that improves privacy as I would be the only one using that IP. For incidental use (ie bypassing some stupid country restriction checks) I'll tunnel some traffic through an SSH tunnel. Works well enough (I've used it in the past to enable Skype in a country that blocked it, and it worked well with audio and video combined). This takes just moments to set up.

wow. you sound like someone I might have met already.
I taught a bunch of guys ssh and port forwarding in just such a place a long time ago.

You in Belize? Were you there when Macafee had his fun? Any extra info about what happened?

[arnoudk]

Let me know if there are any VPS providers that provide similar value for money. I'd like to support bitcoin accepting businesses. If a business accepts bitcoin, I will usually choose that as a payment option.

At the same time, if I have a paypal balance, I'm still going to spend that first and keep the BTC (Gresham's Law in action).

And, if the price at a bitcoin-accepting business is higher for similar goods or services, I'll still use paypal.

All else being (mostly) equal - YES, I'll choose bitcoin. In all other cases, I'll keep asking businesses to accept it, and once they do I'll of course use that payment option.

As for John McAfee - that is quite a story. I was not in Belize when that all went down (he had fled Belize, but I only heard his side of the story on Jeff Berwick's Anarchast when I was in Belize). It does seems to me that eccentric get taken advantage of in this country. Corruption in government is a sad reality - it is obvious that it happens at the lower levels (bribes), and it is claimed to happen at all levels. Corruption is obvious here, but don't confuse that with corruption being unique to this place - I am convinced politicians and government workers in the USA are equally corrupt.
https://www.youtube.com/watch?v=i3_fr2p7054

He was the victim of corruption and police brutality. Ironically, I believe he even funded the police. Needless to say, cops are not considered an asset here. Google police brutality in belize for even more horrific stories.

But all is not better in the USA.
https://www.youtube.com/watch?v=IlY9C6pzxKc

[CryptAxe]

We shouldn't have to deal with this shit.. Looking forward to the end of the ISP

[arnoudk]

I've re-enabled the bitnodes IP after a 1 week heads up message to the developer that so far has gone unanswered. So far it doesn't seem to get out of hand at bitnodes yet so I am assuming it will not. I'll keep an eye on it.