|
Title: Looking for advice on a full node Post by: defa1 on June 30, 2021, 07:47:39 PM I've been running Core on my computer for a while, but now it's time to turn my Pi into a more fully featured node. WIth lightning, electrs, and all that other good stuff. I've been looking at some full node products and evaluating the benefits. So far I've come across: myNode, Raspiblitz, Umbrel. Nodl One/Dojo and Start9 are expensive and I already have the hardware so I'll pass.
Does anyone recommend either of these projects or know of other projects that I should consider and why? So far I'm most interested in myNode and Raspiblitz. I know Umbrel is easy but I heard the security isn't the best. Any recommendations welcome! Title: Re: Looking for advice on a full node Post by: DeathAngel on June 30, 2021, 07:55:05 PM I’d advise you to most this thread to the more technical sub of the forum. You’re more likely to get constructive answers https://bitcointalk.org/index.php?board=4.0
Title: Re: Looking for advice on a full node Post by: odolvlobo on June 30, 2021, 11:37:22 PM Does anyone recommend either of these projects or know of other projects that I should consider and why? So far I'm most interested in myNode and Raspiblitz. I know Umbrel is easy but I heard the security isn't the best. If you already have an RPi and and a drive, then you want to set up the RaspiBolt project: https://stadicus.github.io/RaspiBolt/ I have bitcoind, lnd, electrs, JoinMarket, btc-rpc-explorer, and TOR set up on my RPi via Raspibolt. Title: Re: Looking for advice on a full node Post by: Welsh on July 01, 2021, 10:22:29 PM As long as you have the minimum requirements (I'm not sure what Raspberry Pi you're running) all of the above should be fine, and is likely down to personal preference.
To expand on the point above about RaspiBolt. It has good documentation available along with Raspiblitz, which reduces the complexity, which I believe is set out a little better than some of the alternatives. So, if you are new its probably a decent starting point. Title: Re: Looking for advice on a full node Post by: defa1 on July 01, 2021, 10:40:20 PM What's the difference between Raspibolt and Raspiblitz? Is the bolt a bit more hands on? I have a Pi4 8GB btw.
I'm thinking of doing it all myself, I'm just a tad worried I might mess something up and start leaking over clearnet for example. i'm relatively comfortable with bitcoin core by now, but have never touched lnd or electrum server (except eps) Title: Re: Looking for advice on a full node Post by: HCP on July 01, 2021, 10:44:50 PM RaspiBlitz is a nice solution, has been refined quite well, but the cost is a bit more if you go with the touchscreen setup... I'd also recommend RaspiBolt if you don't currently have the touchscreen hardware and want a cheaper "headless" solution.
The RaspiBolt project is also pretty solid and has pretty minimal requirements being just the Pi, powersupply, microSD + storage drive. Title: Re: Looking for advice on a full node Post by: odolvlobo on July 02, 2021, 02:28:48 AM What's the difference between Raspibolt and Raspiblitz? Is the bolt a bit more hands on? I have a Pi4 8GB btw. I'm thinking of doing it all myself, I'm just a tad worried I might mess something up and start leaking over clearnet for example. i'm relatively comfortable with bitcoin core by now, but have never touched lnd or electrum server (except eps) I had mistakenly assumed that Raspiblitz was a kit. Given that you can buy the hardware separately for Raspiblitz, I don't know the pros and cons of Raspibolt vs. Raspiblitz. I would be interested in that info also. Title: Re: Looking for advice on a full node Post by: dkbit98 on July 02, 2021, 10:42:40 AM Does anyone recommend either of these projects or know of other projects that I should consider and why? So far I'm most interested in myNode and Raspiblitz. I know Umbrel is easy but I heard the security isn't the best. Umbrel is probably one of the easiest option for setting up Bitcoin node I ever saw, everything is open source and Lightning Network is fully supported, but you won't do anything wrong if you choose something else like myNode or Raspiblitz.Title: Re: Looking for advice on a full node Post by: defa1 on July 02, 2021, 12:58:26 PM Does anyone recommend either of these projects or know of other projects that I should consider and why? So far I'm most interested in myNode and Raspiblitz. I know Umbrel is easy but I heard the security isn't the best. Umbrel is probably one of the easiest option for setting up Bitcoin node I ever saw, everything is open source and Lightning Network is fully supported, but you won't do anything wrong if you choose something else like myNode or Raspiblitz.I read that it's not as secure because for example updates aren't signed, although I don't know if that's also the case with the other nodes Title: Re: Looking for advice on a full node Post by: defa1 on July 02, 2021, 01:02:56 PM What's the difference between Raspibolt and Raspiblitz? Raspibolt is more difficult to use since you need to setup each component (e.g. Bitcoin Core, LND) manually. Raspiblitz only require you to set few password and how to sync. As @HCP mentioned, Raspiblitz is heavier since it include more feature/component by default. But since you have Pi4 8GB, you shouldn't face any major performance. problem If I have a free weekend I might actually enjoy setting all of it up manually :-) Do you know which services are available on the blitz but not on the bolt? Title: Re: Looking for advice on a full node Post by: dkbit98 on July 02, 2021, 01:35:24 PM I read that it's not as secure because for example updates aren't signed, although I don't know if that's also the case with the other nodes You can verify any update yourself because everything is open source and posted on their github page:https://github.com/getumbrel/umbrel/releases Title: Re: Looking for advice on a full node Post by: HCP on July 02, 2021, 11:21:01 PM If I have a free weekend I might actually enjoy setting all of it up manually :-) Do you know which services are available on the blitz but not on the bolt? There isn't a definitive Blitz vs Bolt list that I have seen anywhere... I dare say that Blitz includes a number of "add-ons" or extra features that Bolt doesn't like the "stacking sats on kraken" script etc.Bolt is definitely the bare-bones DIY solution... Blitz is a bit more polished and somewhat "automated", imo Title: Re: Looking for advice on a full node Post by: Cricktor on July 03, 2021, 10:57:45 AM ... I'd also recommend RaspiBolt if you don't currently have the touchscreen hardware and want a cheaper "headless" solution. The touchscreen for RaspiBlitz is totally optional, you can run RaspiBlitz headless without any issues. I run RaspiBlitz without touchscreen on a Pi 4B with 8GB RAM and currently have only an issue to activate the add-on JoinMarket which runs into an error I couldn't sort out so far with RaspiBlitz v1.7.0 (actively running bitcoind, LND, electrs, RTL, BTC-RPC-Explorer, TOR).The RaspiBolt project is also pretty solid and has pretty minimal requirements being just the Pi, powersupply, microSD + storage drive. Title: Re: Looking for advice on a full node Post by: HCP on July 03, 2021, 10:46:44 PM Indeed... it seems that the information I was looking at is slightly outdated... I had read that using it headless required creating your own sdcard image. However, further investigation shows that you can use the default image and set it all up headless without issue. There is a fairly comprehensive guide here: https://armantheparman.com/raspiblitz/
And he even shows how to go headless AND use WiFi, if ethernet is not suitable: https://armantheparman.com/headless-wifi/ Meanwhile, I'm off to the store to buy a more reliable power supply for my Pi ;) Title: Re: Looking for advice on a full node Post by: vv181 on July 08, 2021, 08:38:20 PM I tried to run a full node on pi 4 8GB, and the initial blockchain download is really a pain in the neck, especially that i use HDD. It's a bad decision that I made to use HDD.
Recently, I got power failures on the pi, which made the blockchain data corrupt, I had to run -reindex-chainstate on it but I guess I got the CPU throttled. So, I tried to reindex it on my PC, I use the permission bitcoin:bitcoin as it the same on pi. Latter if I move it back to pi it shouldn't be a problem, right? Also, is there any chance to prevent the data from corrupted if it got unclean/forcefully shut down? Is the thing on the Linux OS/file system side or there should be some way on the bitcoin node that able to make the data safe even if it is got unclean shutdown? Title: Re: Looking for advice on a full node Post by: HCP on July 08, 2021, 10:58:46 PM I tried to run a full node on pi 4 8GB, and the initial blockchain download is really a pain in the neck, especially that i use HDD. It's a bad decision that I made to use HDD. Yeah, using an HDD for the IBD is going to be very slow on the Pi... it's already processor limited, and you're just knee-capping it further using the HDD.I setup Raspiblitz using a Pi 4B 8GB with an HDD... but I used the "copy" option that it has to transfer the data from my desktop to the Pi HDD. My first attempt I used WiFi (which was incredibly slow) and I didn't copy the "indexes" folder, only the "blocks" and "chainstate" folders as per the RaspiBlitz install instructions. This was a huge mistake as using some of the other features of RaspiBlitz like electrs (Electrum Server) or the block explorers requires txindex=1... so then I had to wait for the node to complete the transaction indexing... which took something like 24 hrs to index 75%... but I suspect some of the slowdown might have been because I tried to enable several of the extra services at the same time so electrs was creating it's database while bitcoind was txindexing etc. I eventually had the bright idea of copying the txindex from my desktop as well... so, I wiped the Pi... and this time copied "blocks", "chainstate" and "indexes" from my desktop node datadir (making sure the node was not running of course): Code: scp -r ./chainstate ./blocks ./indexes bitcoin@pi.ip.addr.here:/mnt/hdd/bitcoin I also used an ethernet cable... which improved the transfer speed by a factor of around 10 (ie. it was taking 2 seconds to transfer a 130GB block file instead of around 18-20 seconds). So after a couple of hours copying the blockdata, I had bitcoind/lnd up and running... I then installed the mempool/btc-explorer services on the RaspiBlitz and was able to use the block explorer functionality immediately as the node was already indexed. :) I then installed the electrs service and it took a few hours to create it's database... and then an hour or so more to compact the database... and now everything is running fairly smoothly. So, after about a full 24 hours, I have my own personal Bitcoin/LND Node + Electrum Server + Block explorer... and it's all running behind Tor. I'm actually pretty impressed with RaspiBlitz. Recently, I got power failures on the pi, which made the blockchain data corrupt, I had to run -reindex-chainstate on it but I guess I got the CPU throttled. So, I tried to reindex it on my PC, I use the permission bitcoin:bitcoin as it the same on pi. Latter if I move it back to pi it shouldn't be a problem, right? Are you running plain bitcoind on the Pi or are you attempting to use something like RaspiBolt/RaspiBlitz/MyNode? ???If you're using plain bitcoind, you should be able to copy the data without issue. Just make sure that your desktop node is stopped first, then copy the data. You will need to copy "blocks" and "chainstate" (and "indexes" if your desktop is set to use txindex=1 and you also want the Pi to do the same) from the desktop node datadir. Also, is there any chance to prevent the data from corrupted if it got unclean/forcefully shut down? Is the thing on the Linux OS/file system side or there should be some way on the bitcoin node that able to make the data safe even if it is got unclean shutdown? There isn't really much you can do... even on a desktop, or Windows... an unclean shutdown can corrupt data. Usually, this should only affect the last block file, so a reindex (while time consuming) should fix it.Are you using an "official" Pi powersupply? Or just a generic USB adapter? The Pi's can be quite power sensitive and an external HDD will require more power than an external SSD... using a generic USB adapter might be causing power delivery issues. I got an official power supply... it was like US$8 from my local Pi stockist. I've not had any issues as yet (touch wood)... it seems pretty solid. Title: Re: Looking for advice on a full node Post by: vv181 on July 10, 2021, 05:20:47 AM @HCP
I'm following the Raspibolt tutorial. I was successfully reindexed on my PC, and its all works fine when i move the HDD back to pi. Though there are some permission issues, so I just changed it back to bitcoin:bitcoin without a problem. My HDD contained the whole Pi os and the bitcoin data. I just connect it to my pc running Arch, then I just symlink the bitcoin folder to my home bitcoin user. Run the reindex on plain bitcoind with some configuration, it's indeed going faster. When I move it back to pi there are some file permissions are changed to root, but I just chown it back to bitcoin:bitcoin. Upon starting again on the pi, its works. Yea I use the official power adapter. And yep, AFAIK hdd is a more prone error from power failure, so I rather use the official one. Thanks anyway! ;) I have my own personal Bitcoin/LND Node + Electrum Server + Block explorer... and it's all running behind Tor. How's your pi perform when running all of that? I mean like the ram usage and the CPU UsageTitle: Re: Looking for advice on a full node Post by: HCP on July 10, 2021, 11:03:17 PM I'm following the Raspibolt tutorial. I was successfully reindexed on my PC, and its all works fine when i move the HDD back to pi. Though there are some permission issues, so I just changed it back to bitcoin:bitcoin without a problem. Seems like you have a good process for getting the blocks/chainstate all sorted via the PC and then migrated back over to the Pi. Nice.I have my own personal Bitcoin/LND Node + Electrum Server + Block explorer... and it's all running behind Tor. How's your pi perform when running all of that? I mean like the ram usage and the CPU UsageIt "idles" away OK: https://talkimg.com/images/2023/11/14/zFKg5.png Idle == just syncing new blocks with electrs + block explorer working away in the background If I attempt to sync an Electrum wallet with a modest amount of transactions: https://talkimg.com/images/2023/11/14/zFpuz.png It drives the load up a little... increases the memory usage slightly and the temps jump (because I don't have any heatsinks/fans or anything on the Pi at the moment, it's just the bare board sitting on the cardboard box that it came in :P) And this is with Electrum syncing + mempool.space + btc explorer open in the browser on my laptop: https://talkimg.com/images/2023/11/14/zFDN2.png So it hums along "OK"... honestly, the most taxing thing so far was the electrum server indexing... On a side note... because I hate myself and can't just leave well enough alone... I'm thinking of blowing it all away and trying out Umbrel. Just so I can see what that is like :P Apparently you can also copy across the data from another node, it's just a slightly more manual process: https://github.com/getumbrel/umbrel-os/issues/119 I'll report back once that is done. Title: Re: Looking for advice on a full node Post by: vv181 on July 11, 2021, 09:54:24 AM ~ Thanks for sharing! Just want to make sure the number on the left side of "free mem xx / xx" is the free RAM you got right? I'm planning to run other apps on pi, I guess maybe it should be safe then. (because I don't have any heatsinks/fans or anything on the Pi at the moment, it's just the bare board sitting on the cardboard box that it came in :P) xd ;D, My pi runs exactly the same as you. Barebone on top of the package box with a tangled-up cable.Anyway, the IBD is still ongoing but when I run Code: bitcoin-cli --rpcuser=raspibolt --rpcpassword=x getblockchaininfo My Pi run using Raspap on AP-STA (https://docs.raspap.com/ap-sta.html#what-is-ap-sta-mode) mode + Nextcloud. And I use default Raspibolt bitcoin.conf (https://stadicus.github.io/RaspiBolt/raspibolt_30_bitcoin.html#configuration) but I haven't set up the ufw firewall on the Raspibolt security (https://stadicus.github.io/RaspiBolt/raspibolt_21_security.html#enabling-the-uncomplicated-firewall) step. debug.log (https://pastebin.com/80P8f2qt) Code: (netstat -an | grep 8332) tcp 0 0 127.0.0.1:28332 0.0.0.0:* LISTEN Been checking around with my network configuration, but still couldn't figure it out. Until I set the bitcoin.conf with rpcallowip=127.0.0.1/0, and it is workings fine. By setting up that conf, would it fix the the actual problems and its safe to procced? Title: Re: Looking for advice on a full node Post by: nortwood on July 12, 2021, 04:59:10 PM I recently setup a headless raspiblitz running on a naked RPi4 8gb as well. I've got a passive aluminum case (which I like more than the fans) but haven't disconnected it yet. I have had some performance issues. Ultimately uninstalled mempool. The RPi was doggish and the mempool didn't provide as much info as mempool.space. I guess I had just assumed it would have everything.
A question that I have is whether it downloads the blockchain via tor by default. In the guides I saw that there was an option during initial setup, but I didn't see it. I read that they switched to tor by default for the node itself, and I would hope that would mean from initial blockchain download forward but I'm uncertain. Anyone have any ideas? Also, I'm surprised that "pi" wasn't deleted and I wonder how secure that is. That seems less than ideal based on what I've read from installing other instances on RPi's. But I'm not technically advanced enough to know for sure if that's just less of an issue with tor, assuming it was during download. So far I haven't actually used it other than to just play around and learn. I'm not sure that I trust it in it's current configuration, and for sure want to at least isolate it on my network first. Especially after learning how few are online and that there might be other vulnerabilities like the "spying nodes" referenced in another thread that I've yet to fully elucidate. Title: Re: Looking for advice on a full node Post by: nortwood on July 12, 2021, 07:46:56 PM Should we be running v0.21.1? It calls it experimental in Raspiblitz.
Title: Re: Looking for advice on a full node Post by: HCP on July 12, 2021, 08:52:46 PM Been checking around with my network configuration, but still couldn't figure it out. Until I set the bitcoin.conf with rpcallowip=127.0.0.1/0, and it is workings fine. By setting up that conf, would it fix the the actual problems and its safe to procced? All that is doing is allowing RPC connections from the local machine... I can't really comment as to whether or not its "safe to proceed" as I'm not sure what the rest of your setup is doing.I gave up on RaspiBolt very early on, and when straight to RaspiBlitz... it seems to take care of most of that setup automagically... with the downside being that running other things like your RaspAP might not be possible etc. I recently setup a headless raspiblitz running on a naked RPi4 8gb as well. I've got a passive aluminum case (which I like more than the fans) but haven't disconnected it yet. I have had some performance issues. Ultimately uninstalled mempool. The RPi was doggish and the mempool didn't provide as much info as mempool.space. I guess I had just assumed it would have everything. What is missing compared with mempool.space? It seemed pretty similar to me... although I can't really check now, because I deleted RaspiBlitz and installed Umbrel to check that out. The version on Umbrel seems pretty complete (it just doesn't have other chains available for obvious reasons) although it is a slightly older version 2.1.2 on Umbrel vs 2.2.1-dev on mempool.spaceI haven't really noticed much in the way of performance issues... but then I didn't really test it much... and don't really have a baseline to compare to (ie. I haven't just setup an OS with bare bitcoind and lnd etc. Also, I'm surprised that "pi" wasn't deleted and I wonder how secure that is. That seems less than ideal based on what I've read from installing other instances on RPi's. But I'm not technically advanced enough to know for sure if that's just less of an issue with tor, assuming it was during download. I'm not sure what you mean by "pi" not being deleted? Do you mean there is a "pi" user account or something? Again, I can't check because as mentioned above, I deleted RaspiBlitz and installed Umbrel... it doesn't have a "pi" user.Title: Re: Looking for advice on a full node Post by: nortwood on July 12, 2021, 09:33:32 PM Quote What is missing compared with mempool.space? The graph only goes back to the date I installed it and when I looked up some donation addresses it only showed the current balance without the coin history that the website does. I have electr, specter, btcpayserver, joinmarket, sphynx, RTL, and mempool all running and it's not bad depending on my tor connection. It's just a bit doggish loading mempool. Apparently I misspoke and it was btcrpcexplorer that I had the most issues with and uninstalled. I couldn't clear all of the npm issues. Quote Do you mean there is a "pi" user account or something? Yes, it's one of the first things stressed that one should do during other RPi installs. Particularly if you're online with open ports. Perhaps tor functions in a different manner, but my understanding is that bots scan ports and user "pi" with password "raspberry" is very common. So it's stressed to remove "pi" before going online. I'm not sure if I was online for 3 days downloading with open ports over clearnet with a common user/pass. For that matter I'm not sure if "pi" is required for the install to work properly. Title: Re: Looking for advice on a full node Post by: HCP on July 12, 2021, 11:07:57 PM Oh ok... yeah the graph data not being available makes sense because that is data that the service is recording live based on mempool activity that it is observing... it's not information that can be derived from the historical blockchain data.
So, if the service wasn't running, it obviously can't observe that data ;) Not sure about the address history being missing tho, that seems like the node hasn't finished indexing properly or something... or that the data is pruned for some reason. By default, I don't think Raspiblitz has txindex=1 set and you have to explicitly turn that on in the settings. On Umbrel, it seems like mempool and btc-rpc-explorer are actually setup to use the underlying electrum server (ie. electrs) to retrieve address information. I'm not sure if RaspiBlitz operates the same way. Yes, it's one of the first things stressed that one should do during other RPi installs. Particularly if you're online with open ports. Perhaps tor functions in a different manner, but my understanding is that bots scan ports and user "pi" with password "raspberry" is very common. So it's stressed to remove "pi" before going online. I'm not sure if I was online for 3 days downloading with open ports over clearnet with a common user/pass. For that matter I'm not sure if "pi" is required for the install to work properly. Interesting... there certainly isn't a "pi" user on Umbrel... I didn't notice if my Raspiblitz install had it, I didn't think to look to be honest... might be worth creating an issue on the raspiblitz github (https://github.com/rootzoll/raspiblitz/issues) if the raspiblitz sdcard image is created with that default user enabled.Title: Re: Looking for advice on a full node Post by: nortwood on August 02, 2021, 10:42:29 PM I ended up setting up pfsense with a vlan for the node. I like the idea of having it sectioned away from the rest of my local network. Especially the iot. Likely will add a miner to same vlan unless it's wiser to keep them separate. Any insight into rule sets with nodes are welcomed.
The node runs on tor, and churns away with all ports blocked. But I've been having issues with mempool. It won't load properly. It connects and disconnects over and over. I've updated npm issues to the point of "breaking chain" errors that I enabled. At which point I got a 502 error and mempool wouldn't load. Uninstalled, re-installed, and have only cleared npm issues handled automatically. So, I'm back to where I started with mempool stuck in a connect/disconnect loop. This isn't a port issue, correct? Surprisingly, last night I restricted the vlans connectivity to pings and dns with no other local or internet access and somehow the node was still running with connections in the morning. Nothing else had connectivity. I'm not sure if they were connections that had been made prior to my change, or? My tor browser didn't have internet access on the same network. Is this some ninja mode of running this, or where those connections previously made? Quote If you have security concern, change the password and configure SSH only to accept login attempt with SSH key. I'm trying to do this but I'm having difficulties with the sshd_config file. I can't seem to disable password access. I did this one something else but I don't think the whole file was #disabled/default like this one seems to be. Perhaps others could benefit from learning best practices with this file. Or perhaps someone might just tell me at least what I'm doing wrong. So far I've enabled these things in the file: Code: #Port 22 (Edited to add that I'm a dumbass. These settings work. I was thinking this feature wouldn't allow me to connect to the node at all without the keys. I was checking by seeing if I could get to the first prompt, which I could. But I wasn't trying to use the password to actually log in. :-[ ) Title: Re: Looking for advice on a full node Post by: nortwood on August 03, 2021, 07:33:59 AM I would really like to know best practices for the firewall. I'm not sure what I can block.
Quote TCP Attempted Information Leak DESTINATION 51.75.78.103:80 ET POLICY curl User-Agent Outbound Every 10-15 seconds. I've been looking these up on everything and most of it seems to be false positives, and that's just lan. This was one of the first things I looked at since it's happening so often. I couldn't find much, except: Quote Abstract. We show how to exploit side-channels to identify clients with- out eavesdropping on the communication to the server, and without re- lying on known, distinguishable traffic patterns. We present different attacks, utilizing different side-channels, for two scenarios: a fully off- path attack detecting TCP connections, and an attack detecting Tor connections by eavesdropping only on the clients. Our attacks exploit three types of side channels: globally-incrementing IP identifiers, used by some operating systems, e.g., in Windows; packet pro- cessing delays, which depend on TCP state; and bogus-congestion events, causing impact on TCP’s throughput (via TCP’s congestion control mechanism). Our attacks can (optionally) also benefit from sequential port allocation, e.g., deployed in Windows and Linux. The attacks are practical - we present results of experiments for all attacks in different network environments and scenarios. We also present countermeasures for these attacks https://www.researchgate.net/publication/253954669_Spying_in_the_Dark_TCP_and_Tor_Traffic_Analysis It's an older paper so nothing new, but it's creepy seeing it in real time. I looked back at my firewall and saw that the ports I'm sending from are sequential, to the same ip listed above over and over. So I'm sending out http packets from sequential ports every 10-15 seconds. Surely this isn't right. It doesn't look like the other traffic. Quote The flaw that we identify is that a blind adversary is able to cause a TCP recipient an involuntary reaction by sending arbitrary (spoofed) packets. We propose keeping a small window of acceptable sequence numbers that may be processed. This window resembles the receiver’s congestion window, but is more aggressive: while packets outside the congestion window cause a duplicate acknowledgment (which we use in the attacks described in Sections 3-5), packets that specify sequence numbers outside the acceptable-window are silently discarded. The acceptable-window is larger than the host’s congestion window and includes it. A congestion window is usually up to 216 bytes, an acceptable-window that is twice as large, i.e., 217 bytes, will significantly degrade the attacker’s ability to conduct all the attacks in this paper. Since the sequence number is 32 bits long, the attacker is required to send ... times the number of packets to conduct similar attacks. How- ever, this technique requires that the firewall will inspect the sequence numbers in incoming TCP packets, which increases the packet processing overhead. Ideally, I'd like to figure out how to block with pfsense rather than suricata. I just blocked that ip/port but I don't think it was the same ip yesterday. Any insights into best practices are appreciated. Title: Re: Looking for advice on a full node Post by: nortwood on August 03, 2021, 07:24:55 PM I'm assuming that this is nothing, but I'm still curious about how the node works.
I added suricata to the vlan for my node. I've disabled the "emerging-tor.rules", and left the rest of the ETOpen and snort rules on. This results in blocking the IP above (associated with an ipv6 test site) as well as a handful of dns servers (that I didn't assign) making ICMP ECHO REPLY requests. When I do this I still seem to make connections with peers, or at least data continues to be transferred, but I can't access the node from my local network. When I disable the block for the ICMP ECHO REPLY requests I can again access my node and see that I still had 10 peer connections. So I'm generally just not understanding what is appropriate traffic through the node and what isn't. It's odd to me that the node requires dns servers other than the one I selected for my network. Edited to update: I ran packet capture and can see that my node is sending out an echo request and receiving a reply to/from a dns server every second. https://tutorials.cyberaces.org/downloads/pdf/Module2/CyberAces_Module2-Networking-Layer3-Part3-Communication.pdf The above link (basically ICMP 101) seems to suggest to me that I either have a dns issue that I need to resolve between my new router and the node, or my node is being ID'd. But then there's the fact that I'm not familiar with how tor works.. Sorry to spew my thoughts out in real-time but it'll help me to pick up where I left off as I tend to other irons in the fire. It also seems pertinent to the topic at hand. |
