Bitcoin Forum
August 21, 2018, 02:49:51 PM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Cascading Bitcoin Nodes  (Read 72 times)
m0rph3us7
Newbie
*
Offline Offline

Activity: 1
Merit: 3


View Profile
January 29, 2018, 07:10:59 PM
Merited by DannyHamilton (2), AGD (1)
 #1

Hi,

I want to setup a secure Wallet System with bitcoin core on linux.
First bitcoin node should be placed in the DMZ, behind the Front Firewall.
Second node should be placed in a secure net, without a direct internet connect.
The second node should sync with the first node.

I setup the 2 Nodes. First Node is syncing.
Second Node has configured:
connect=192.168.1.15
addnode=192.168.1.15

But it does not start loading blocks.

Any Ideas?

Kind regards, Morph
1534862991
Hero Member
*
Offline Offline

Posts: 1534862991

View Profile Personal Message (Offline)

Ignore
1534862991
Reply with quote  #2

1534862991
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534862991
Hero Member
*
Offline Offline

Posts: 1534862991

View Profile Personal Message (Offline)

Ignore
1534862991
Reply with quote  #2

1534862991
Report to moderator
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1498
Merit: 1530


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
January 29, 2018, 10:14:38 PM
Merited by DannyHamilton (1)
 #2

I don't think a node will serve blocks to any other node until it is fully synced. So if your first node is not synced yet, you should wait for it to be fully synced and then try again with the second node.

cezar.crypto
Newbie
*
Offline Offline

Activity: 8
Merit: 3


View Profile
January 30, 2018, 07:45:49 AM
Merited by DannyHamilton (2), Jet Cash (1)
 #3

Hi,

I want to setup a secure Wallet System with bitcoin core on linux.
First bitcoin node should be placed in the DMZ, behind the Front Firewall.
Second node should be placed in a secure net, without a direct internet connect.
The second node should sync with the first node.

I setup the 2 Nodes. First Node is syncing.
Second Node has configured:
connect=192.168.1.15
addnode=192.168.1.15

But it does not start loading blocks.

Any Ideas?

Kind regards, Morph

Interesting idea. Why exactly would you want to do that though? For extra security on your wallet there are many things to do like encrypting wallet, creating new wallet instance and taking the private keys completely off Internet, etc. I don't think the node #2 (inside the secure net) will be able to transfer/receive anything from the main network without being synced in the first place. True it is getting sync only from node #1 but node #1 does not have any control over what goes on the main network.

Also as a suggestion you might try to see if second node 192.168.1.15 can communicate over the Bitcoin ports to the first node (maybe that is the reason it doesn't connect).

Regards

https://deeponion.org/apply.php?ref=cezar.crypto
TheQuin
Hero Member
*****
Online Online

Activity: 644
Merit: 666


Freebitco.in Forum Dude https://bit.ly/2I9BVS2


View Profile WWW
January 30, 2018, 09:01:06 AM
Merited by DannyHamilton (2), AGD (1), Jet Cash (1)
 #4

Interesting idea. Why exactly would you want to do that though? For extra security on your wallet there are many things to do like encrypting wallet, creating new wallet instance and taking the private keys completely off Internet, etc. I don't think the node #2 (inside the secure net) will be able to transfer/receive anything from the main network without being synced in the first place. True it is getting sync only from node #1 but node #1 does not have any control over what goes on the main network.

Also as a suggestion you might try to see if second node 192.168.1.15 can communicate over the Bitcoin ports to the first node (maybe that is the reason it doesn't connect).

Regards

That's the purpose of a DMZ. Only the node in the DMZ can communicate with the internet and therefore act as normal in receiving and transmitting blocks and transactions. The node on the secure network can only connect to the node in the DMZ. Because it can do that it can transmit and receive everything it needs to and still be completely inaccessible from the internet. I used to design similar security solutions for many other applications (email etc.) before I retired from the IT business.

It's often done with one firewall but is much more secure if you use two similar to this diagram. The node in the DMZ is acting as a proxy server and this a very good way to keep a hot wallet secure.


ScripterRon
Full Member
***
Offline Offline

Activity: 136
Merit: 106


View Profile
January 30, 2018, 12:54:05 PM
 #5

Hi,

I want to setup a secure Wallet System with bitcoin core on linux.
First bitcoin node should be placed in the DMZ, behind the Front Firewall.
Second node should be placed in a secure net, without a direct internet connect.
The second node should sync with the first node.

I setup the 2 Nodes. First Node is syncing.
Second Node has configured:
connect=192.168.1.15
addnode=192.168.1.15

But it does not start loading blocks.

Any Ideas?

Kind regards, Morph

As achow101 noted, you need to wait for the first node to sync.  I run a two-node setup myself where the first node is an internet hub (around 95 connections at any given time) and does not have a wallet and the second node which has a wallet connects just to the first node.  I use a 'connect' statement so the second node connects to just the first node and specify 'listen=0' so the second node doesn't try to accept incoming connections.  But I don't do this for security but for convenience since the first node is on a VPS and the second node is on my desktop.  I compile Bitcoin Core from the source, so I'm not concerned about malware.  I suppose a node could be hacked by a malformed peer message but I don't consider it very likely.
Anti-Cen
Member
**
Offline Offline

Activity: 196
Merit: 25

High fees = low BTC price


View Profile
January 30, 2018, 12:57:30 PM
 #6

Not sure I would use a DMZ and would use a LAN behind the firewall and then block access to the machines from
getting out to the tinternet and just map ports needed for inbound NAT

free/cheap wifi rooters are not firewall unless they offer outbound blocking even if they do offer a DMZ
on one of the rj45 sockets

Mining is CPU-wars and Intel, AMD like it nearly as much as big oil likes miners wasting electricity. Is this what mankind has come too.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!