Mining behind a firewall

[Cryptoman]

I have a cluster of miners that is behind a firewall (no incoming 8332/8333).  I have no control over the routing.  Currently, I am running bitcoind on each mining machine, and each one establishes 8 connections.  Are these connection IPs hard-coded into the source?  Anyway, I also have another, remote machine which doesn't mine but which is is running bitcoind and has no firewall restrictions.  

Am I limiting my ability to acquire new transactions in a timely manner by having these miners behind a firewall?  I tried having the miners get work from my remote bitcoind server, but bitcoind seems to hang after a few hours.  Does it make sense to have bitcoind running on each miner or on just one miner?  Should I include my remote bitcoind server on the list of nodes using addnode?  Thanks for any insight/suggestions.

[Mike Hearn]

It doesn't make a big difference. Accepting inbound connections is good for the health of the network, beyond that it won't affect BitCoins operation.

[Garrett Burgwardt]

More connections is nice but the standard 8 should be fine for your purposes. The 8 connections come from an IRC room where clients join and connect to 8 random people (or so my understanding is).

So no, you should be fine. Good luck mining!

[theymos]

Are these connection IPs hard-coded into the source?

No. You connect to an IRC channel to get a list of all active Bitcoin peers. Then you choose 8 at random (basically). You will also be listed on that channel, though peers won't be able to connect to you from the outside.

I recommend running the miners with -connect=<IP of networked bitcoind>. This connects only to the specified IP, and it prevents you from being listed on IRC. Then you are well-connected, but you avoid wasting network resources.

Not being well-connected is only a minor disadvantage. You can replicate some of the advantage by running the miners with -maxconnections=20, which will increase the number of outgoing connections to the specified amount. You might also do -maxconnections=4 and -noirc to decrease the number and stay off IRC (you'll bootstrap from your network node), and then use addnode to connect to your networked bitcoind: this decreases network load without relying completely on your networked computer.

(Edit: I just discovered that maxconnections can't increase the number of connections from 8, as I always assumed.)

[Cryptoman]

You might also do -maxconnections=4 and -noirc to decrease the number and stay off IRC (you'll bootstrap from your network node), and then use addnode to connect to your networked bitcoind: this decreases network load without relying completely on your networked computer.

This sounds like the best solution.  Thanks.

Get yourself a VPN for 10$/month or so and bingo, no problem with firewall. But make sure that VPN you get works over your firewall, if not look for so called SSL VPN i.e. those working on port 443.

I have a couple of routers that I was going to put Tomato VPN on and give this a try.  I don't like the idea of having a single point of failure though.  Do commercial VPN providers have multiple access points spread across the internet?