Amongst other things, the nodemanager takes from its configuration file a list of "well-known" (i.e. typical for Seattle) TCP ports to listen on. If the node has a public IP address, the nodemanager will listen on that address and one of the ports for incoming TCP connections. It will also advertise that IP and port under the user keys of the owner(s) and user(s) of the node.
If the node has a private IP address, it needs to use a NAT forwarder as incoming connections from the public Internet won't be routed to it. Currently, the nodemanager also uses a port from the ports list as the source port for its outgoing connection to the NAT forwarder.This doesn't make sense. That port is never visible to any client trying to connect to the node via the forwarder. Just use a random ephemeral port.
Amongst other things, the nodemanager takes from its configuration file a list of "well-known" (i.e. typical for Seattle) TCP ports to listen on. If the node has a public IP address, the nodemanager will listen on that address and one of the ports for incoming TCP connections. It will also advertise that IP and port under the user keys of the owner(s) and user(s) of the node.
If the node has a private IP address, it needs to use a NAT forwarder as incoming connections from the public Internet won't be routed to it. Currently, the nodemanager also uses a port from the ports list as the source port for its outgoing connection to the NAT forwarder.This doesn't make sense. That port is never visible to any client trying to connect to the node via the forwarder. Just use a random ephemeral port.