Closed AskAlexSharov closed 1 year ago
I would guess that you have a peer that has an address of 172.248.195.186, and you've blocked them with the rule -A OUTPUT -p udp -d 172.0.0.0/8 -j DROP
. The rule that Hetzner provide, 172.16.0.0/12
, would not block that address. The peer address likely comes from a tracker or DHT query. Try relaxing the firewall rule to 172.16.0.0/12
.
We recommend next list of firewall rules (with references to RFC's): https://github.com/ledgerwatch/erigon#hetzner-expecting-strict-firewall-rules But seems it breaking some
anacrolix/torrent
requests. Next error in logs:I'm not network-hero - don't really understand the source of problem. Maybe sending packets to wrong sub-net, or maybe I miss-configured something (for example - maybe I need apply
NAT ExternalIP resolution
to all peers connections).Do you have any advise?
Other comments on this topic: https://github.com/ledgerwatch/erigon/issues/6034#issuecomment-1506735329