Specify custom RPC port

[Steve-in-TX]

I tried using ip:port syntax but that didn't work. There should be a way to specify a non-standard port for cgminer. I have multiple machines behind a single IP and the antminer-monitor is running on a vm outside of that network. Port forwarding isn't a problem but I need a unique port for each machine. Currently the software doesn't appear to support a non-standard port.

[anselal]

Hi @Steve-in-TX, thnx for using #AntminerMonitor. You are right, at the moment the app uses the default port for cgminer. This is because I wanted to make the app easy to use since adding another field when adding the miner would confuse many users, especially a port number. It is not a good practice to open so many ports on your router for several reasons: 1) security 2) maintenance ... each time you add a new miner you will have to open a port. That makes no sense. Instead install the VM inside your network and just open only one port so you can access the app. I hope my suggestion works out for you

[anselal]

@Steve-in-TX did you find to time to test out my suggestions ? Shall I close this issue ?

[Steve-in-TX]

It wasn't so much a bug as a feature request which you don't want to implement, so go ahead and close it.

[anselal]

I can implement it if you want but i think that your setup is wrong. The vm should run behind the router inside your miner's network and you should forward only the app's port

[sembukv]

@anselal first of all, thank you a lot for such useful tool! In my personal case, the possibility to set ip:port is nearly a paramount importance and the reason of it is I don't have a possibility to scope all the miners in one location(because of electricity issues), so I had to place miners in different places. It leads to such problem - unavailability of monitoring all the miners from one interface. I'll be super happy if you could do such customization in your spare time and I'm pretty sure that I'm not the only person who needs it. Thank you in advance.

[anselal]

@sembukv thank yo for your kind words. I will add another field for the cgminer port in the form. It is not much of a trouble. I will set the default cgminer port as the default value for that field which of course you could modify as it suits your needs. When I close this issue you will be notified via email so you know that I have implemented this new feature. Feedback would be appreciated since errors could occur cause I cannot test this new feature with other than the default port.

[gnanet]

I have access to a rather big farm, and can test the theory with creating port-forwards from a RPi3 to the respective miners, and test some cases with custom ports

[mikespax]

I'm also planning to have miners in various places and being able to use some port forwarding magic to get everything to work sounds great.

As long as I change off the default username and password on each of my miners and use some non common ports, what kind of potential security issues could I be looking at?

[anselal]

If you expose your miners to the internet, even if you change the default password, you can always be victim of a brute force attack. It is just not safe.

[mikespax]

So I change the password on each miner to a unique 20 character randomly generated password. The benefits of not requiring a separate device to monitor is huge I think. You don't believe there's enough security precautions available to counter the risk?

On Dec 23, 2017 23:46, "Anastasios Selalmazidis" notifications@github.com wrote:

If you expose your miners to the internet, even if you change the default password, you can always be victim of a brute force attack. It is just not safe.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/anselal/antminer-monitor/issues/32#issuecomment-353752469, or mute the thread https://github.com/notifications/unsubscribe-auth/AOTNFkkLFdmOoKFpPjS04XyzIMPIrfn2ks5tDYKzgaJpZM4Q0H4b .

[anselal]

I honestly don't think that it is a good idea to expose your assets to the global internet. That is all I can say. It is up to you to decide if you are doing a good job protecting your miners.

My opinion is that the best solution would be to set up a local VPN server and connect to it using a private certificate.

[webhunter69]

Thanks @anselal for referring me to here.

Regarding to what I read here, I actually want to use it for local network, and agree global can be dangerous, although I did read in changelog of S9 November firmware, that they closed port 80, as everyone could easily visit with root:root.

I want to use 192.168.1.200:4028 I want to use 192.168.1.200:4029 I want to use 192.168.1.200:4030 I want to use 192.168.1.200:4031 and so on...

However, I do recommend some kind of user:pass to fill in with a warning text such as "You can enable/disable the user login after logging in the first time. Using a strong username and password is highly recommended when planning to use this on the global web which gives everyone access to your own network" which has to be filled in right after executing create_db.py so the values can go straight into the db which will be step2 (currently the only step).

(if people not like it because they use at private network, then they can after logging in the first time, always disable it)

This is in my opinion the best solution.

[anselal]

@Steve-in-TX do you forward the RPC port or the Web Interface port ?

[Steve-in-TX]

The RPC port, and it's allowed only from specific IP addresses, so the normal concerns about opening ports doesn't apply in my case.

------ Original Message ------ From: "Anastasios Selalmazidis" notifications@github.com To: "anselal/antminer-monitor" antminer-monitor@noreply.github.com Cc: "Steve-in-TX" steve@sthomas.net; "Mention" mention@noreply.github.com Sent: 1/8/2018 11:22:25 AM Subject: Re: [anselal/antminer-monitor] Specify port (#32)

@Steve-in-TX https://github.com/steve-in-tx do you forward the RPC port or the Web Interface port ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/anselal/antminer-monitor/issues/32#issuecomment-356033244, or mute the thread https://github.com/notifications/unsubscribe-auth/AgpGC6tl8Iaqr9o6errVI-l_FEJ6BATlks5tIk7QgaJpZM4Q0H4b.

[anselal]

OK. Just wanted to cross check. I will add another field in the form or add the functionality to add the port in the form IP:PORT. This will save some space in the form ;) Unless some people forward 2 ports, one for the Admin Interface and one for the API so this would require to add two port numbers. The API port for the STATS and the UI port for the link in the table.. What do yo think ?

[webhunter69]

I personally not mind to have whatever ports open, as all my hardware firewalls would make it impossible to get even near it.

However, if the plan is really to allow open ports for the additional reason being able to access from a different location (world wide access), then may I highly suggest a standard MAC Address filter? Even cheap $10 routers have that built in :)

I think that’s the best solution @anselal 👍👍

So basically only people with the “know-how” are able to use it in this way, which is when the following set of rules are set by default;

Connections from ip’s or ip ranges can by-pass MAC Address Filter: 127.0.0.1 10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255 And additionally if after adding whatever range, or filling in nothing (allow all devices to enter) is up to the person themselves. Additionally can use up address/range As well as macaddress, if both sections are empty, it would be very unsafe, but at least possible.

What are your thoughts?

But per default leave those network ranges as standard allow, and if not mentioned, Not allow to connect :)

People who not know anything about networks, wouldn’t understand it anyway.

[anselal]

@hansje69 Well said, but I think that the conversation about security is out of this topic. Let's just stick to the fact that some people forward the RPC port on their routers and they want me to add support for it.

My main problem was that it was not clear to me what port they forwarded in the first place, since some people thought that my software communicates with the miner via the Web Interface on port 80.

After we made clear that this was not the case we clarified to add support for custom RPC port.

Sorry, but the way they handle the security on their network is not my concern. I can only state my opinion that this is not secure since they expose their miners to the Internet.

[webhunter69]

@anselal , you did not include different port function other than 4028 yet right ? for v0.3.0

[anselal]

Sorry @hansje69 it is the next step. I am working on a new layout and design that's why I didn't include this change yet. Please be patient and I will add it as soon as possible. I will probably release a new version within a week or so

[webhunter69]

Will you include localhost tunneling script as well? or leave that up to everyone to do themselves who for whatever reason MUST be able to monitor their miners elsewhere/abroad/etc ?

I've read some use localhost tunneling services such as pagekite, or another one, which costs a certain fee for using their service if premium instead of basic.

[anselal]

Unfortunately tunnelling won't be part of this software, at least not in the near feature. You can set up tunnelling via ssh which is free to use.

[anselal]

Almost ready. Need to run a couple more test here...

[danter83]

Hi anselal - I am using lot of miners with mentioned setup, IP:port , just wondering if you been successful with development of port feature ?

[anselal]

@danter83 thank you for using my software. This feature will be part of the upcoming release along with some other features.