Unable to ping ports 31400-31409 (open)

[Sebastiaan512]

DHCP Reservation - router forwarding - firewall input rule

First - DHCP Reservation for my computer with the Mac address associated with my ethernet port. Second - Through the router with the reserved IP I've done a port forwarding with the ports 31400-31409. Third - Made a new input rule in windows following the instructions 31400-31409.

Port forwarding w/ view of my available router firewall and advanced options.

[ihatejam]

fyi - your LAN IP address cannot be used by us outside of your network - so it is typically not necessary to mask it (but it doesn't hurt to be careful). It is the router's public/WAN ip address that needs to be masked - this is the one that is typically directly reachable from outside - which I in fact suspect is not the case here and is the source of your grief...

The thing to check next is whether the ISP is doing their part - i.e. allowing port-forwarding. Something that could help you check this is:-

(1.) go here to check your port forwarding - it will autoreport your public IP address- chances are that it will fail - but it helps to sanity check things - https://www.ipfingerprints.com/portscan.php (1.1.) are ports 31400-31409 reporting open? (I'm guessing not) (1.2.) note down the public ip address that this site reports you to be using (do NOT post it here) - I'll call it

(2) Check the config of your router to see what ip address it reports as being assigned by your ISP (do NOT post it here) - let's call it - note it down.

If and are the same, then your setup/config is likely the issue (if the ISP is not blocking port-forwarding).

Now if and are NOT the same, then either (A) you have an additional router (sometimes more than one) sitting between your main router (usually provided by your ISP) and the router you are configuring the forwarding on. or (B) your ISP does not provide "true" public IP addresses to its subscribers - so your port-forwarding efforts will have zero effect.

To recover from (A) a bit more work is needed - you need to forward those same ports from the ISP's router to the router connecting to your node. If there are multiple routers in between then each will have to be set up with forwarding those ports to the next router in the chain. You can also get around this with a VPN service (supporting port-forwarding) like Surfshark or NordVPN.

To recover from (B) with help from your ISP - call them up and explain that you want to do port forwarding. If they can't help - then either move to an ISP that can do it or to use a VPN service (supporting port-forwarding) like Surfshark or NordVPN.

[Sebastiaan512]

I really appreciate the detailed help THANK YOU!

fyi - your LAN IP address cannot be used by us outside of your network - so it is typically not necessary to mask it (but it doesn't hurt to be careful).

Didn't know this

It is the router's public/WAN ip address that needs to be masked - this is the one that is typically directly reachable from outside - which I in fact suspect is not the case here and is the source of your grief...

The thing to check next is whether the ISP is doing their part - i.e. allowing port-forwarding. Something that could help you check this is:-

(1.) go here to check your port forwarding - it will autoreport your public IP address- chances are that it will fail - but it helps to sanity check things - https://www.ipfingerprints.com/portscan.php (1.1.) are ports 31400-31409 reporting open? (I'm guessing not) Host is up.

PORT - STATE - SERVICE

31400/tcp filtered pace-licensed

others are "filtered" state with "unknown" service

(1.2.) note down the public ip address that this site reports you to be using (do NOT post it here) - I'll call it

(2) Check the config of your router to see what ip address it reports as being assigned by your ISP (do NOT post it here) - let's call it - note it down.

If and are the same, then your setup/config is likely the issue (if the ISP is not blocking port-forwarding).

Now if and are NOT the same, then either (A) you have an additional router (sometimes more than one) sitting between your main router (usually provided by your ISP) and the router you are configuring the forwarding on. or (B) your ISP does not provide "true" public IP addresses to its subscribers - so your port-forwarding efforts will have zero effect.

It seams to be different (Modem IP Address is what I'm looking at correct?)

To recover from (A) a bit more work is needed - you need to forward those same ports from the ISP's router to the router connecting to your node. If there are multiple routers in between then each will have to be set up with forwarding those ports to the next router in the chain. You can also get around this with a VPN service (supporting port-forwarding) like Surfshark or NordVPN.

To recover from (B) with help from your ISP - call them up and explain that you want to do port forwarding. If they can't help - then either move to an ISP that can do it or to use a VPN service (supporting port-forwarding) like Surfshark or NordVPN.

Ill call my ISP but I have the feeling that it wont make a difference based off forums where they're mentioned.

I have Nord, I didn't know it could do that. I'm guessing its the custom DNS or manually changing the "TCP/IPv4" to the NordVPN's DNS server. Otherwise on their FAQ port forwarding isn't integrated for safety.

Once again thank you for replying

[ihatejam]

Yep. The result you got from ipfingerprints site implies that the issue is with your ISP. This is confirmed by the mismatch between your modem ip address and what the outside world (ipfingerprints) thinks it should be. So other pi nodes really have no clear route to reach your pc. I have personally used surfshark vpn while traveling to keep my node working - no additional config was necessary besides the local windows firewall adjustment you are already familiar with. Others have told me that NordVPN works as well, but i have not used it myself. It could be worth checking if running up NordVPN (without any other config changes) on your node PC makes the ipfingerprints test report the ports as open. If not, give surfshark a try (they also claim to NOT support port forwarding, but it definitely worked for me 3 months ago)

[viktorgogulenko]

I'm using Vodafone ISP in Germany and seems I will not be able to configure Pi Node as even though my ports are opened in router (FritzBox 6490) and on localhost:31400 I'm seeing "OK FROM PORT 31400" , https://www.ipfingerprints.com/portscan.php is still showing that ports are all "filtered" and not opened so Pi Network port listener is failing while checking my ports. Unfortunately seems I'm blocked. :(

[mokhabarat]

hey guys, thanks for all ur help. I went the easy way (supposedly) and purchased a vpn subscription called Private Internet Access. they claim to support port forwarding and even have a button in their app to activate it. But somehow it still doesnt work, i contacted their support and they said the problem is with my end. If anyone is familiar with them please advise if there are any special settings to configure in order to get the node working, otherwise ill just return it with the 30 day money back and get surfshark

[ihatejam]

Looking at your last pic of the troubleshooting page -- Everything looks fine - your node is working and is in sync. So your port forwarding is working just fine. What makes you think that it is not working?

[mokhabarat]

i have no incoming connections and i'm not supporting other nodes. is that normal?

[ihatejam]

You're fine! -- I was going to leave my response at this, but thought you may have more questions, so...

if your inbound port forwarding was not working, then even establishing "Outgoing connections" would not be possible. For most nodes, "Incoming connections=0" is normal -- Installations that are later upgraded to supernode status (based on availability stats) will show more inbound connections - these would automatically switch to "Supporting other nodes=yes".

The stellar-dummy container is the one intitially used when testing all the open ports (31400-31409) - it is automatically stopped when the consensus container is started since it needs access to the same ports. If you did a port test at https://www.ipfingerprints.com/portscan.php while the consensus container is running, it should report only a handful of open ports (as opposed to all ports when the stellar-dummy is running) - this is normal.

hope this helps

[mokhabarat]

perfect! thank you for your help

[cheme75]

not sure what's going on here on win 10 pc- got docker running with no issues, shows server listening on the ports 31400-31409, stellar-dummy is running. On Pi node info, shows all port green so open - I do "check now" and I get downloading ports listener with green check, starting ports listener with green check, then pinging your computer does nothing. I initially got the node running on an old laptop but it was old and too slow. Left docker and node running in background but too difficult to work on the machine. So, I moved HD with win10 to a less old desktop, got win10 re-authorized, updated all drivers now the docker and node seem to be running reliably. I'm not sure how to get noticed to get the official container and not sure if the ping is a problem hindering my node to be accepted. ipfingerprint port scan shows external ip and shows all ports are open. Kind of frustrating to be sort of stuck in limbo. Any help is appreciated!

[ihatejam]

What does https://www.ipfingerprints.com/portscan.php report when you check your port forwarding from a browser on the node pc.

Please don't post pictures of the ipfingerprints results without obfuscating your public IP address.

[cheme75]

What does https://www.ipfingerprints.com/portscan.php report when you check your port forwarding from a browser on the node pc.

Please don't post pictures of the ipfingerprints results without obfuscating your public IP address.

Says All are Open:

So what’s next? Too late for node to join network now that main net is going live? Continued frustration?

[ihatejam]

Seems like you're good to go -- just leave the Node in this state until it is picked up later to run the consensus container. Even if the core team does not (for whatever reason) send you the consensus container running against the testnet, your node's listening time will, according to the core team, still be included in the reward calculation mentioned in the last couple of mainnet announcements, just as if it was actually running the consensus container.

[cheme75]

Seems like you're good to go -- just leave the Node in this state until it is picked up later to run the consensus container. Even if the core team does not (for whatever reason) send you the consensus container running against the testnet, your node's listening time will, according to the core team, still be included in the reward calculation mentioned in the last couple of mainnet announcements, just as if it was actually running the consensus container.

Ok. Will give it some time. The old laptop would go to sleep or battery would die if I had to move it from plug so may not have been online continuously enough to get found. This old desktop PC stays online so maybe a better chance of getting picked up.

Meanwhile, off topic but port related. Some users on various forums question the wisdom of opening ports due to security risks. But with these ports only for incoming traffic, only for this PC, doesn’t that still block sending data on these ports? Why would these open ports be any more of a risk than port 80 for web traffic or 9100 for printer access or the various ports for email, for example?

[ihatejam]

Yep - not much risk if you're forwarding ports to docker container does not have access to anything meaningful on your PC.

[cheme75]

FWIW, it just took some time - I left it running and the consensus container loaded and is running well.

[zlove304]

I dont have access to my routers admin page because my isp locks it down So i went with PIA vpn enabled port forwarding but still no luck. looking for any help thanks

[AbelKinkela]

Guys I am trying to use my phone's hotspot. And getting ping computer all ports not open. Any chances this will work?

[cheme75]

Guys I am trying to use my phone's hotspot. And getting ping computer all ports not open. Any chances this will work?

Read further up, you’ll probably need to use a vpn to open the ports. Although if you are pinging from computer, you might just need to open the ports on the pc firewall. I added a rule to allow incoming traffic for the ports to my docker pc ip, from any ip. Also I did have to port fwd each port in my router to the docker pc ip - not sure if you can do same via vpn.

[abebawmulat]

I was trying to run a pi node on my pc. I try to open a port from 31400-31409 on D-Link port. And also, I adjust the setting on the firewall to have a permission for those ports. But after following those steps, even now I can't run the pi node on my pc. Can any one help me?

[cheme75]

not sure what the service AUTH is used for on the system, but rather than use a pre-defined service and change its settings - I setup a custom or user defined service "pi-node" then setup its port forwarding - I don't think it matters unless AUTH was a predefined service that was in-use that is now changed and not working - I guess if all other networking seems normal, its ok. Otherwise things look ok since all the ports are in green, I believe if they are found closed or unavailable, they are listed in red. For me, it took several tries to get the dummy container which is used for the ports checker - I found some info in Issue #93 that helped get both the ports checker to finish and then get the consensus container for the testnet - I'm stil without kyc so its still on testnet, but it seems to be ok most of the time, although the mobile app can go days without any bonus.

[mrtaotao789]

All port are OPEN via the other not the PI-NODE, i very confuse T_T Someone please help me or remote to config my com.Thanks.

[cheme75]

Does your docker dashboard show stellar-dummy in the containers section? If not there, something may be blocking docker from pulling that container which is what does the port checking. See issue #93 for info on things to do to be sure the ports are setup right on the pc, and then reinstall docker. Worked for me.

[mrtaotao789]

Does your docker dashboard show stellar-dummy in the containers section? If not there, something may be blocking docker from pulling that container which is what does the port checking. See issue #93 for info on things to do to be sure the ports are setup right on the pc, and then reinstall docker. Worked for me.

Yes, it has stellar-dummy in the containers section, when press button Check-now in PI-NODE App, it run normal but all port -fw are close. Does you remote via Anydesk-App remote to fix this, thanks

for #93 i followed all step, result all port are close.

[mrtaotao789]

For this pic, i press Play button on Containers-Docker and check port-fw via WEBSITE and PI-NODE in same time.https://www.ipfingerprints.com/portscan.php How do i fix it, wait for someone remote to fix that, thanks

[NeyMR]

hello 👋, need help?? , join us in our Node help chat https://t.me/PiNodechat , we're always glad to help 🤓👍

[cheme75]

Try the node chat. I don’t use that app. Best I can tell, it may be be your windows firewall - try creating rule for in and out. Plus docker sets up a separate subnet that may need a rule, my normal network is 192.168.x.x, but docker is on 172.x.x.x - may need to allow tcp traffic on that subnet.

[cheme75]

For this pic, i press Play button on Containers-Docker and check port-fw via WEBSITE and PI-NODE in same time.https://www.ipfingerprints.com/portscan.php How do i fix it, wait for someone remote to fix that, thanks

I believe checking ports sends the run command to the container. I never had to start the stellar-dummy separately. After I got it to check my ports I just left everything alone for a week or so after I got the pink button to run the blockchain and it eventually got the consensus container and started running.

[mrtaotao789]

Try the node chat. I don’t use that app. Best I can tell, it may be be your windows firewall - try creating rule for in and out. Plus docker sets up a separate subnet that may need a rule, my normal network is 192.168.x.x, but docker is on 172.x.x.x - may need to allow tcp traffic on that subnet.

now i close all Firewall (close.. Private Public and Domain) for test, result as... my port forward are open via test on website (https://www.ipfingerprints.com/portscan.php) but not-open via pi-node.

i have 2 pc and now they are same result T_T!

[Donnie1992]

Same problem here, port scan and everything is open. Yet still shows closed in checker. After that it also writes portsCheckPassed":true into the user preferences.json file. So when u open it again it just gets stuck on loading.

[N0JDAR]

Can anyone help me set a new port in the Huawei HG8245H router because I'm tired of trying, specifically port 31400-31409