search

shermand100 / PiNodeXMR

Monero Node for Single Board Computers with Web Interface and additional tools pre-configured. Self Installing.
GNU General Public License v3.0
213 stars 41 forks source link

Confusion in README about port forwarding #36

Closed lobster-kerouac closed 3 years ago

lobster-kerouac commented 3 years ago

I've just finished setting up a node and want to say first that I love this project and a huge thanks to making it happen!

I think there is some confusing information in the README regarding port forwarding. Right now it says that one should forward 18081 so they can connect their mobile (or whatever) wallet to their node from anywhere in the world using the user:pass combo setup in setup.sh.

From what I understand this is only for users running the "Private Node" option. If running a "Public Free" node then the forwarded port should be whatever is in monero-port-public-free.sh (defaults to 18089). Based on the discussion in #34 and #9 I think this is correct, but I would appreciate any additional insight.

In fact, if I'm reading monerod-start-public-free.sh correctly (might not be true) then it would seem that forwarding 18081 while in the "Public Free" mode will provide unrestricted RPC access to the node to anyone, with no password required.

Given all that it seems that a sensible setup for a default Public Free node would be to only forward ports 18080 (to help sync the blockchain) and 18089 (for free restricted RPC access to anyone anywhere). Is that correct?

If so, I don't think this subtlety is captured in the README or Node Control page. I would be more than happy to help update this.

Thanks again!

shermand100 commented 3 years ago

Port forwarding for the public (free) node should be 18089 for RPC and 18080 for p2p. The reason there is a unrestricted 18081 port in free mode is to allow rpc/get_info calls by the backend scripts that produce the status calls to the web interface. Inconveniently get_info can't be run on restricted ports. So 18089 is restricted and can safely be exposed without people having the ability for outsiders to start mining on your device.

For Private Node use 18081 for is for RPC and requires user:pass for private use.

I felt there was a need for a conscious change in port number so a user didn't accidentally expose a free but unrestricted port. I imagined that most users will start the node in their preferred method and kind of just leave it. Changing between private/free often could accidently expose the port but I can't image why someone would be doing that.

If this isn't clear or just produces more problems then you're more than welcome to make changes. This project is for everyone.

lobster-kerouac commented 3 years ago

Ok, thanks for clarifying. Everything you're saying sounds totally reasonable. My issue is that the main README makes no mention of port 18089 and just says "forward port 18081". This certainly confused me as I was getting into it and I'm worried that someone may follow the README and then click the "Public Free" option, which would expose the unrestricted port to the outside world (because they forwarded 18081).

I'll work on a PR for this, but anyone please feel free to chime in!

shermand100 commented 3 years ago

@lobster-kerouac I've just seen your commit requests, not sure why it didn't ping me when you put them on. I'll take a look this evening and incorporate them when I'm not on mobile.

lobster-kerouac commented 3 years ago

Sorry for the late reply @shermand100. Thanks for getting this merged!