How to set up ec2 t1.micro Ubuntu for Masternode part 2/3

[mattmct]

Looks like the d is missing from line cp darkcoin /usr/bin in #9. I assume it should be cp darkcoind /usr/bin
Tried to run it. Got this error :/
./darkcoind

************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()

So close but yet so far!

Update: Tried running as root:


Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/root/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=93ZR2he5KT18yCevrZbG39AjVVtU8rqtSP1cSgMgLG8p
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

looks like I didn't make that file correctly, trying again

 

[chaeplin]

This is compile time
t1.micro

real13m51.049s
user12m30.675s
sys0m59.332s

m3.medium

real7m6.372s
user6m45.173s
sys0m14.749s

 

[chaeplin]

Looks like the d is missing from line cp darkcoin /usr/bin in #9. I assume it should be cp darkcoind /usr/bin
Tried to run it. Got this error :/
./darkcoind

************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()

So close but yet so far!

Update: Tried running as root:


Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/root/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=93ZR2he5KT18yCevrZbG39AjVVtU8rqtSP1cSgMgLG8p
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

looks like I didn't make that file correctly, trying again

I correct "d".

When you run darkcoind without config(rpcuser, rpcpassword), darkcoind shows that msg.

 

[mattmct]

I just made the config file, doubled checked the make sure it was there.

Now even as root , I can't get it to run.

darkcoind


************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()

 

[chaeplin]

I just made the config file, doubled checked the make sure it was there.

Check your darkcoin.conf, if there is line start with ----, add # in front of it.
I am sure.

#----

 

[mattmct]

Check your darkcoin.conf, if there is line start with ----, add # in front of it.
I am sure.

#----

haha, you my man, are a genius! I'm not sure how I didn't work that our myself lol, but many thanks!

"Darkcoin server starting"

 

[chaeplin]

haha, you my man, are a genius! I'm not sure how I didn't work that our myself lol, but many thanks!

"Darkcoin server starting"

Is that compiled darkcoind or Darksend/Masternode ?

I add compile step to assure "System is working", before run DarkSend Masternode.

 

[mattmct]

Is that compiled darkcoind or Darksend/Masternode ?

I add compile step to assure "System is working", before run DarkSend Masternode.

No that's just the darkcoind server. It still says the same "Darkcoin server starting"

working out how to check sync status before I move on to the next steps.

Update: darkcoind getblockcount = 50890

Looks good so far!

 

[chaeplin]

No that's just the darkcoind server. It still says the same "Darkcoin server starting"

working out how to check sync status before I move on to the next steps.

compare block height(no) with http://explorer.darkcoin.io/chain/DarkCoin or http://drk.poolhash.org/graph.html
use 'tail -f ~/.darkcoin/debug.log' to see log.

darkcoind getinfo

 

[mattmct]

Cheers chaeplin!
I just noticed as I started the server as root, it created the blockchain etc in a different folder, and not the home. So I rebooted, fired up darkcoind not in root, and it makes the files / blockchain etc in the correct place.
It's currently syncing.

 

[mattmct]

Thanks for all your help @chaeplin !!
I think it's up and running now!
Balance is 1000DRK
Master node count is 14

But I don't see my nodes IP on the list. Maybe it takes a while?

 

[mattmct]

Boom! There is goes! I'm on the list!

Thanks so much chaeplin!! Excellent guide and thanks for all the help along the way!

 

[dime]

Why is port 9998 rejected but every other port opened?

 

[chaeplin]

Why is port 9998 rejected but every other port opened?

Pubclic internet open ports are handled by EC2 SecurityGroups.
(ssh to specific address, 9999 to anywhere, and deny all input)

I don't know how ec2 handle internal traffic, so deny all 9998 from outside(rpc port).

 

[chaeplin]

I would recommend a few additional steps.
2.) Setup a root password - this is a big one.

I add this

sudo passwd -l root

 

[dime]

Pubclic internet open ports are handled by EC2 SecurityGroups.
(ssh to specific address, 9999 to anywhere, and deny all input)

I don't know how ec2 handle internal traffic, so deny all 9998 from outside(rpc port).

I don't understand what you just said. Are you saying you didn't write these iptables rules?

These are your inputs:

-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT

These look okay. They accept on port 9999 but reject more 2 connections from the same ip and more than 8 connections from the same class c network on port 9999. Your tcp flags are a bit funny. I don't think they'd be needed, but whatever.

-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset

What is this line? Why is there a line for port 9998?

-A INPUT -i eth0 -p tcp -j ACCEPT

Why this line? Why are you accepting all other traffic?



Similarly, with the outbound traffic

-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9999 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT

Lines 1-3 are redundant when the last line already accepts all outbound traffic.

 

[chaeplin]

I don't understand what you just said. Are you saying you didn't write these iptables rules?
~

-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT

These look okay. They accept on port 9999 but reject more 2 connections from the same ip and more than 8 connections from the same class c network on port 9999. Your tcp flags are a bit funny. I don't think they'd be needed, but whatever.

--tcp-flags FIN,SYN,RST,ACK SYN is equal to --syn.
--syn coneverted to "-tcp-flags FIN,SYN,RST,ACK SYN" by iptables.

       [!] --tcp-flagsmask comp
              Match when the TCP flags are as specified.  The first argument mask is the flags which we should examine, written as a comma-separated list, and the second argument comp  is  a  comma-
              separated list of flags which must be set.  Flags are: SYN ACK FIN RST URG PSH ALL NONE.  Hence the command
              iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
              will only match packets with the SYN flag set, and the ACK, FIN and RST flags unset.

       [!] --syn
              Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits cleared.  Such packets are used to request TCP connection initiation; for example, blocking such packets coming
              in an interface will prevent incoming TCP connections, but outgoing TCP connections will be unaffected.  It is equivalent to --tcp-flags SYN,RST,ACK,FIN SYN.  If the "!" flag  precedes
              the "--syn", the sense of the option is inverted.

-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
What is this line? Why is there a line for port 9998?

Reject any connection to 9998. 9998 is darkcoind rpcport.
If there is miss configuration in darkcoin.conf, it will be needed.
Security Group will deny it, but I want to make sure.

-A INPUT -i eth0 -p tcp -j ACCEPT
Why this line? Why are you accepting all other traffic?

To check input traffic.

Similarly, with the outbound traffic
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9999 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
Lines 1-3 are redundant when the last line already accepts all outbound traffic.

check outbound 9999 syn, estableshed outbound, other traffic.

I don't understand what you just said. Are you saying you didn't write these iptables rules?

I wrote iptables rule.

You asked me "Why is port 9998 rejected but every other port opened?"

Read https://www.darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/

 

[dime]

Ahhh, I see.. 9998 is the rpc port.

Those lines are also redundant then, as the security group should block it.

You should specify in your guide that your iptables rules are only for people using this in amazon instances with a port filter. From reading just the iptables rules and without coupling a port filter provided by amazon, they don't make sense and are insecure.

If someone else were to create a vm on some other provider, and only used the steps in the second half, they would have all ports opened by those rules.

 

[chaeplin]

Ahhh, I see.. 9998 is the rpc port.

comment added.

 

[zuperdoge]

chaeplin, everything looks to be working fine, but I noticed a message the occurs in the debug.log often and was curious if this is normal:

2014-04-15 00:51:30 ProcessMessage(dsee, 67 bytes) FAILED

UPDATE:
This appears to happen after an IP is deemed invalid. So it does look like things are worked as intended.

2014-04-15 01:49:20 accepted connection 199.188.203.26:54677
2014-04-15 01:49:20 partner 199.188.203.26:54677 using obsolete version 60011; disconnecting
2014-04-15 01:49:20 ProcessMessage(version, 106 bytes) FAILED
2014-04-15 01:49:20 disconnecting node 199.188.203.26:54677