How to set up ec2 t1.micro Ubuntu for Masternode part 2/3
- Thread starter chaeplin
- Start date
Pubclic internet open ports are handled by EC2 SecurityGroups.
(ssh to specific address, 9999 to anywhere, and deny all input)
I don't know how ec2 handle internal traffic, so deny all 9998 from outside(rpc port).
I don't understand what you just said. Are you saying you didn't write these iptables rules?
These are your inputs:
These look okay. They accept on port 9999 but reject more 2 connections from the same ip and more than 8 connections from the same class c network on port 9999. Your tcp flags are a bit funny. I don't think they'd be needed, but whatever.
What is this line? Why is there a line for port 9998?
Why this line? Why are you accepting all other traffic?
Similarly, with the outbound traffic
Lines 1-3 are redundant when the last line already accepts all outbound traffic.
--tcp-flags FIN,SYN,RST,ACK SYN is equal to --syn.
--syn coneverted to "-tcp-flags FIN,SYN,RST,ACK SYN" by iptables.
Code:
[!] --tcp-flagsmask comp
Match when the TCP flags are as specified. The first argument mask is the flags which we should examine, written as a comma-separated list, and the second argument comp is a comma-
separated list of flags which must be set. Flags are: SYN ACK FIN RST URG PSH ALL NONE. Hence the command
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
will only match packets with the SYN flag set, and the ACK, FIN and RST flags unset.
[!] --syn
Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits cleared. Such packets are used to request TCP connection initiation; for example, blocking such packets coming
in an interface will prevent incoming TCP connections, but outgoing TCP connections will be unaffected. It is equivalent to --tcp-flags SYN,RST,ACK,FIN SYN. If the "!" flag precedes
the "--syn", the sense of the option is inverted.Reject any connection to 9998. 9998 is darkcoind rpcport.
If there is miss configuration in darkcoin.conf, it will be needed.
Security Group will deny it, but I want to make sure.
To check input traffic.
check outbound 9999 syn, estableshed outbound, other traffic.
I wrote iptables rule.
You asked me "Why is port 9998 rejected but every other port opened?"
Read https://www.darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/
Ahhh, I see.. 9998 is the rpc port.
Those lines are also redundant then, as the security group should block it.
You should specify in your guide that your iptables rules are only for people using this in amazon instances with a port filter. From reading just the iptables rules and without coupling a port filter provided by amazon, they don't make sense and are insecure.
If someone else were to create a vm on some other provider, and only used the steps in the second half, they would have all ports opened by those rules.
Those lines are also redundant then, as the security group should block it.
You should specify in your guide that your iptables rules are only for people using this in amazon instances with a port filter. From reading just the iptables rules and without coupling a port filter provided by amazon, they don't make sense and are insecure.
If someone else were to create a vm on some other provider, and only used the steps in the second half, they would have all ports opened by those rules.
chaeplin, everything looks to be working fine, but I noticed a message the occurs in the debug.log often and was curious if this is normal:
UPDATE:
This appears to happen after an IP is deemed invalid. So it does look like things are worked as intended.
Code:
2014-04-15 00:51:30 ProcessMessage(dsee, 67 bytes) FAILEDThis appears to happen after an IP is deemed invalid. So it does look like things are worked as intended.
Code:
2014-04-15 01:49:20 accepted connection 199.188.203.26:54677
2014-04-15 01:49:20 partner 199.188.203.26:54677 using obsolete version 60011; disconnecting
2014-04-15 01:49:20 ProcessMessage(version, 106 bytes) FAILED
2014-04-15 01:49:20 disconnecting node 199.188.203.26:54677
Last edited by a moderator:
Ugh, I've been trying to redo my MN by using this tutorial, and I thought my problem was due to the disabling of logging in as root, but actually, it's because of the iptables. I can no longer ssh into my instance when I reboot after step 7. Does it mess with my ssh security group (ssh, port 22, my ip only)?
Is anyone else having trouble? Because I'm following these instructions to the T The only warning I got in the above steps was when I did:
update-rc.d ntp defaults
and it said system start/stop links already existed.
Why can't I log back in after reboot? (refused)
Is anyone else having trouble? Because I'm following these instructions to the T The only warning I got in the above steps was when I did:
update-rc.d ntp defaults
and it said system start/stop links already existed.
Why can't I log back in after reboot? (refused)
Last edited by a moderator:
'update-rc.d ntp defaults' is ntp related not to sshd.
Did instance say "ssh login to root refused" or "connection refused" ?
Use ubuntu as login user.
If you need root privilege, use 'sudo command' or 'sudo su -'
I will revise the guide to seperate 'login user' and 'Masternode user'
Yes, it said connection refused, and yah, I know about ssh, just wanted to be thorough that everything went like clockwork.
Did this several times, terminating the instance to start up anew. BTW, another thing that never happened before with my ec2, I cant get updates unless I open all ports. I figure, I'd open all ports to allow for updates, but close them when I'm ready to put my program in.
But yes, until I reboot, everything is going swimmingly. I can log in as Ubuntu with putty and winSCP no problems, but when I reboot, I can't.
Did this several times, terminating the instance to start up anew. BTW, another thing that never happened before with my ec2, I cant get updates unless I open all ports. I figure, I'd open all ports to allow for updates, but close them when I'm ready to put my program in.
But yes, until I reboot, everything is going swimmingly. I can log in as Ubuntu with putty and winSCP no problems, but when I reboot, I can't.
* I have checked ntp and following added.
For ssh problem.
1) can you check if public address of instance changed ?
2) comment iptables /etc/rc.local
3) check /etc/iptables
https://www.darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/
http://i.imgur.com/ltTVWw0.png
Code:
update-rc.d ntp enableFor ssh problem.
1) can you check if public address of instance changed ?
2) comment iptables /etc/rc.local
Code:
#/sbin/iptables-restore < /etc/sysconfig/iptables4) check instance setup option
https://www.darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/
http://i.imgur.com/ltTVWw0.png
Last edited by a moderator:
I had an idea, after doing apt-get update and apt-get distro upgrade, I rebooted and couldn't log back on. So this is a problem with the Ubuntu upgrade (I think) rather than anything here... I read that it was unstable, and should be reviewed carefully for changes that it wants to do before hitting Y as it will remove some packages and install others, which might not be what you'd want.
I didn't bother, I just hit Y lol.
I didn't bother, I just hit Y lol.
Last edited by a moderator:
Could it be I'm not able to broadcast? Is there a quick way to see if my MN is broadcasting it's ip address and status, or if somehow the settings are blocking it?
Ugh, would you believe I put the wrong ip address in the config file?
Last edited by a moderator:
I did.. LOLUgh, would you believe I put the wrong ip address in the config file?
First time, I forgot to even add my IP to the darkcoin.conf. lolUgh, would you believe I put the wrong ip address in the config file?
Stuck on # 11
can't seem to run darkcoind
can't seem to run darkcoind
Code:
[email protected]:~$ darkcoind
terminate called after throwing an instance of 'std::runtime_error'
what(): locale::facet::_S_create_c_locale name not valid
Aborted (core dumped)
[email protected]:~$
Last edited by a moderator:
check this
https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/
http://stackoverflow.com/questions/...-localefacet-s-create-c-locale-name-not-valid
Code:
:~$ export
declare -x HOME="/home/ubuntu"
declare -x LANG="en_US.UTF-8"
declare -x LESSCLOSE="/usr/bin/lesspipe %s %s"
declare -x LESSOPEN="| /usr/bin/lesspipe %s"
declare -x LOGNAME="ubuntu"
declare -x LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:"
declare -x MAIL="/var/mail/ubuntu"
declare -x OLDPWD
declare -x PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
declare -x PWD="/home/ubuntu"
declare -x SHELL="/bin/bash"
declare -x SHLVL="1"
declare -x TERM="xterm-256color"
declare -x USER="ubuntu"
:~$ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
Hmm, should not do so often(try connet to one ip address).
The ip address(192.99..) is seeder ip, so don't be a problem.
Check darkcoin.conf, whether externalipis changed.
My suggestion is 1) stop darkcoind, 2) remove peers.dat, 3) run again.
while I was waiting for help, I ran the command again and it works. Getting accepted messages. Guess I needed to let it connect before launching next command.
anyway, tried - darcoind getblockcount and its up to to height.
Since we're on test net RC2, I don't need to actually send real DRK's, right? And I can't seem to figure out how to do all this through terminal, all too used to GUI
And also, trying to rm peers.dat
anyway, tried - darcoind getblockcount and its up to to height.
Since we're on test net RC2, I don't need to actually send real DRK's, right? And I can't seem to figure out how to do all this through terminal, all too used to GUI
Code:
12. using home pc, make 1000 DRK encryped wallet.dat to upload
* use home pc, not ec2
* install new wallet
* check account address 0 / getaccountaddress 0
* https://www.darkcointalk.org/thread...ternode-requirements-masternode-payments.225/
* send 1000 DRK to that address
* encypt wallet
* backup wallet
* using scp upload encypted backup wallet.dat to ec2 ubuntu home directory
Code:
[email protected]:/usr/local/src/darkcoin$ rm peers.dat
rm: cannot remove 'peers.dat': No such file or directory
[email protected]:/usr/local/src/darkcoin$ ls
COPYING INSTALL README.md bitcoin-qt.pro contrib doc share src
[email protected]:/usr/local/src/darkcoin$
Last edited by a moderator:
Darkcoin start with X. Testnet start with m.
With RC1, it's not testnet(As of this guide).
RC2 is in testnet stage for masternode payout test.
Code:
RC1
:~$ .darkcoin/darkcoind getinfo
{
"version" : 100400,
"protocolversion" : 70014,
"walletversion" : 60000,
"balance" : 1000.00000000,
"blocks" : 59329,
"timeoffset" : 0,
"connections" : 18,
"proxy" : "",
"difficulty" : 1424.99959688,
"testnet" : false,
"keypoololdest" : 1397159252,
"keypoolsize" : 101,
"paytxfee" : 0.00000000,
"mininput" : 0.00001000,
"unlocked_until" : 0,
"errors" : ""
}
RC2(testnet=1)
:~$ .darkcoin/darkcoind-testnet getinfo
{
"version" : 100500,
"protocolversion" : 70014,
"walletversion" : 60000,
"balance" : 12395.30000000,
"blocks" : 1354,
"timeoffset" : 0,
"connections" : 8,
"proxy" : "",
"difficulty" : 0.20442253,
"testnet" : true,
"keypoololdest" : 1398603299,
"keypoolsize" : 97,
"paytxfee" : 0.00000000,
"mininput" : 0.00001000,
"unlocked_until" : 0,
"errors" : ""
}God dammit... so I decided to reboot, logged in, went to ./darkcoin and opened darkcoin.conf... empty!!
Did it 2x now, and it stays empty!! Dog dammit, took the day off for this and just sitting here...
So basically, since RC2 is out, this tutorial in no longer valid? (except obviously updated to RC2)
Did it 2x now, and it stays empty!! Dog dammit, took the day off for this and just sitting here...
So basically, since RC2 is out, this tutorial in no longer valid? (except obviously updated to RC2)
Propulsion
The buck stops here.
- Feb 26, 2014
- 1,008
- 467
- 183
- Dash Address
- XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L