TAO'S MASTERNODE SETUP GUIDE FOR DUMMIES (UPDATE GUIDE UPDATED FOR 13.0)

lostmybrain

New Member
Sep 23, 2014
17
14
3
I did a full reinstall using your guide and got it to work, thank you for your help. I believe part of the problem was my local wallet not loading the .conf file - I realized this after starting over. :) Thank you again.
 
  • Like
Reactions: TaoOfSatoshi

HinnomTX

Active Member
Jul 22, 2014
166
196
103
Ok, I've borrowed heavily from chaeplin's 5 MN setup guide:
https://darkcointalk.org/threads/ec2-multiple-remote-nothing-mn-max-5.1660/

You should refer to his guide for details on how to setup your user spaces ('ubuntu' and 'ubuntu2' in the iptables script below) and darkcoin.conf.
The following iptables script is useful on VULTR and currently works for 2 IPs. It's straightforward to see how to extend it to 3 IPs.

NOTE: Be sure to install the connection tracking module, conntrack. Like this:
$ sudo apt-get install conntrack

Copy the code below into a file called firewall_2ips.sh. Then change permissions to be executable.
$ chmod 755 firewall_2ips.sh

Then run the script as sudo:
$ sudo ./firewall_2ips.sh

Code:
#
IIP=`/sbin/ifconfig eth0 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IIP2=`/sbin/ifconfig eth0:1 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IPTABLES="/sbin/iptables"
echo "Activating firewall for $IIP and $IIP2"
echo 0 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

# Add your spoofed IP range/IPs here
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"

#Accept loopback packets always
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Filter out message fragments
$IPTABLES -A INPUT -f -j DROP
# Drop XMAS packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#DROP null packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Drop packet that claiming from our own server on WAN port
$IPTABLES -A INPUT -i eth0 -s $IIP -j DROP

## Drop all spoofed
for ip in $SPOOF_IPS
do
$IPTABLES -A INPUT -i eth0 -s $ip -j DROP
$IPTABLES -A OUTPUT -o eth0 -s $ip -j DROP
done

#
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP

$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp -m tcp --dport 9997 -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 9999 -j  ACCEPT
#
#
$IPTABLES -A OUTPUT -p udp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport ssh -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 9999 -j ACCEPT
#$IPTABLES -A OUTPUT -j ACCEPT
#COMMIT
#-----
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 9999 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 9999 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 443 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 443 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport ssh -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport ssh -j SNAT --to-source $IIP2
Note that this script opens up the https port (port 443). This enables you to update masternode software easily. You may not want this port to be open. If that's the case, just comment out the lines with port 443 and those packets won't be accepted.
 
Last edited by a moderator:
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,650
1,183
Dash Nation
www.dashnation.com
Ok, I've borrowed heavily from chaeplin's 5 MN setup guide. You should refer to his guide for details on how to setup your user spaces ('ubuntu' and 'ubuntu2' in the iptables script below) and darkcoin.conf.
The following iptables script is useful on VULTR and currently works for 2 IPs. It's straightforward to see how to extend it to 3 IPs.

NOTE: Be sure to install the connection tracking module, conntrack. Like this:
$ sudo apt-get install conntrack

Copy the code below into a file called firewall_2ips.sh. Then change permissions to be executable.
$ chmod 755 firewall_2ips.sh

Then run the script as sudo:
$ sudo ./firewall_2ips.sh

Code:
#
IIP=`/sbin/ifconfig eth0 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IIP2=`/sbin/ifconfig eth0:1 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IPTABLES="/sbin/iptables"
echo "Activating firewall for $IIP and $IIP2"
echo 0 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

# Add your spoofed IP range/IPs here
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"

#Accept loopback packets always
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Filter out message fragments
$IPTABLES -A INPUT -f -j DROP
# Drop XMAS packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#DROP null packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Drop packet that claiming from our own server on WAN port
$IPTABLES -A INPUT -i eth0 -s $IIP -j DROP

## Drop all spoofed
for ip in $SPOOF_IPS
do
$IPTABLES -A INPUT -i eth0 -s $ip -j DROP
$IPTABLES -A OUTPUT -o eth0 -s $ip -j DROP
done

#
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP

$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp -m tcp --dport 9997 -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 9999 -j  ACCEPT
#
#
$IPTABLES -A OUTPUT -p udp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport ssh -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 9999 -j ACCEPT
#$IPTABLES -A OUTPUT -j ACCEPT
#COMMIT
#-----
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 9999 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 9999 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 443 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 443 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport ssh -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport ssh -j SNAT --to-source $IIP2
Note that this script opens up the https port (port 443). This enables you to update masternode software easily. You may not want this port to be open. If that's the case, just comment out the lines with port 443 and those packets won't be accepted.
HinnomTX Thanks for this, I'm going to try it when I get a chance....
 

Dr.Crypto

Member
Jul 9, 2014
46
32
58
I'm considering to change the location of my VPS, by staying with Vultr but choosing another city in the world.
Is there an easy way to restart the masternode from another server (different IP, etc.)? In particular, can I keep the same wallet.dat?
Thanks again for your guide, Tao, and to everyone who contributed so far! It's been so useful already :)
 
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,650
1,183
Dash Nation
www.dashnation.com
I'm considering to change the location of my VPS, by staying with Vultr but choosing another city in the world.
Is there an easy way to restart the masternode from another server (different IP, etc.)? In particular, can I keep the same wallet.dat?
Thanks again for your guide, Tao, and to everyone who contributed so far! It's been so useful already :)
Cheers, dude! I'm happy my guide was useful to you! I recommend creating another address in the same wallet, sending your DRK there, and generating another MN key. Then, just follow the steps again from the VULTR post. (post 2). Any issues, please post back here!
 

Bitcoinbitmyass

New Member
Nov 1, 2014
16
2
3
calnaughtonjnr Great, I'm glad my guide helped you to build the Darkness! As far as gratuities, they are always appreciated.... Welcome to the MN club!
Hey Tao, I need your help, forget about my message above. I have tried to update my masternode but it still says after I restart the local computer that I need to put 1 in the Darkcoin.conf even though it already says masternode=1. What is wrong??

Also:
when do I need to put in the --reindex option in the updating process
Do I need to revert back to that saved darkcoind.old to get my masternode running again?

Well damn, I just checked again and it says it's still on the old version - 10.15.17 and I cannot find it with the ./darkcoind masternode list / grep xxxxxxx and is still saying when i try to start the masternode that i need to enter 1 into the Conf.

Please help Tao!
 
Last edited by a moderator:
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,650
1,183
Dash Nation
www.dashnation.com
Hey Tao, I need your help, forget about my message above. I have tried to update my masternode but it still says after I restart the local computer that I need to put 1 in the Darkcoin.conf even though it already says masternode=1. What is wrong??

Also:
when do I need to put in the --reindex option in the updating process
Do I need to revert back to that saved darkcoind.old to get my masternode running again?

Well damn, I just checked again and it says it's still on the old version - 10.15.17 and I cannot find it with the ./darkcoind masternode list / grep xxxxxxx and is still saying when i try to start the masternode that i need to enter 1 into the Conf.

Please help Tao!
I'll help you on Twitter.
 

Bitcoinbitmyass

New Member
Nov 1, 2014
16
2
3
I'll help you on Twitter.
Hey thanks again for the help Tao.
Now I'm looking to set up about 4-5 more masternodes, can you make a guide on how to make additional masternodes on 1 pc, with the option to make 2 masternodes on 1 vultr instance?

Keep up the great work - Tips are on the way! when I get paid a bit more...
 
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,650
1,183
Dash Nation
www.dashnation.com
Hey thanks again for the help Tao.
Now I'm looking to set up about 4-5 more masternodes, can you make a guide on how to make additional masternodes on 1 pc, with the option to make 2 masternodes on 1 vultr instance?

Keep up the great work - Tips are on the way! when I get paid a bit more...
Refer to the HinnomTX's post above to see how to get multiple IPs on a single instance.

To use another wallet on your local PC, you need to create a .bat file on your PC to have the wallet created in another folder.

Create folder c:\darkcoin2.

The .bat file has to be in the same folder as your darkcoin-qt.exe file. (c:\darkcoin) and your wallet info will be created in your c:\darkcoin2 file. Also, when you make your .conf file, you will make it in this darkcoin2 folder.

Create a new notepad file. Enter the following:

darkcoin-qt.exe -datadir=c:\darkcoin2

Save as a .bat file. Ensure it is in your darkcoin folder with the QT.

Double click the .bat file.

This will open the wallet with your wallet info in the darkcoin2 folder.

When you do your .conf, this is how it should look in your CMD line (you should now make a .bat file with this info as well for ease of future use):

darkcoin-qt.exe -datadir=c:\darkcoin2 -conf=c:\darkcoin2\darkcoin.conf

Good luck! As far as gratuities, they are always appreciated....
 

Sapereaude

Well-known Member
Foundation Member
Apr 30, 2014
191
235
203
Tao, I finally got round to attempting this. I have got to the final command, masternode start. When I run this, I get a message saying...

you must set masternode=1 in the configuration

I have a darkcoin.conf in the correct location and it does have, on line 9, masternode=1. Can you help..?

EDIT: Tao, I restarted my machine and the masternode started successfully. Thanks so much for taking the time to do this. Will send you some coins over to show appreciation...
What and how did you restart exactly? : )
 

Bitcoinbitmyass

New Member
Nov 1, 2014
16
2
3
Ok, I've borrowed heavily from chaeplin's 5 MN setup guide:
https://darkcointalk.org/threads/ec2-multiple-remote-nothing-mn-max-5.1660/

You should refer to his guide for details on how to setup your user spaces ('ubuntu' and 'ubuntu2' in the iptables script below) and darkcoin.conf.
The following iptables script is useful on VULTR and currently works for 2 IPs. It's straightforward to see how to extend it to 3 IPs.

NOTE: Be sure to install the connection tracking module, conntrack. Like this:
$ sudo apt-get install conntrack

Copy the code below into a file called firewall_2ips.sh. Then change permissions to be executable.
$ chmod 755 firewall_2ips.sh

Then run the script as sudo:
$ sudo ./firewall_2ips.sh

Code:
#
IIP=`/sbin/ifconfig eth0 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IIP2=`/sbin/ifconfig eth0:1 |sed --silent 's/.*inet addr:\(.*\) \ Bcast.*/\1/p'`
IPTABLES="/sbin/iptables"
echo "Activating firewall for $IIP and $IIP2"
echo 0 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

# Add your spoofed IP range/IPs here
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"

#Accept loopback packets always
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Filter out message fragments
$IPTABLES -A INPUT -f -j DROP
# Drop XMAS packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#DROP null packets
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Drop packet that claiming from our own server on WAN port
$IPTABLES -A INPUT -i eth0 -s $IIP -j DROP

## Drop all spoofed
for ip in $SPOOF_IPS
do
$IPTABLES -A INPUT -i eth0 -s $ip -j DROP
$IPTABLES -A OUTPUT -o eth0 -s $ip -j DROP
done

#
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP

$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp -m tcp --dport 9997 -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -d $IIP2 --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
#
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 9999 -j  ACCEPT
#
#
$IPTABLES -A OUTPUT -p udp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -o eth0 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport ssh -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --sport 9999 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 9999 -j ACCEPT
#$IPTABLES -A OUTPUT -j ACCEPT
#COMMIT
#-----
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 9999 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 9999 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport 443 -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport 443 -j SNAT --to-source $IIP2
#
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu  -p tcp --dport ssh -j SNAT --to-source $IIP
$IPTABLES -t nat -A POSTROUTING -m owner --uid-owner ubuntu2 -p tcp --dport ssh -j SNAT --to-source $IIP2
Note that this script opens up the https port (port 443). This enables you to update masternode software easily. You may not want this port to be open. If that's the case, just comment out the lines with port 443 and those packets won't be accepted.

Hello, I have made a file called firewall_2ips.sh made it executable and tried to run sudo ./firewall_2ips.sh and I am getting these errors:
""./firewall_2ips.sh:2-78 not found "" and "" ./firewall_2ips.sh: 3.IPP=104.156.227.208: not found ""

I am using Putty and WinSCP to login to my Vultr server and doing the commands through those.

Please help!
 

HinnomTX

Active Member
Jul 22, 2014
166
196
103
Hello, I have made a file called firewall_2ips.sh made it executable and tried to run sudo ./firewall_2ips.sh and I am getting these errors:
""./firewall_2ips.sh:2-78 not found "" and "" ./firewall_2ips.sh: 3.IPP=104.156.227.208: not found ""

I am using Putty and WinSCP to login to my Vultr server and doing the commands through those.

Please help!
The script uses a tool called sed to read your IP addresses from the output of ifconfig. It's failing to parse the IPs, so just set $IIP and $IIP2 to your primary and secondary IPs by hand.
 
Last edited by a moderator:

Bitcoinbitmyass

New Member
Nov 1, 2014
16
2
3
The script uses a tool called sed to read your IP addresses from the output of ifconfig. It's failing to parse the IPs, so just set $IIP and $IIP2 to your primary and secondary IPs by hand.
Where exactly is the lines to input the $IIP and $IIPS that in the code? or do i have to enter it everywhere it says that?
Do I use my VSP IP or Local wallet(s) IP?
If I do have to use my Local IP, I only run 1 IP on the MN computer do I just put it in both slots of leave the secondary one empty?

Sorry for the dummy questions I am new with IPtables/windows-in-general
 

jiggytom

Member
Nov 14, 2014
104
22
68
On the local node, how come you can't just run 1 wallet but use 2 conf files.. Each with their own masternodeprivkey. Would you just generate a new masternode key... Then send 1000 DRK and it would be linked to the next Vin which is the new masternode key? Or it won't work that way?
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
On the local node, how come you can't just run 1 wallet but use 2 conf files.. Each with their own masternodeprivkey. Would you just generate a new masternode key... Then send 1000 DRK and it would be linked to the next Vin which is the new masternode key? Or it won't work that way?
There's no code yet to tie a particular vin (1000DRK lump) to a particular masternodeprivkey / server IP.

For now, just have a separate .dat and .conf for each MN, you'll save yourself a lot of headaches.
 

jiggytom

Member
Nov 14, 2014
104
22
68
There's no code yet to tie a particular vin (1000DRK lump) to a particular masternodeprivkey / server IP.

For now, just have a separate .dat and .conf for each MN, you'll save yourself a lot of headaches.
Understood! Would be really easy to add I suppose...but if we get Startmany to work..then we wouldn't need it.
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
You could always specify a second data directory with the other wallet and conf file, else save multiple configs and then rename the appropriate wallet before launching the config file for that masternode,
 

Wh1teKn1ght

New Member
May 11, 2014
32
5
8
There's no code yet to tie a particular vin (1000DRK lump) to a particular masternodeprivkey / server IP.

For now, just have a separate .dat and .conf for each MN, you'll save yourself a lot of headaches.
Doesn't that mean you need to have two copies of the block chain (one for each MN wallet)? Seems like a waste of space...
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
Doesn't that mean you need to have two copies of the block chain (one for each MN wallet)? Seems like a waste of space...
No, you don't need two copies of the blockchain. Just swap your MN .dat and .conf files in and out of your .darkcoin directory as required before launching your daemon/qt wallet.
 

UdjinM6

Official Dash Dev
Core Developer
Dash Core Group
May 20, 2014
3,639
3,537
1,183
No, you don't need two copies of the blockchain. Just swap your MN .dat and .conf files in and out of your .darkcoin directory as required before launching your daemon/qt wallet.
And if you run local wallets on Linux you can do this by some simple script like that:
Code:
$ cat loop.sh
#!/bin/bash
#### .conf and .dat files should have the same name
##### MAKE SURE YOU BACKED UP YOUR ORIGINAL WALLET.DAT IF YOU NEED IT #####
masternodesDir="masternodes"
configs="$masternodesDir/*.conf"
echo "Starting masternodes..."
## darkcoind stop
read -s -p "Enter your wallet passphrase:" mySuperSecretPassphrase
echo ""
for conf in $configs
do
  wallet="${conf##*/}"
  wallet="$masternodesDir/${wallet%%.conf}.dat"
  message="config $conf and wallet $wallet"
  echo "Processing - $message"
  cp $conf ~/.darkcoin/darkcoin.conf
  cp $wallet ~/.darkcoin/wallet.dat
  darkcoind
  sleep 20
  darkcoind passphrase $mySuperSecretPassphrase 999999
  darkcoind masternode start
  darkcoind stop
  sleep 2
  echo "Done - $message"
done
## darkcoind
echo "Yay!"
Configs and wallets might then sit in masternodes folder like that
Code:
$ ls masternodes/
1.conf    1.dat    2.conf    2.dat    3.conf    3.dat
EDIT: btw, it should work but try it on testnet first just in case :)
 

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
No, you don't need two copies of the blockchain. Just swap your MN .dat and .conf files in and out of your .darkcoin directory as required before launching your daemon/qt wallet.
When you have 2 darkcoinds writing the blockchain data simultaneously it's most probably only a matter of time until it's corrupted (I don't have the possibility to look into the code right now, but back in the good old days[TM] it was definitely not possible with bitcoind).
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
When you have 2 darkcoinds writing the blockchain data simultaneously it's most probably only a matter of time until it's corrupted (I don't have the possibility to look into the code right now, but back in the good old days[TM] it was definitely not possible with bitcoind).
I just make sure I'm only running one daemon or qt at any given time. :)

And if you run local wallets on Linux you can do this by some simple script like that:
Code:
$ cat loop.sh
#!/bin/bash
#### .conf and .dat files should have the same name
##### MAKE SURE YOU BACKED UP YOUR ORIGINAL WALLET.DAT IF YOU NEED IT #####
masternodesDir="masternodes"
configs="$masternodesDir/*.conf"
echo "Starting masternodes..."
## darkcoind stop
read -s -p "Enter your wallet passphrase:" mySuperSecretPassphrase
echo ""
for conf in $configs
do
  wallet="${conf##*/}"
  wallet="$masternodesDir/${wallet%%.conf}.dat"
  message="config $conf and wallet $wallet"
  echo "Processing - $message"
  cp $conf ~/.darkcoin/darkcoin.conf
  cp $wallet ~/.darkcoin/wallet.dat
  darkcoind
  sleep 20
  darkcoind passphrase $mySuperSecretPassphrase 999999
  darkcoind masternode start
  darkcoind stop
  sleep 2
  echo "Done - $message"
done
## darkcoind
echo "Yay!"
Configs and wallets might then sit in masternodes folder like that
Code:
$ ls masternodes/
1.conf    1.dat    2.conf    2.dat    3.conf    3.dat
EDIT: btw, it should work but try it on testnet first just in case :)
Yeah I did it that way with SMUT before I found out that a local restart was only needed when there was a protocol bump. Went back to manually moving stuff because it was easier to figure out what had gone wrong in the event that something had. I tried the -datadir thing too but that meant you had to wait until the blockchain in each datadir had synced each time, was a pain.

Being able to hot-swap wallets and confs in the client would be handy, but I do c++ much like I do sheet music - I can mostly read it, just don't ask me to sit down at a piano and play it... :tongue: ...shouldn't be much more than just sticking a file selector dialogue in there though?

edit: yeehaw, thanks UdjinM6! :) - https://github.com/darkcoin/darkcoin/pull/50
 
Last edited by a moderator:

g8F98FF3gjafogj4

Well-known Member
Foundation Member
Apr 8, 2014
151
84
188
Hey, thanks for putting in the work Tao. One thing worries me, it appears if someone followed your guide word for word, they would have a functioning firewall at first, but if the server were to restart.. the firewall.sh would not be active. If someone really were a noob, they might have to restart their server for whatever reason, then they would try to start their masternode not knowing that they had no firewall active. I may have missed something! But this little detail has been bugging me. Please let me know if I am incorrect!
 
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,650
1,183
Dash Nation
www.dashnation.com
Hey, thanks for putting in the work Tao. One thing worries me, it appears if someone followed your guide word for word, they would have a functioning firewall at first, but if the server were to restart.. the firewall.sh would not be active. If someone really were a noob, they might have to restart their server for whatever reason, then they would try to start their masternode not knowing that they had no firewall active. I may have missed something! But this little detail has been bugging me. Please let me know if I am incorrect!
g8F98FF3gjafogj4 flare Thanks for that info, I will update the guide.

EDIT: Done! Thanks again, I wouldn't want to be blamed for something bad happening due to lack of security!
 
Last edited by a moderator:

g8F98FF3gjafogj4

Well-known Member
Foundation Member
Apr 8, 2014
151
84
188
Hey Tao,
In the most respectful way possible I have to propose that a reminder to run the firewall script at some distant future date is not sufficient. If we weren't funneling all new users not familiar with linux to this guide I wouldn't think it was such a big deal. Would you be opposed to including a script to run as sudo that would setup the firewall in a permanent manner in your guide?

* I am certainly willing to give a shot, and think I could get it with a bit of work. I wouldn't be surprised if some linux pros around couldn't pump it out really quick.
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
If you want to run it each boot:

Code:
crontab -e
...select editor if asked, nano is easiest...
add this to the end of the file:
Code:
@reboot /path/to/script.sh

Or just use ufw, far easier than iptables, here's the basics, you only need to do this once:
Code:
sudo apt-get install ufw (if needed, and you may need to 'sudo apt-get update' first as well)
sudo ufw allow ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
 
Last edited by a moderator:

flare

Grizzled Member
May 18, 2014
2,286
2,404
1,183
Germany
If you want to run it each boot:

Code:
crontab -e
...select editor if asked, nano is easiest...
add this to the end of the file:
Code:
@reboot /path/to/script.sh

Or just use ufw, far easier than iptables, here's the basics, you only need to do this once:
Code:
sudo apt-get install ufw (if needed, and you may need to 'sudo apt-get update' first as well)
sudo ufw allow ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
Another solution:

Code:
sudo apt-get install iptables-persistent

And choose "yes" to store the ipv4 rules