Opening Network Ports
Last updated
Last updated
Your Execution and Consensus Clients rely on a peer-to-peer network to exchange data with other participants. They actively send outbound traffic to connect with peers, and accept inbound connections from peers that "discovered" your node. A consistently high number of connected peers ensures a smooth and robust network operation.
However, most home network routers block incoming traffic by default as a security measure. This means that even with a reliable internet connection, your router may prevent incoming connections from network peers. Outgoing traffic is usually unaffected.
In this example, Nethermind and Teku are installed on AVADO. While both can send outbound traffic, Nethermind “listening” on its assigned channel (“port”) 40303 and Teku "listening" on port 9000 are not getting any inbound signals because incoming traffic is blocked at the router.
To address this issue, it becomes necessary to manually "open network ports". This is also known as port forwarding. Think of network ports as virtual doors that allow data to flow into your device. By opening these ports, you are essentially creating pathways for peers to establish connections with your AVADO.
Note that the Clients can perform their duties even with only outbound connection. Allowing inbound connection is an optimization point that can potentially enhance the performance of your validators, and is therefore highly recommended.
The AVADO OS is able to automatically open specific ports on your router via UPnP. If UPnP is not enabled on your router, or if UPnP does not solve the connection problem, you will need to open ports manually. The process is explained on this page.
AVADO has pre-configured the following ports for each specific dapp:
These are the only ports you should ever need to open on your router for the AVADO DApps. Opening any other ports could be a security risk and should be avoided.
Are you receiving any inbound peers? You can check if you have inbound peers in your Consensus Client. If you see inbound peers, it means your ports are already open or UPnP is enabled on your router. In this case, there is no further action required from your end.
Do you know how to access your home router's admin page? To open the web interface of your router, refer to your router's manual, visit your ISP's website, or contact their support for guidance. Each router brand has its own method, but typically, you will need to connect to a specific IP address on your local network.
Navigate to http://my.ava.do from your browser to bring up the Home Page. Click on the avatar image (the green circle in this picture). A popup window will appear. Take note of both the External IP and Internal IP - we will need these later.
Internal IP is your AVADO's address on the local network. It is usually 192.168.0.xx
External IP is your ISP-assigned address on the Internet. It is the address by which your AVADO appears to the world.
On your browser, navigate to your router's web interface. Refer to your router's manual, visit your ISP's website, or contact their support for guidance.
In certain cases, port forwarding rules may not work consistently if they are assigned to devices with dynamic IP addresses (using "DHCP"). This is because if your router assigns a new IP address to your AVADO device, the port forwarding rule will no longer function properly.
To prevent this issue, it is recommended to assign a static, or reserved, IP address to your AVADO. While not every router requires this, it is highly advisable to assign a static or reserved IP to your AVADO to avoid potential complications.
To do this, navigate to your router's settings page for setting static IP addresses. Typically, this would be under headings such as "DHCP Server", "Address Reservation", "DHCP Reservation", or "Static IP Address".
For instance, on a tp-link router, you can navigate to the page by going to Advanced > Network > DHCP Server > Address Reservation.
Add an entry for your AVADO. You may use the existing Internal IP that you obtained from Step 1.
Locate your router's page for port forwarding settings. Typically this would be under headings such as "NAT Forwarding", "Port Forwarding", or "Firewall".
On a tp-link router, this is under Advanced > NAT Forwarding > Port Forwarding
Add the required port forwarding rules for your DApps. Typically, the settings page will ask for the following information:
Service or Mapping Name: You can assign a name for each rule, for example, teku, or geth, for easy reference.
Internal Host or Device IP Address: This should be the Internal IP address for your AVADO, which should also be the address reserved for your AVADO in Step 3. Some routers may let you simply select your AVADO from a list of connected devices.
External Port (WAN Port) and Internal Port: We are not translating (changing) the internal and external port numbers. So for example with Teku, both the External Port and Internal Port should be set to 9000. If your router asks for a range (from/to, starting/ending), enter "from 9000 to 9000".
External Source IP: This limits incoming connections from specific outside sources. If your router asks for this, leave blank or select "All".
Protocol (UDP or TCP): For Prysm, you need two rules for 12000/UDP and 13000/TCP. For most other DApps, you should select "UDP and TCP". If your router only lets you select one protocol per port forwarding rule, create two rules each for UDP and TCP respectively.
Here are a few examples from different router models or firmware versions:
The completed settings shall look like the following. This is for illustration purpose, so we have added all ETH Execution and Consensus Clients. In typical usage, you would only add rules for the DApps that you are using.
To check that the ports are opened successfully, you can check in your Consensus Client. You should start to see a number of inbound peers.
You can also use an external port checker, such as https://portchecker.co/ or https://www.yougetsignal.com/tools/open-ports/
Enter your AVADO's External IP address for checking, and the port number you're checking (for example, 9000 for Teku). It will simply inform you if the port is open or not.
Consult your ISP
If you have followed the above procedure and are still not receiving any inbound peers, and your ports remain closed, it is possible that your Internet Service Provider (ISP) is blocking incoming traffic at the modem or elsewhere upstream. In such cases, it may be necessary to contact your ISP directly to address and resolve this issue.
Dapp | Port | Protocols |
---|---|---|
Geth (mainnet)
30303
TCP/UDP
Nethermind (mainnet)
40303
TCP/UDP
Nethermind (Gnosis)
30305
TCP/UDP
Prysm Beacon chain (mainnet)
12000
UDP
13000
TCP
Teku (mainnet)
9000
TCP/UDP
Teku (Gnosis)
9006
TCP/UDP
Nimbus (mainnet)
9100
TCP/UDP
Qtum
3888
TCP