~~SBC Network?~~ NAT nightmares

You can also run ssh on a different port than 22 to make it more secure.

yes but avoid ports 2222 22222 8022 etc cos security by obscurity needs some thought as well
EDIT: Oh and port 10000 <— here be hackers

Use port 69, they will never guess

I am a damn sucker for punishment, right after this I’ll try to build a rocket. probably easier to understand.

How are your public IP’s working out?

Silly me thought well, I’ll just get statics and life will be easy.

My node can connect with a simple safe node join --network-name comnet whereas before when I joined from home I needed to port forward --local-addr --public-addr --skip-auto-port-forwarding.

So I feel I made a potential step in the right direction, the brick wall I can’t break through is why my IP is showing as 0.0.0.0 on the network.
Node PID: 2436, prefix: Prefix(), name: a4806a(10100100)…, age: 5, connection info:
“0.0.0.0:57160”

So I assume that I am assigning it incorrectly, but the minefield is enormous and I am mostly walking around on all fours.

What does your system show as your IP address when you enter:
$ hostname I (that’s a capital “i”)

How about:
$ /sbin/ifconfig

And:
http://bot.whatismyipaddress.com

I am using aarch64 SBC’s curl ifconfig.co returns the Static that I assigned to the device.
On the device itself I have tried to use both ifupdown and netplan to change eth0. should I do soo, IDK but changing it did not change the network seeing me as 0.0.0.0

I am using the router to assign the static to the device/s simply through static NAT. I cant find the actual DHCP settings on the router even though it claims to be using DHCP to apply the IP.

currently,

/sbin/ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.254.130 netmask 255.255.255.0 broadcast 192.168.254.255
inet6 fe80::c816:9ff:fe6b:80f7 prefixlen 64 scopeid 0x20
ether ca:16:09:6b:80:f7 txqueuelen 1000 (Ethernet)
RX packets 34716 bytes 23697351 (23.6 MB)
RX errors 0 dropped 2177 overruns 0 frame 0
TX packets 16079 bytes 1654566 (1.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 44

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1 (Local Loopback)
RX packets 6009 bytes 403089 (403.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6009 bytes 403089 (403.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

If you are assigned a static IP then the ISP has two options (most NAT routers too) to either 1) simply route packets for that IP to that IP OR 2) via DHCP assigning the IP to the MAC

The second option requires the ISP knowing the machine MAC beforehand.

I’d expect that option 1) where the ISP will route traffic for that IP address down the link and you need to set your machine to have that IP address statically assigned. If you don’t then your machine is expecting a DHCP response from the ISP and that may cause plenty of problems.

yeah, problems are not in short supply.
This is what I have tried so far, I can connect to a network without port forwarding, it is “just” the IP

/etc/netplan/50-cloud-init.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: true

#and
      
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [xx.xxx.xx.xx/24]
      gateway4: xx.xx.67.1
      nameservers:
        addresses: [xx.40.xx.40, xx.40.xx.41]

is that from a PC? If its a router then for multiple static IP addresses you want a switch first then a PC for Safe connected directly to that switch. And using another static IP address have a router for your local network with the WAN from that router to the switch.

is the second adaptor connected to the switch connected to the incoming link (WAN)?

The address needs to be a single address otherwise you have routing in the PC and for SAFE you need the machine responding to the one IP address directly.

xx.xx.xx.xx/24 is saying its a subnet with 256 addresses.

Imagine the switch connected to the incoming ISP link as the switch on the LAN side of a typical home router and you’ve set some machines up with static addresses.

If you have 5 static IP addresses then its likely a /29 subnet (8 addresses - xxx111 would be broadcast, another as the gateway (the ISP address), and another unused)

Pine SBC aarch64 so yes…ish

yes

You just had me think this through again it is,
router
switch
device/s that I am assigning statics to.

But it just occurred to me that it is a manged switch, could it be the culprit? I paid no attention to it as in my head it was unmanaged.

I am going to pack it in for the day, bed is calling and come back to what you said above in the morning. Feeling fried now.

Can you give me the last octave in the IPv4 addresses they have assigned. They should be contained in a /29 subnet.

The managed switch will want a IP address too. The sensible thing is to configure it locally (machine ↔ switch) to how you want it and have it not respond to any IP address (IE no management IP address). The reason being is that it is connected directly to the internet and also to not take up a IP address, even if its the spare IP address in the /29 subnet.

I have another unmanaged switch, I think I want to do away with the managed.

There are 5 assigned. Are they 50,51,52,53,54 ? That would make the /29 subnet

That’ll get rid of one variable

Yes thats is correct.
Thanks @neo I appreciate the help, it is needed. Going to come back at you tomorrow most likely

My node in your latest testnet reported the same, but still got more than 3gb of data, so not sure that’s the issue?

I remember someone reporting 0.0.0.0 a while back too.
I had 3 devices join yesterday.
Each with a separate static public ip.
None needed port forwarding to join.
All 3 showed up as 0.0.0.0
2 of them seemed way less active than the 3rd, just by looking at the logs 2 were chilling at the beach the other was running a marathon.
Fun( ) and games, 0.0.0.0 and I are getting back in the ring today.

192.168.254.130 is not a public IP, Josh, your system appears to still be using private IP’s. When the network is set up correctly the last octet will be 50, 51, 52, 53 or 54, the ones you were talking to @neo about. As @neo suggested, you might need to go into the network settings and record the IPv4 properties manually. It’s not that hard, you should only need to:

1. Change “Obtain an IP address automatically” to “Use the following IP address”
2. In the IP box enter one of the IP’s given to you by your ISP (ending in 50, 51, 52, 53 or 54 ?)
3. Enter the subnet mask. If it’s a /29 subnet then the mask will be 255.255.255.248. Use the link below to find the mask for other subnets.
   Subnet Cheat Sheet – 24 Subnet Mask, 30, 26, 27, 29, and other IP Address CIDR Network References
4. Enter the default gateway. This will probably be an IP address similar to the five provided to you, with the only difference being the last octet. Check documentation from ISP.
5. Under “Use the following DNS server address” either enter the DNS servers recommended by your ISP or use 8.8.8.8 and 8.8.4.4. Those are Google public DNS servers and they should work for you.

You shouldn’t need anything else to set up a fixed IP address in your system. Did your ISP provide any documentation? When responding here on the forum, of course you don’t want to reveal the full public IP addresses you are using.

It was setup for that to be the case but the network was still seeing them as 0.0.0.0.
Last night when I posted that I had changed everything again for the umpteenth time.

Changing the mangaged switch to unmanaged now and then I will try again.
Hopefully perseverance pays off, I’ll revert back follow your instructions and come back here.
Thanks!