Step by step description of how to port-forward nodes for these pre-beta testnets

This is a topic for explaining to others the process to have ones nodes port-forwarded so that they can be a part of a testnet.

It is not meant to explain the mechanics of configuring port forwarding in ones router since there are too many routers. It is expected that the user will already know how to setup their router to port-forward.

But rather this topic is aimed at explaining what ports have to be forwarded and how to configure nodes to use a specific port.

Step by step instructions to some one who knows command line and assuned how to setup their router.

One post can be found here QuicNet [30/01/24Testnet] [Offline] - #244 by neik


Good to get this split out into its own topic, thanks @neo

Oh really? TBH I expect that most of the hand-holding needed will be around the port forwarding.
I briefly saw a link the other night to a support site that @upstate recommended. It might have been windows only but then again most folk who will need help with port-forwarding will be running Windows.

I would have looked harder but I was dressing for dinner in one of Budapests finer restaurants and MrsSouthside seemed to think I should concentrate on that instead.

So looking again, its a very comprehensive resource as @upstate says. Maybe not for the n00b but valuable anyway for hand-holding.

Perhaps some bright AI-wrangler could generate a script that would probe port 12000 on the target machine Win 10, 11, MacOS and linux and report connectivity? Display a wee "Hello from SAFE support, port 12000 appears to be open " in their terminal
That way we can set folk up without waiting for a testnet to come along.


The problem here is that there are a ton of different routers with their own way of doing this. The best we could really hope for is explaining what is to be done and for those who can configure their routers then they should be able to follow the instructions of what is desired and see it in their configuration.

I was thinking that if a person who knows how to configure their router is told they need to have port xxxxx local at thir PC’s IP address and the remote (internet side) port as yyyyy, then they could navigate their way to the port forwarding config page to set the values.

If someone cannot do that then it might be worse to try and teach router configuration from scratch since its very specific to router and model.

Maybe you can start another topic for this very specific aspect.

At this stage we still need people to understand CLI and so its expected they can configure basic settings in their router or work it out from available material on the net


For me with my router, the uncertainties are which external ports / ranges need to be forwarded to my node computer, and whether I need to configure internal ports.

I’ve tried a bunch of stuff and nothing seems to work (mostly forwarding external ports 12000:12100 to my PC).

Later on I may post a screenshot of my port forwarding setup screen. If a few people do that with correct corect configurations, it should help people to know what to expect when setting up their router.


Some (most?) routers allow you to designate a machine to be exposed to the Internet – I think it’s called “NAT loopback” or “NAT hairpinning.” ?

It’s risky as your machine isn’t behind the routers firewall, but might be useful to try here.

1 Like

Usually it is called DMZ (demilitarized zone).

NAT hairpin or NAT loopback is used when you have service running in your LAN and you want to access it on same (public) IP from both your LAN and outside Internet. It is often used with DMZ, but not always.


Port forwarding worked for me in two test nets ago, in TCP. Now with quic, even after changing the port forwarding to UDP in the nat configuration tab of the router, it was not working. I was not getting any error saying the usual “you appear to be behind a nat”, but I wasn’t earning nanos either.
I was using a container based on Debian inside a raspberry pi 4 running on Opensuse Leap, and even recreated the container to start blank.
Let’s see the following testnet.

I think that is because libp2p doesn’t yet support AutoNAT for Quic.


I have a soft spot in my heart for this router - Linksys WRT54G series - Wikipedia

TMI…I know.

1 Like

It’s a classic that one!

Here’s my setup currently, which doesn’t lead to any ports being visible externally, so I’ll keep tweaking, but if anyone can give some pointers on what to try it’d be much appreciated:

The router is an Asus ZenWifi XD6 router, running off a fibre modem in bridged mode.

I’m on windows, and have tried disabling the firewall, with still no ports visible when trying from this tool: Open Port Check Tool - Test Port Forwarding on Your Router

If we can work out configurations that work from home, hopefully sharing details and issues that needed to be resolved will help others figure out how to get set up to successfully run a node from home in future tests.


Maybe without internal port specified its not working for UDP?

If you want two machines with nodes on them would you not need more granular ranges.

Also check your PC is still at that IP address. Had a device keep to a IP address on the router until one day a phone got the ip address before the device grabbed it and my firewall was set for that ip address. LOL I was slack and while testing it worked and I knew the ip address could change but the testing wore me out and forgot to fix the IP address to a static one in the router.


I’d try setting up the DMZ and running whatever machine the node is on through that.

Stating this again, I’d try it and not suggesting someone else do so and I’d treat it as a troubleshooting step to make sure it’s not something else causing the issue.

1 Like

Possibly. What internal port is worth trying? I did try specifying this, and opening the same port on Windows Firewall, but still no luck.

I just want to get any port visible externally before considering multiple nodes etc… so far, no luck.

Definitely worth checking IP addresses, which I had done. I have a fixed internal IP for the PC that I’m trying to get an externally visible port on, and run a single node on initially.

Thanks. I tried this, but still no ports available externally. Seems odd, but something must be blocking it all. I’ll keep plugging away!

Can you isolate the machine running the node software and connect directly to the fibre modem having the ip assigned directly to the machine? If it didn’t work that way it’d have to be something ISP side I would guess.

1 Like

To dip my toes in these murky waters here is what I do.

and then start it with safenode --port=12000

1 Like

Can this be done with client to specify the port?

when you start the node in the cli yes you need to tell it which port. in this case 12000.

1 Like

Thank you!

1 Like

I have this entry in my router (it’s the one provided by the ISP, 4 lan ports, wifi and ftth):

SAFE-rpi X-Y X-Y both 192.168.1.Z

X-Y is a range of ports (I don’t want to disclose my ports). The Z is the IP of the raspberrypi, it also let me choose from a dropbox. I have a lot of rules and believe me I know how to forward a port.
If you notice, the rule says “both”. In the previous testnet before “quic”, it was “tcp” (and it was working). I changed it to “both” for this last testnet and it was not working. As I’m using containers, I have an easy way to “start from scratch”, and still not working.
So I simply will think that this is because of some other reason, as I was told early in this thread (something about libp2p not supporting autonat for quic).
Just in case anyone asks, there’s not even a single windows or mac system in my local network. Everything is openSUSE, and the container is running on Debian without the openSUSE raspberry pi (till I adapt the script that @neik shared that is mostly Debian/Ubuntu based to openSUSE, but I’m really struggling with time in the last few months).

1 Like

This is the interface from the manual when setting it up.
External port:12000
Internal port:12000
Internal IP address:
source ip: leave blank

Think this would work?