How should I configure my firewall?

From @insanity54 on Tue Apr 28 2015 09:02:44 GMT+0000 (UTC)

Foreword: I’m not actually in need of an answer, I’m just trying to help out by populating the FAQ from questions I see on freenode #ipfs

Q: Is there is anything I should know about firewall configuration to get ipfs running?
A: The best thing for your firewall is to forward port 4001


Copied from original issue: https://github.com/ipfs/faq/issues/19

2 Likes

From @whyrusleeping on Sun May 03 2015 09:52:13 GMT+0000 (UTC)

Port 4001 is what is known as the “swarm address”, this is configurable in your .ipfs/config file.

From @dylanPowers on Mon May 04 2015 04:00:18 GMT+0000 (UTC)

An alternative answer is to make sure UPnP is running correctly on your router, then the port forwarding will be correctly configured automatically.

From @ThomasWaldmann on Sat Jul 04 2015 11:10:40 GMT+0000 (UTC)

@dylanPowers having uPnP active is considered a security risk by many people. So while it is “plug and play” (and thus easier / more comfortable), malware could use it to open additional ports for itself (or maybe reconfigure your router otherwise).

From @cryptix on Sat Jul 04 2015 11:48:22 GMT+0000 (UTC)

I’m with Thomas on this one, there were also cases of plastic home routers answering upnp requests on the outside WAN (netgear for instance IIRC). If we advise to do this we need a big warning sign, imho.

From @David-Leudolph on Tue Feb 09 2016 20:08:22 GMT+0000 (UTC)

Please let me ask a newbie question: Which protocol do we need to allow in our firewall/NAT configurations for the port 4001? TCP, UDP or both?

From @insanity54 on Tue Feb 09 2016 20:54:00 GMT+0000 (UTC)

@David-Leudolph Just TCP I believe. That’s how I have mine configured, and the outside world can access the files I have added to IPFS.

From @mitar on Mon Mar 28 2016 06:35:55 GMT+0000 (UTC)

But if upnp is supported, then mentioning this should be in FAQ.

From @pyhedgehog on Mon Nov 14 2016 00:36:23 GMT+0000 (UTC)

How should it be configured if I have several ipfs nodes behind same firewall?

From @xloem on Sun Jan 08 2017 20:49:11 GMT+0000 (UTC)

@pyhedgehog you should edit your .ipfs/config file for each node to give it a different swarm port from the others, and forward that port to that box in your firewall.

Hi everyone,

I am new here. Just getting my feet wet! :smiley:

I installed IPFS node and got the daemon up and running. In the connections section I see 768 peers. Does that mean that I don’t have to do anything with the firewall? Or should I still open the ports in my router?

From what I understand by reading the forum, IPFS runs on libp2p and libp2p doesn’t need any port forwarding. Correct me if I am wrong. :smiley:

How do I know if it is an incoming or outgoing connection?

Thanks,
Cherian.

1 Like

I also have to forward Gateway port (8080 by default) in addition to forwarding swarm port (4001 by default)

I wanted to share my working configuration, in case it’s useful to anyone:

in .ipfs/config I removed /ip4 entries from "Swarm": [ given I’m setup with IPv6. I didn’t bother trying IPv4 and NATing.

On my router, I allowed incoming IPv6 on port 4001 on the ethernet port my computer is using.

Then, on my workstation, I use ufw and I set both default policy to reject/reject, so I have to open every single thing I use. For IPFS that’s:

ufw allow in 4001/tcp
ufw allow in 4001/udp
ufw allow out from any port 4001 proto tcp to any
ufw allow out from any port 4001 proto udp to any
1 Like