When running https://ipfs-check.on.fleek.co/ to check if my IPFS node was publicly available, I was getting the multiaddr and downloading CID errors showing that my node wasn’t available.
I enabled port forwarding to 4001 as instructed in this article, but when I check again, I get now only There was an error downloading the CID from the peer: transient connection to peer (and of course, this causes a time-out error when querying the CID)
Just tested it out, from another machine, with nc YYY.YYY.Y.Y 4001 and got multistream/1.0.0 which basically means that the connection was established successfully.
This means that your node 4001 can be connected, but there is a possibility that https://ipfs-check.on.fleek.co/ node cannot connect to your node, so it connect the node through the relay. In my own experience debugging IPFS nodes, transient connection-to-peer errors occur in this situation.
Is port-forwarding completely required? I was using this tool check.ipfs.network to verify.
When using /p2p/$peerID to look up my CID, it returned the transient error.
So far, I have not found a definitive answer. UPnP and PMT are enabled on my OpenWrt; but I could be overlooking something…
So I would like to know:
Is port-forwarding needed? I know UPnP is often used for network-local things - such as my SATIP server being recognized by VLC and TVHeadend - but can it also be used for port-forwarding? I have never heared about PMT, but it is enabled.
Can I use hole-punching to work around this if I don’t want to neccessarily open up a port? I could; I would just like to know if I really must Knowing more is always a lil’ better.
As a little off-topic, but assuming the check.ipfs.network tool can find my content now using the P2P address, how can I then instruct an IPFS gateway - say cf-ipfs.com - to connect to my maschine through p2p so my friend can access the file i am sharing for him?
Hi, I am behind a NAT (home router connected to another router, which is connected to the internet). I see the same error, if I do not announce my public IP explicitly via the IPFS node configuration having port forwarding enabled. It seems that whenever my node is establishing a connection via a relay node (which it seems to do automatically, if I don’t announce my public IP), it can fetch files from the IPFS network, but it cannot provide files to the network. Furthermore, according to ipfs swarm peers --direction all my connections are outbound.
Is it correct, that the “transient connection” is indicating a connection that is working over a relay? If so, why does that prevent my IPFS node from providing files even though I can connect to other nodes?
It indeed seams like this is indeed a issue with relays:
❌ Could not connect to multiaddr: failed to dial 12D3KooWJHRXk8USQCwuP8ixQaGgWGiUQ8yBjakesYz1WuVskaRo:
* [/ip4/89.233.108.3/tcp/4001/p2p/12D3KooWEzPfsr97JgovDBYGyems8N1p42MB2DY98JekdM5uj48g/p2p-circuit] error opening relay circuit: NO_RESERVATION (204)
* [/ip4/89.233.108.3/udp/4001/quic/p2p/12D3KooWEzPfsr97JgovDBYGyems8N1p42MB2DY98JekdM5uj48g/p2p-circuit] concurrent active dial through the same relay failed with a protocol error
I have no issues getting the file from another machine in a datacenter away from me, but neither IPFS check nor public gateways can get the file, seemingly because they try to go through a relay…
Running ncat remotely shows the port as open by returning /multistream/1.0.0, although ipfs swarm peers --direction shows all connections as outbound, and I keep getting: ❌ There was an error downloading the CID from the peer: transient connection to peer on the IPFS checker pages.
I was facing the same issues. I used these commands to configure the firewall on my SSH Ubuntu server to allow access to my IPFS node. Please note that I’m not sure whether this might raise security concerns for your server.
iptables -A INPUT -p tcp --dport 4001 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 5001 -j ACCEPT