How to connect to a node behind NAT?

Hi,

I have several nodes behind NAT. How do I connect to these nodes from other network? I know I can connect using “ipfs swarm connect “multiaddress” “, what address I shall use to connect them?

Thanks

Jeff

1 Like

Ideally, your NAT would support Upnp or something like that (some kind of port-mapping API). However, if it doesn’t, you can enable the experimental AutoRelay feature (https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#autorelay). After an initial delay on start, this will automatically detect that your node is unreachable (behind a NAT) and connect to one of our relays.

1 Like

my understanding is autorelay is done by ipfs itself. my question is how do I explicitly connect to a node behind NAT? using “ipfs swarm connect”.

my use case is, I want to save a list of connected nodes and connect to them explicitly next time instead of waiting ipfs discover them.

thanks

Did you find a solution then? I’m trying to solve a similar problem, but can’t figure out what to pass to the “ipfs swarm connect” command.

So I believe there is a solution for this in k8s land specifically, have added some details here - IPFS, NAT and k8s

However, this has its own drawbacks as outlined in the issue

Hi, @krtk6160
I am facing same issue. Did you find solution to it ?

ipfs dht findpeer <peerID>

If that returns something (like a relay address), try ipfs swarm connect.

If not, the node cannot be contacted because it is behind the NAT and IPFS did not find a way to do it.

I see so is there a way to manually connect node. and get file from one to another.
I followed the link https://github.com/ipfs/go-ipfs/blob/master/docs/file-transfer.md

somehow I managed to get a txt file from Node A to node B
I created node C and now I want to get data from C to B.
but no pings working no connections could me made.

You could use a reverse ssh tunnel from C to some host on the other side of the NAT… and forward port 4001…

@ipfsme I have opened all the ports just to get file.
and can you please share some link to it?
would be grateful.

Also how can we get public ips in our ipfs id ?

There’s no need to open all your ports. Please don’t do that.

The only port that’s necessary is 4001. NAT traversal normally discovers an external IP address for connection to other nodes on the Internet. However, in some cases, a NAT will not be traversable automatically. And in other cases, an ISP also has a NAT… and so your router’s WAN connection might not be a connection to the open Internet.

However, ssh is generally considered an essential service and so typically can be used to bypass all NAT issues by creating a reverse tunnel to an external host. So, in your example you indicated that Node A and B can communicate between each other. I assume, but perhaps it’s not the case, that Node A and Node B are running on separate hosts and are connecting across the Internet… as opposed to within the same LAN subnet… Furthermore, I assume you have control over Nodes A and B.

If my assumptions are correct, then you have several options… But an easy one is to try to create a reverse ssh tunnel between C --which is behind a difficult NAT-- and A or B… or some other directly connected Internet host.

If you have an Internet connected host that is not running ipfs, you can create a reverse tunnel via:

ssh -NTC -R *:4001:localhost:4001 user@host

From Node C… which will open port 4001 on the Internet connected host and connect Node C.

If you want that to work, you’ll need to enable GatewayPorts in sshd_config on the Internet connected host.

Thank you so much @ipfsme . I’ll try ssh tunnel from node C and check the results.
For now I have done changes in config file setting “EnableAutoRelay”: true and it managed to connect B to C via this relay address and then getting data from C to B was successful.

p.s Is there a way to show external IP of node C on node B.
As by command ipfs id on node B shows local addresses and relay addresses list only.
Do we have to configure it manually?

How did you nodes sit behind NAT and join the network?