NAT best practices?

So I’m running several nodes on my home network, which is behind a NAT, and I’m getting occasional error messages from go-ipfs 0.8.0-rc1:

2021-01-28T10:05:19.808-0800 ERROR dht ignoring incoming dht message while not in server mode
2021-01-28T13:25:05.758-0800 ERROR dht ignoring incoming dht message while not in server mode
2021-01-28T19:26:11.718-0800 ERROR dht ignoring incoming dht message while not in server mode
2021-01-28T19:34:33.740-0800 ERROR bitswap Received provider (12D3KooWSDVZhTqA6vsQqzuSriw54vHcaiNhD2Z34smd2WwMH8at) for cid (bafybeigq3go42o4zuz7xzrpbk2bopvh7hukmmraayvhwul3fjoztawniqy) not requested

The “Turn UPnP On” option is checked in my router config, but the " UPnP Portmap Table" is empty.

I’m not sure what those error messages mean: is one of my nodes receiving a message that was intended for another node? Are nodes beyond my home network confused because I have multiple nodes behind a single IP address?

Or, more broadly: what are the best practices for a home network? Should I only run a single node?

Thanks for any help!

I’m also behind NAT and my solution is opening UPnP(for ipv4 connection) and enable IPv6.

If the Protocols in ipfs id show "/ipfs/kad/1.0.0", then you’re node is publicly reachable and the addresses should show one on which your node can be succesfully dialed. If not:

  • Make sure UPnP is enabled in ipfs config (DisableNatPortMap: false). It sometimes just does not work because some routers have shitty implementations of it.
  • If IPFS does not manage by itself to punch through, open 4001 on your router, map it to your machine and add your public ip address to Addresses/Announce as /ip4/x.x.x.x/tcp/4001, or /ip4/x.x.x.x/udp/4001/quic` etc. you may want to add your LAN address here too then, if you expect to be discovered in your LAN.
  • If you have a dynamic IP, you can sign up to some dynamic dns service (i.e. https://www.nsupdate.info/) and do /dns4/mydomain/tcp/4001 etc.
  • Of course, with ipv6, as long as you open 4001 things should work without further changes.

This is valid as of now. Improvements are actively being worked on libp2p-land to improve NAT bypassing automatically.

Thanks for the help, folks!

After doing some more reading on how IPv6 and UPnP work, it’s looking like the problem is with my router and not with IPFS. Apparently, although my router does assign a routable IPv6 address to my server, it also completely firewalls it and there’s no way of poking a hole through it for port 4001.

So, not only does IPFS not work over IPv6 on my router, I can’t get SSH or ping to work on IPv6 on my router either. Ugh. It looks like IPv6 support was tacked onto the firmware as an afterthought, and it’s not really 100% supported. So, I’ll be looking into some open-source router software in the near future.