Forwarding the peer to peer port (26656, and RPC port (26657) to your odin node docker container.
*THIS PAGE IS NOW CONSIDERED DEPRECATED INSTRUCTIONS! HEIMDALL NODES NOW OPEN THE CORRECT PORTS AUTOMATICALLY AS PART OF NODE START-UP. THIS PAGE WILL REMAIN UP FOR REFERENCE PURPOSES.*
It is recommended to forward the required network ports to your odin node docker container. If you are running your node behind a NAT router, you will likely need to add forwarding rules to that as well. If you need assistance with that, please join the ODIN tech channel on Telegram; https://t.me/joinchat/crF5lCzK5wpkZTZl
These commands should make port fowarding a simple task;
sudo iptables-save > ~/initial_iptables_backup.txt
export IPADDRESS=$(docker inspect node | grep IPAddress | grep 172 | cut -d"\"" -f4)
export SOCKET="$(docker inspect node | grep IPAddress | grep 172 | cut -d"\"" -f4):26656"
export SOCKET2="$(docker inspect node | grep IPAddress | grep 172 | cut -d"\"" -f4):26657"
sudo iptables -t nat -A DOCKER -p tcp --dport 26656 -j DNAT --to-destination $SOCKET && sudo iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp --source $IPADDRESS --destination 26656 && sudo iptables -A DOCKER -j ACCEPT -p tcp --destination $IPADDRESS --dport 26656
sudo iptables -t nat -A DOCKER -p tcp --dport 26657 -j DNAT --to-destination $SOCKET2 && sudo iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp --source $IPADDRESS --destination 26657 && sudo iptables -A DOCKER -j ACCEPT -p tcp --destination $IPADDRESS --dport 26657
sudo iptables-save > ~/26656_26657_opened.tx
A rundown of what we are doing with these commands; backup existing rules, grabs container IP and sets a few variables with it, add our rules, and finally backup our final set of rules after modification.
Use nmap, netcat, or curl to check if the port is open. Start by scanning container IP, then host IP, then WAN IP. When scanning your WAN IP, it is best to scan from another internet connection with a different WAN IP.
It is recommended to also either run a sentry node or some other mechanism to protect against DDoS attacks. A sentry node behaves as a sort of Session Border Controller, similar to SIP VoIP deployments. Sentry nodes are designed to easily scale, should new or additional sentries be required for an active DDoS mitigation. See this link for information about sentry node architecture.