Last updated

Forward Ports for Peering

Servers in the XRP Ledger peer-to-peer network communicate over the peer protocol. For the best combination of security and connectivity to the rest of the network, you should use a firewall to protect your server from most ports, but open or forward the peer protocol port.

While your rippled server is running, you can check to see how many peers you have by running the server_info method. The peers field of the info object shows how many peers are currently connected to your server. If this number is exactly 10 or 11, that usually means your firewall is blocking incoming connections.

Example of a server_info result (trimmed) showing only 10 peers, likely because a firewall is blocking incoming peer connections:

$ ./rippled server_info
Loading: "/etc/opt/ripple/rippled.cfg"
2019-Dec-23 22:15:09.343961928 HTTPClient:NFO Connecting to 127.0.0.1:5005

{
   "result" : {
      "info" : {
         ... (trimmed) ...
         "load_factor" : 1,
         "peer_disconnects" : "0",
         "peer_disconnects_resources" : "0",
         "peers" : 10,
         "pubkey_node" : "n9KUjqxCr5FKThSNXdzb7oqN8rYwScB2dUnNqxQxbEA17JkaWy5x",
         "pubkey_validator" : "n9KM73uq5BM3Fc6cxG3k5TruvbLc8Ffq17JZBmWC4uP4csL4rFST",
         "published_ledger" : "none",
         "server_state" : "connected",
         ... (trimmed) ...
      },
      "status" : "success"
   }
}

To allow incoming connections, configure your firewall to allow incoming traffic on the peer protocol port, which is served on port 51235 in the default config file. The instructions to open a port depend on your firewall. If your server is behind a router that performs Network Address Translation (NAT), you must configure your router to forward the port to your server.

If you use the firewalld software firewall on Red Hat Enterprise Linux, you can use the firewall-cmd tool to open port 51235 to all incoming traffic.

Assuming --zone=public is your public zone.

$ sudo firewall-cmd --zone=public --add-port=51235/tcp

Then, restart the rippled server:

$ sudo systemctl restart rippled.service

To make it permanent:

$ sudo firewall-cmd --zone=public --permanent --add-port=51235/tcp

For other software and hardware firewalls, see the manufacturer's official documentation.

If you are using a hosting service with a virtual firewall (for example, AWS Security Groups), you do not need to use firewalld, but you still need to allow inbound traffic from the open internet on the peer port. Make sure you apply the relevant rules to your host or virtual machine.

See Also