has the Guard flag.
(It lost the HSDir flag that one, a couple of days back, i guess because it was getting DDoS’ed somewhat, tightened my iptables and hardware firewall at the CPE and now things are quiet.)
Is something wrong, i have exactly the same settings -minus the ports- in all of them, or is it like that, one Guard relay per physical hardware?
Also, on another note, all of my relays cant seem to ramp up consensus, even before i had a DDoS incident.
Is there something i can do/something im doing wrong?
That could be the case, but these relays are more than 3 weeks old, and their last uptime measured close to 12 days.
I had previous observed in my other relays, that they were getting the Guard flag much sooner than that.
Anyhow,i restarted them now. Fumbled up something in Linux last night (im still learning ) and had to Timeshift.
This is questionable, because raising the amount of processes also raises the amount of overhead. Has somebody ever done a benchmark test related to it?
And how raising the amount of instances can improve the bandwidth?
I also operate 2 relays per IP address, but the question is whether it is reasonable to have more.
exactly what @atari said,to contribute more since i can.
Περίληψη
(in fact , i can spare bandwith for 8, but alas, i dont have the hardware for that, my -very- old Lynnfield system that i use for the job, wouldn’t possibly cope.
i have 3 on that and 1 on an old Ivy bridge laptop, will migrate that too to the Lynnfield, it can muscle 4,but that’s it.)
long answer : figured, since a Pi3 can muscle 3-4 relays, hell even an old spare Lynnfield like the one i have for running relays, should be able to do something more than that. so i went for a max 8 relays, and i’ll see how it goes…
But because Enkidu’s script , as great as it is, can be a bit finicky IF you dont know a bit more Linux than the average Windows refugee like me ,when it is alrdy previously deployed, and then you start adding and changing stuff, i rebooted to clear my iptables.
speaking of iptables, this how i have them 3 days now, dont know if i’s good like that, so if anyone has a suggestion i’m all ears :
to make only the ORPorts reachable from everywhere.
If you have DirPorts specified, these also have to be reachable from outside.
You can use the same rule for them separately or append the DirPorts to this rule.
My previous fw rules werent working properly, after applying @Enkidu-6 's script (big respect to this guy ) + given time , everything is sailing smooth.
Well, here’s the thing, all i do on this machine is run my relays + the forum here and other sites of the Project , and reading stuff about Linux mostly over at mint’s forum.
So i dont see the need for any complicated work in the firewall.
As for the relays ports specifically, those are more than well guarded by enkidu’s firewall rules :
You don’t need to reboot to clear your iptables rules. All the rules in the script are applied to the mangle table and they are applied PREROUTING to make sure they don’t interfere with your existing rules if any.
) and had to Timeshift.
: figured, since a Pi3 can muscle 3-4 relays, hell even an old spare Lynnfield like the one i have for running relays, should be able to do something more than that. so i went for a max 8 relays, and i’ll see how it goes…
) + given time , everything is sailing smooth.
