Socks 5 proxy for p2p connections

+2 votes

I have a master and a slave node. Both, master and slave node, should connect via a reverse socks 5 proxy to each other.
 | Master < --- > Proxy 1 |  < ---> | Proxy 2 < --- > Slave|
         Container 1                                Container 2

Both master and slave node are running in an own docker environment with a dedicated ip together with the corresponding reverse proxy.

I'm currently trying to achieve this by using the simple-socks library: (brozeph/simple-socks: Simple SOCKS5 proxy server (github.com)). The setup & code are pretty straight forward:

  • both multichain instances run with the --proxy flag referencing the reverse proxy running in the same container. Both, master and slave, use the -listen=1 flag
  • the setup ensures, that the proxy is up & running before multichain initiates the connection
  • the proxy server follows the basic example of the library found and can be found here: (simple-socks/createServer.js at main ยท brozeph/simple-socks (github.com))

However, when the slave initiates the connection via the proxy the slave node tries to reach the blockchain via the port 8571 which neither is the default p2p connection port nor the socks proxy. The above mentioned simple-socks example returns following error:
multichain-slave_1   | net: Trying to connect to 172.10.0.3:8571
multichain-slave_1   | net: trying connection 172.10.0.3:8571 lastseen=2.0hrs
multichain-slave_1   | SOCKS5 connecting 172.10.0.3
multichain-slave_1   | unable to connect to remote server
multichain-slave_1   | Error: connect ECONNREFUSED 172.10.0.3:8571
multichain-slave_1   |     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)
multichain-slave_1   |     at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:134:14) {
multichain-slave_1   |   errno: -111,
multichain-slave_1   |   code: 'ECONNREFUSED',
multichain-slave_1   |   syscall: 'connect',
multichain-slave_1   |   address: '172.10.0.3',
multichain-slave_1   |   port: 8571,
multichain-slave_1   |   addr: '172.10.0.3',
multichain-slave_1   |   atyp: 3
multichain-slave_1   | }
 

Why is multichain attempting to connect using this port? Shouldn't multichain use the port 7447 for p2p connections, or I am missing something? Is there a reference implementation for using multichain behind a reverse proxy?

asked Aug 6 by anonymous
edited Aug 6

1 Answer

0 votes
The -proxy parameter is used only for opening outbound connections, i.e. for "forward" proxy, not reverse. So, you should connect the slave node to Proxy 1 directly, like this:

multichaind chain-name@proxy1-ip:proxy1-port  -proxy=proxy2-ip:proxy2-port -listen=1

And Proxy 1 should redirect this connection to Master
answered Aug 9 by Michael
...