Over the past few days I made it a goal to get a couple nodes setup and running as publicly accessible gateways. It has been quite the experiment and I wanted to share how I did it so that if anyone else would like to get setup for public access this may help along the way. For reference I am on ATT fiber and using the required BGW-320 gateway.
Step 1: Acquire a public ip address block from your ISP, unfortunately this will probably require talking to a human. On att this cost me additional 15 dollars a month to get 5 usable public ip addresses. this came in an 8 address block, but 3 of the ips are involved in delivery of the other 5.
Once they have it setup you should get information that looks like this from them,
Usable ips with cidr notation:
X.X.X.X/XX->X.X.X.X/XX
Subnet mask:
X.X.X.X
Default Gateway
x.x.x.x
DNS 1
x.x.x.x
DNS 2
x.x.x.x
Step 2 : Network setup
While I can’t include exact steps on this on every router its generally pretty simple. The end goal is to setup public subnets that let your nodes see the unfiltered internet while maintaining a normal level of security of for your user facing devices.
For the BGW-320 your going to go to Home Network-> DHCP and Public Subnet
You will set public subnet to “on”
Set allow incoming traffic to “on”
Fill in the information you received above into the proper boxes.
Set primary DHCP pool to Private.
Go to Packet filter section -> set to off
Go to Firewall setting and turn off absolutely everything.
Got to Ipv6 and change to “on”
----- Now we are going to setup up your “Home Network” this is the network that you would connect your tv, laptop, smart devices to and will be handled by a second router so that it can have entirely firewall rules then everything else on the subnet I am using a Asus AC3100 for this as it uses Merlinwrt and can handle hosting my Vpn server and allowing access to all routers on my public subnet through its connection.
Connect your second router to an ethernet port on the BGW-320 and allow it to grab a private ip address by DHCP
(this is may not be necessary on other hardware, but the BGW-320 can only assign static ips to devices that are online with a Private Ip, all dynamically assigned or device requested public ips are hidden from the IP allocation table for some god awful reason)
Once it comes up, go to the IP allocation tab under home networks and select the mac address of the second router and assign it to a public ip from your block.
Configure your second router as you normally would if it was the only router on your network, it is noteworthy if you have any devices that need open ports but not a dmz, you will be able to add them to this router and forward ports appropriately.
---- now to setup your nodes, pretty basic, plug it in and plug it into theallowin wall and connect an ethernet cable from your BGW-320 to the node. It will grab private IP addresses for the OS And the dmz initially. Once you have configured a public ip on the node it will create a virtual interface with a static address of the information configured and if everything else is setup properly your att gateway will hand it the public address it requests for and you will be online with a gateway.
I wasn’t able to us the portal to this and had to do it using the polkadot ui,
You will need to select Tfgrid module on the left, fill in all the info placing 0x in any fields not being used. Select your account from the drop down, sign and submit
@ https://polkadot.js.org/apps/?rpc=wss%3A%2F%2Ftfchain.grid.tf%2Fws#/extrinsics
This failed initially because my type wasn’t setup on the front end, this can be fixed by taking the contents of this
https://raw.githubusercontent.com/threefoldtech/tfchain_client_js/master/types.json
and pasting them Here
https://polkadot.js.org/apps/?rpc=wss%3A%2F%2Ftfchain.grid.tf%2Fws#/settings/developer
once that is done attempt to submit again.
Assuming all has gone well you should now be able to check the explorer and see your node online with a public config and still have a functioning home network.
An alternative setup would be to cascade the BGW-320 into the Asus router and let it assign the public addresses to the nodes, but for my implementation with 2 devices on that net that need port forwarding it was easier to use this setup.
It is noteworthy to mention this
My Network Map for this setup on a 5-address net
ATT BGW-320 (Public IP address)
|
- Home Network (Asus AC3100) (Public IP Address)
- Laptops, tvs, smart devices, Helium Miner
|
Node 1 HP dl380 G7 (2 private addresses, 1 Public IP)
|
Node 2 Supermicro white box (2 private addresses, 1 Public IP)
|
Non TFT node, YGGDRASIL node (Public IP)
|
Open address (node 3s future home)(Public IP)
Over the next couple days I will be adding picture to this and writing some step by step instructions using two openwrt or opnsense routers in the spirit of keeping everything open source an hopefully being able to expand this to helping with non att gateways/connections