Mystery IP on Nebra Outdoor miner #954
Comments
|
Cross posted NebraLtd/helium-miner-software#99 |
|
This is definitely occurring. On my router it shows up as an internet martian that is blocked. If I were to guess I suspect it is the container running on the docker network and it is leaking out over that address. |
|
@cwolfinger can you move this over to NebraLtd/helium-miner-software#99 which I've just reopened? |
So i wanted to clarify - I am using a bobcat miner so this seems to be related more to the Helium miner proper since it is seen across Nebra and Bobcat. Now it could be a common docker misconfiguration on both platforms that is allowing the 172.17.0.x addresses to leak out into the LAN interface. |
|
I guess that the miner container will be trying to access the LAN so that is to be expected. The additional IP on ours is possibly the diagnostics page. |
|
I am fairly certain it is not a diagnostic page since it is reaching out to port 44158 which I believe is the peer to peer network. Port 80 or 443 would be the diagnostic page. What is odd is that if docker is used under the covers then everything should exit the docker network and NAT out the IP address of the host. The only other option is that it is binding to the docker network incorrectly vs binding to the ethernet address / wifi address and using that IP address. Again it does not make much sense. |
|
Yeah that's an interesting finding. The 44158 will be the miner container for sure. Port 80 will be the diagnostics. As you can see here https://github.com/NebraLtd/helium-miner-software/blob/master/docker-compose.yml |
|
I believe this issue is related --> |
|
@cwolfinger Correct. Don't expect a fix anytime soon tho. I created the issue almost one year ago and not even a single reponse from the "official" maintainers has been posted. |
|
Yeah, I think this is due to Nebra running miner in a docker container. |
|
I think the question is why is the miner running in the docker network vs the host network ? if you need to communicate between multiple container you can always bind to the loopback. If it is a single container I am not sure the advantage ... basically there is only one app running in these miners so the use of the host network would eliminate this problem. |
|
@cwolfinger there is not 1 container running... Check https://github.com/NebraLtd/helium-miner-software/blob/master/docker-compose.yml and the readme in the same repo Also this is is not strictly speaking a docker issue but more generally a Moby issue as we use balenaEngine. See issue here balena-os/balena-engine#265 |
|
@shawaj should I transfer this to some other repo or close it? How would you like us to handle misdirected (from our perspective) issues like this? |
|
@jameses986 just wanted to say I was also seeing this on my bobcat also a few weeks ago on my pfsense firewall. I have since then moved this bobcat off site, so I dont have any screenshots anymore |
|
This bug has been fixed, I believe. |
My setup....
pfsense firewall/router setup with a VLAN for separate traffic for miner. One switch port on the SG-2100 is dedicated to the wired miner connection. No other devices are on this VLAN, wireless, or wired connection. POE injector is supplying power.
Miner is Skinny Blonde Eagle.
I cannot get it out of Relay mode and I believe it is because of the mysterious IP address that shows up about every 1-2 hours.
DHCP is on to hand out IP addresses, 44158 is wide open and verified with external port scan, and protocal flags have all be allowed to pass. the miner is grabbing 172.17.0.2 within the DHCP server of 172.17.0.0/16. I opened up the DHCP pool because I have noticed the other IPs showing. The current mysterious IP is 172.17.0.3, and it is showing up as blocked by the native rules in my firewall. I have added a rule to allow it to pass, and still waiting on the IP to be generated again...
See below for 2 images. first one is showing all the pass rules for firewall on the VLAN.
second one is the mystery IP being blocked. it is the only blocked traffic on the VLAN. and I believe it is the reason I am still in Relay mode with miner,
Anyone else seeing the same in their firewall? I am not sure what to do about it, and worry others are not aware of the situation.
The text was updated successfully, but these errors were encountered: