/etc/i2pd/i2pd.conf contains number of listening ports configuration (actually 10 or more when you look for “port”). Which ones should I open in firewall so other people can connect my node? Excluding ones that are meant for management of my node. I manage the node only locally.
So far I have only open/forwarded one port, one that is set a few lines below the line “## Port to listen for connections” that certainly allows relaying traffic for other I2P peers per the http://127.0.0.1:7070/ traffic stats.
Services HTTP Proxy Enabled
SOCKS Proxy Enabled
BOB Disabled
SAM Enabled
I2CP Enabled
I2PControl Disabled
That one thats labled “Port to listen for connections” is the only one you need to forward, uncomment it and set it to a random number between 1025-65535, then just port forward the port you chose, and restart, and you should be good to go. If everything is working, you should see “Network Status: OK” in your webconsole. Also dont tell anyone the port you chose, it can be used to single out your router
None are required, and it’s intentionally randomized and supposed to be handled through uPnP. That said, as far as I know it’s only listed on your router’s Config -> Network page. None of the ports actually listed in i2pd.conf are the ones you need, although if you need to make it fixed and manually specify a port, look for the one that says it is “randomized by default” and uncomment it to put your own randomly chosen port there. Do not use the default port from the config, it’s intentionally supposed to be unpredictable.
i2p selects a random UDP+TCP port on first start that you have to open, the rest are usually only for internal use.
I have never used i2pd, but I think
i2pd portshould print which port it expects to be open. Alternatively you can set it yourself withi2pd port (your port)There is no requirement forward any ports
“Set a port and forward it to your i2pd instance in your router or (if available) use UPnP” https://github.com/PurpleI2P/i2pd/issues/1694 “If a static IP address is available, you need to either forward the port on your router or enable UPnP on it. i2pd supports UPnP and can open the port when the program starts.” https://github.com/PurpleI2P/i2pd/issues/1650 (machine translated, member of a PurpleI2P)
If UPnP is enabled on router and he is firewalled (I2P reports that), then IMO he should try forwarding that port traffic on the router to his LAN IP. But I have not and seen no proof that would show if firewalled and non firewalled makes any difference in I2P. In bittorrent it makes significant difference, it allows peers behind NAT to interconnect and bittorrent is using at least one technique to workaround peer connections behind NAT (but can still fail to establish connections between two passive/firewalled peers).
Port forwarding does help. The problem is that you have forward the right ports. If you don’t don’t know what you are doing it is easy to accidentally forward the management interface which is a major security risk.
Honesty port forwarding is only really needed because of NAT. If you can get native IPv6 is way better
I didn’t open any ports in my home router and connections are working good. It also says “firewalled” in my webconsole. Not sure, what the benefits are with opening ports.
My assumption is that forwarding port allows peers (other I2P users) to connect you even they are behind the firewall. Two firewalled peers can not connect in a bittorrent, but I2P is not bittorrent… But when it warns you about being “firewalled” it suggests some negative impact to me and suggests there may be similar connectivity issue like with bittorrent. Ports needs to be forwarded on router device (if applicable) or DMZ(if you are able to lock down your connectivity using your computer firewall - DENY/block policy by default and whitelist only listening ports of I2P, torrent client and similar), on VPN server, and opened in your firewall (if applicable).
