Fun Retirement Project: Thinking About Running a Full Node on Windows? (Full Node = BTC blockchain)

Lucas61

Well-known member
Jun 13, 2014
814
97
48
69
retired English teacher (30 years)
It turns out that I am the first one to run a Full Node in the Dom. Rep. This post is presented as a fun retirement project (can also be done on Mac OS or Linux) and does not involve funding. In fact, you will be paying a little more electricity. It really is about a public service combined with a DIY project as well as a great way to learn about crypto in general and BTC (bitcoin) in specific. In the months of running a Full Node with a good share of problems and "gotchas" this post also serves to pave the way for anyone else who was thinking about a project like this but was hesitant . . .

Although I have been running a Full Node for a couple of months now, it was only yesterday that I optimized** my node by successfully achieving port forwarding (8333).

That is not straightforward. Let’s add a VPN to the mix, even though I’m not running one, and consider that in an optimized Full Node there are three links in the chain that you have to consider: the OS, the modem, the VPN. This is a “gotcha” because if you fail to consider one of these components, you may not be able to optimize. Further, each of these links, if you think of it as a coin, has two sides: One side is that 8333 is explicitly made open. The other side is that even if 8333 is explicitly made open, another software feature could be blocking it, in which case, you cannot optimize. So, actually, there are six variables to consider: the OS, open versus block; the modem; open versus block; the VPN open versus block.

Further on in this post I will describe my initial failures, confusions, and how I fixed the problems. I am running Windows 11 Pro and my modem is ARRIS TG2482. I also run Linux but I choose Windows for some projects and Linux for others (e.g. BOINC).

I am proud to say that as a nearly 69 year old retiree in the Dominican Republic, that I am running the only Full Node in this country. I can confirm this at the website bitnodes.io When you are up and running, go to this URL to confirm your status. It has a “CHECK NODE” tool that will tell you if you are receiving connections from other nodes. Hint: If you have configured your modem with a range 1024 and 65535, you will not see that range here. You will simply see “8333” next to your ip address. The tool already “sees” your status, so just click on the “CHECK NODE.” If you get a green bar, you can receive data from other nodes; if you get a red bar, you cannot. For my output I get: 148.103.81.99:8333 /Satoshi:22.0.0/ This site also shows the number of running nodes (~ 15260) as well as a world map, a list of all countries running nodes, and the number of nodes per country. And much more.

CUTTING TO THE CHASE

You are thinking about running a BTC Full Node on Windows. (Remember that the source code for the BTC blockchain is open source so that altcoin will each run its own nodes, procedures may be different, etc.)

The first step is to eyeball your modem for the make and model and download the manual or quick start if you don’t have it. The manual will tell you your modem’s ip address and the default user name and password. “Enter” your modem” by typing its ip address into a browser. (If you are not online and/or your computer does not have a wi-fi, just connect an ethernet cable to the modem and you will have access. Any configuration changes you make and save in the modem from your computer will occur regardless of your online status).

Look for a tab or a menu item that says “firewall” or “advanced configuration” or “port forwarding” or “port triggering.” It is mandatory that your modem have the capacity for port forwarding or port triggering. If it doesn’t you cannot optimize your node and must buy a new modem and have your ISP provision it. Many ISP’s will list compatible modems on their website. You can then download the manuals of various ones to see which have advanced configuration.

Doing it. Problems, Confusions, and Solutions.

To set up, I turned off my modem’s firewall. YMMV. My modem had two different menus: one for port forwarding and one for port triggering. Since you can use either one, choose the simplest one. For me, that was port forwarding. The first thing I could see was that it was not possible to open port 8333 because there was no field in which to put a single port, that there were only fields to express a range, so I put in 1024 and 65535. For the ARRIS modem there were clickable “helps” which told me that for both incoming and outgoing ranges, that they would be the same, so I put in these values for both incoming and outgoing. That doesn’t make sense to me but that’s how it was. Besides inputting a name, the only other field was for my ip address. For that I opened Windows Search < Command Prompt and typed in ipconfig. Then I saved all and logged out of my modem.

Then, to be on the safe side, I rebooted both my computer and the modem. After that, I went to Bitcoin Core Information tab and saw “0 in; 10 out.” Problem! I’m not optimized even though I configured my modem. Did I make a mistake in the config.?

Then from the same tab I opened my Debug log file. Remember to scroll DOWN for the present time. If you read data from the top, you are looking at the past time.

Here I discovered “New outbound peer connected.” This is good. My modem is configured correctly! But confusing too. If my info tab shows “0” in, I’d expect to see “New inbound peer connected.” What is going on? I think that “outbound peer connected” means that I am now connected to other nodes. THEIR DATA IS OUTGOING FOR THEM BUT INCOMING TO ME. So the log should NOT say “inbound peer connected.”

But I still have a problem. The Bitcoin Core is a program designed for Windows OS. It is embedded in Windows, the registry, etc. So although Windows is showing via my log that I’m connected to outbound peers, I’m not receiving data from outbound peers.

And here’s a reminder of the “Gotcha!” that you have to consider the three links in the chain: the OS, the modem, the VPN; and not only port forwarding but port blocking.

So now I have a hunch that Windows is blocking my incoming data (showing “0” on the info tab). I go to Settings < Privacy & Security < Firewall & Network Protection. Lo and behold! I have THREE firewalls turned on. I disable: Domain network firewall; Private network firewall; Public network firewall. Disable and apply and ignore Windows’ warnings. Whether you need to disable all three: YMMV.

Then I reboot, after shutting down CORE, then re-start Core (I turn off autostart and prefer manual stat), go to Info tab and see In: 14/ Out: 10! I go to Network Traffic and for the first time I get two real time graphs, green received and red sent. And at bitnodes.io I am recognized and get a green bar. Success! I have optimized! Needless to say, I still had “failure” after a proper modem config. because of an OS block.



**Full Node optimization. Turns out that before I optimized I was still running a Full Node but a lesser Full Node. A Full Node is made up of different components. If you run 1 but not > than 1 you are still running a Full Node but less that optimized. Analogy: Given an identified music composition that you are listening to on your computer, the name of the composition is the same, but you can alter it qualitatively by adding or subtracting data, say by using the DAC soldered onto your motherboard versus buying an independent external DAC and bypassing the inferior one. The name of the composition is the same (Full Node) but the qualitative degrees are different—same in kind, different in degree, if you will.


You can see the various components of BTC Full Node when you look at your peers’ data per individual. These are the permutations possible:

Inbound (This is me before)
Outbound Full Relay (This is me after)
Network
Bloom
Witness
Network Limited

One peer may run 1 or more of the above. I guess it’s obvious why I am NOT listed as a peer here. To see my “component” status as a peer, I go to bitnode.io and I find out that my services are: node witness and node network limited (1032).
Service is the correct word, so I will substitute that for “component.”

I’m sure that further service tweaks are possible and I will investigate those as time goes on.

If you want to run a Full Node that is not optimized, as mine wasn't when I began, downloading the program is a piece of cake. I'll be happy to help if anyone is interested in "testing the waters." A "fun" project? LOL! YMMV.
 

Kricke87

Active member
Feb 16, 2021
334
237
43
Sosúa
Hint: If you have configured your modem with a range 1024 and 65535, you will not see that range here. You will simply see “8333” next to your ip address.
If you get a green bar, you can receive data from other nodes; if you get a red bar, you cannot. For my output I get: 148.103.81.99:8333 /Satoshi:22.0.0/
Look for a tab or a menu item that says “firewall” or “advanced configuration” or “port forwarding” or “port triggering.” It is mandatory that your modem have the capacity for port forwarding or port triggering.

The first thing I could see was that it was not possible to open port 8333 because there was no field in which to put a single port, that there were only fields to express a range, so I put in 1024 and 65535. For the ARRIS modem there were clickable “helps” which told me that for both incoming and outgoing ranges, that they would be the same, so I put in these values for both incoming and outgoing.
Honestly, I've not read through your comment completely, mostly because I'm not that interested in creating a Full node, however, there are some "mistakes/misunderstandings" in your comment.
First of all, the reason why if you open up your router from range 1024 - 65535 but only see the port 8333 as opened, is because that's the port that is being used for the traffic for that specific application.
It's just like you open all of your doors in your house, but you only go through your front door, does it matter that all of the other doors are open? No, the "traffic" only goes through your front door.

Then, thank you for giving us your IP address, :ROFLMAO: Although I'm not that paranoid and expect that everyone is trying to attack my network. However, just out of caution, I would NEVER publish my own IP address on a "public" forum, And from your comment and from just doing a quick lookup, it's quite obvious that it's your IP address.

Then I would also suggest you DON'T open up your ENTIRE LAN to the internet by opening up ports 1024-65535. This is a HUGH security risk, and completely unnecessary as you are only using 1 port for the traffic (8333). So if you cannot put a single port but you have to put in a range of ports, on many routers/modems you can normally put 8333-8333 as a valid "port-range", or if not possible I would suggest you used a smaller port range, such as 8333-8334.

And something you might want to clarify, did Altice give you a static public IP address? Because if you don't have your own static public IP address, it doesn't really matter if you use port-forward from your end if your ISP doesn't have that port open (and if it's an uncommon port, such as basically any port between 1024-65535, your ISP won't have it open).
So unless anyone else uses your guide and doesn't have their own static public IP address, this won't work for them.
I'm a bit surprised, but I've never used Altice as my broadband ISP, but when I had Claro 5 years ago, they were not able to provide that service of a static public IP address, but it was a shared one between me and who knows how many other clients. And that was one of many different reasons why I changed from Claro to a local ISP, that has offered me my own IP address.
 

JD Jones

Moderator - Covid 19 in DR & North Coast
Jan 7, 2016
7,615
4,901
113
Riveting info. What better way is there to spend a Sunday morning.o_O
 
  • Like
Reactions: Lucas61

Lucas61

Well-known member
Jun 13, 2014
814
97
48
69
retired English teacher (30 years)
Honestly, I've not read through your comment completely, mostly because I'm not that interested in creating a Full node, however, there are some "mistakes/misunderstandings" in your comment.
First of all, the reason why if you open up your router from range 1024 - 65535 but only see the port 8333 as opened, is because that's the port that is being used for the traffic for that specific application.
It's just like you open all of your doors in your house, but you only go through your front door, does it matter that all of the other doors are open? No, the "traffic" only goes through your front door.

Then, thank you for giving us your IP address, :ROFLMAO: Although I'm not that paranoid and expect that everyone is trying to attack my network. However, just out of caution, I would NEVER publish my own IP address on a "public" forum, And from your comment and from just doing a quick lookup, it's quite obvious that it's your IP address.

Then I would also suggest you DON'T open up your ENTIRE LAN to the internet by opening up ports 1024-65535. This is a HUGH security risk, and completely unnecessary as you are only using 1 port for the traffic (8333). So if you cannot put a single port but you have to put in a range of ports, on many routers/modems you can normally put 8333-8333 as a valid "port-range", or if not possible I would suggest you used a smaller port range, such as 8333-8334.

And something you might want to clarify, did Altice give you a static public IP address? Because if you don't have your own static public IP address, it doesn't really matter if you use port-forward from your end if your ISP doesn't have that port open (and if it's an uncommon port, such as basically any port between 1024-65535, your ISP won't have it open).
So unless anyone else uses your guide and doesn't have their own static public IP address, this won't work for them.
I'm a bit surprised, but I've never used Altice as my broadband ISP, but when I had Claro 5 years ago, they were not able to provide that service of a static public IP address, but it was a shared one between me and who knows how many other clients. And that was one of many different reasons why I changed from Claro to a local ISP, that has offered me my own IP address.
Hey, Kricke87, kudos on the door analogy. The reason I raised this "confusion" is because various pertinent websites state explicitly that you need to open port 8333. But this cannot be done as far as I can tell, so it's misleading. What should be said is that to access port Z enter range X to Y. I think your advice is good and I'll try it: Either range 8333 to 8333 (not actually a range) or 8332 to 8333 or 8333 to 8444. And you are right about NOT opening entire LAN. It's like you need to keep the cool air from the AC in the house but you open all the doors when you could have opened one.

I don't think I revealed my ip address as mine begins with 172.xx.xx.x whereas 148.xxx.xx.xx is the address of tricom (Altice). Not that it matters much since I'm a nobody with nothing to lose and hyper-aware of phishing attempts, etc. But I'd be an idiot to say that this question doesn't matter . . .

Regardless of whether my DNS is static or dynamic, the port is open, and I am functioning as I expect. But if you could illuminate me. My ip address is dynamic. I could choose a static one and bypass my ISP's DNS. Should I do that? Why or why not? I see that that's very easy to reconfigure in my Altice supported ARRIS modem.