Jump to content

Setup UDM VLAN to run Proxmox LXC Containers for BLOCK Service Node including Enterprise Xrouter


Recommended Posts

The idea is to run your block service node daemons from its own VLAN subnet, then setup each daemon including the service node and enterprise xrouter from Proxmox lxc containers. The main network PC's can talk to things in the BLOCK network, but the things in the BLOCK network can't talk to anything outside of the VLAN.

image.png.3e16403b0d91058dbfb45f56a5ac2622.png

UDM Controller is constantly changing, this will vary as they continue releasing firmware updates to fix things. Go to Settings -> Networks -> Add a New Network

image.thumb.png.edca06521126bc4a971c014cf388e8f4.png

Name: Block
VLAN ID: 100
domain name: block

I let the UDM controller handle the rest, as I don't know where they did the DHCP subnet settings for this. Click Apply Changes when done. We now have a BLOCK VLAN to work with, and each hostname will be like denarius-container.block.

image.thumb.png.6fb4d2f5ed35bdfbf4a0dd72d7ee4a19.png

Next we setup the firewall rules so our LAN network can see the BLOCK VLAN, but BLOCK VLAN can't see our LAN network.

Settings -> Security -> Firewall -> LAN -> Create New Rule

image.thumb.png.199864e3e6079ff9c8589fa5d2edfa60.png

We want to allow everything so the first rule we create is Allow all Established/Related Traffic

image.thumb.png.6a694fadc915f39a87ef10365581f2b8.png

Then we want to block BLOCK to LAN

image.thumb.png.cb9b7ad58ef4ef324535f3c0da9000b9.png

With the rules setup we can now setup the Proxmox lxc containers.

  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Link to post
Share on other sites

Basically on each container, setup an unpriveleged container, and at the network part change to VLAN tag: 100

image.png.e49d4dce374a6d1b4522c3223acaa143.png

This can be changed after creating the container, so no big deal. Find the IP address by going into shell and run

ip a

this will show something like

2: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5D:37:f3:4a:38:64 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.4.82/24 brd 192.168.4.255 scope global dynamic eth0
       valid_lft 49675sec preferred_lft 49675sec
    inet6 fe80::5c36:f3ff:fe4a:3864/64 scope link 
       valid_lft forever preferred_lft forever

Where we see our Bitcoin local daemon will be at 192.168.4.82

This is what my bitcoin.conf looks like for block service node

server=1
listen=1
rpcuser=bitcoinusername
rpcpassword=bitcoinpassword
rpcallowip=192.168.0.0/16
rpcbind=0.0.0.0
port=8333
rpcport=8332
txindex=1

# Legacy addresses must be used (address must begin with "1", not "3")
addresstype=legacy
changetype=legacy

# Enable deprecated calls
deprecatedrpc=signrawtransaction

daemon=1

Create a block container for the main service node, and remember VLAN 100.

This is what my blocknet.conf looks like

server=1
listen=1
rpcuser=blocknetusername
rpcpassword=blocknetpassword
rpcallowip=192.168.0.0/16
port=41412
rpcbind=0.0.0.0
rpcport=41414
txindex=1
daemon=1

enableexchange=1
servicenode=1
rpcthreads=8
xrouter=1

On the block container ping the bitcoin container to make sure they can talk to each other.

ping 192.168.4.82

Now setup xbridge.conf, a quick example xbridge.conf

[Main]
ExchangeWallets=BLOCK,BTC,LTC,DVT,D,DOGE,DASH,DGB,XZC,RVN,PHR,XVG,MONA,XSN
FullLog=true
LogPath=
ExchangeTax=300
ShowAllOrders=false
[BLOCK]
Title=Blocknet
Ip=192.168.4.102
Username=blocknetusername
Password=blocknetpassword
Port=41414
AddressPrefix=26
ScriptPrefix=28
SecretPrefix=154
COIN=100000000
MinimumAmount=0
TxVersion=1
DustAmount=0
CreateTxMethod=BTC
GetNewKeySupported=true
ImportWithNoScanSupported=true
MinTxFee=10000
BlockTime=60
FeePerByte=20
Confirmations=0
Address=
TxWithTimeField=false
LockCoinsSupported=false
JSONVersion=
ContentType=
CashAddrPrefix=
[BTC]
Title=Bitcoin
Address=
Ip=192.168.4.82
Port=8332
Username=bitcoinusername
Password=bitcoinpassword
AddressPrefix=0
ScriptPrefix=5
SecretPrefix=128
COIN=100000000
MinimumAmount=0
TxVersion=2
DustAmount=0
CreateTxMethod=BTC
MinTxFee=12000
BlockTime=600
GetNewKeySupported=false
ImportWithNoScanSupported=false
FeePerByte=60
Confirmations=0
TxWithTimeField=false
LockCoinsSupported=false
JSONVersion=
ContentType=
CashAddrPrefix=

I have a script called pingping.sh to reload the full xbridge xrouter setup.

#!/bin/bash
printf "reload xbridge\n"
./blocknet-cli dxLoadXBridgeConf
printf "reload xrouter\n"
./blocknet-cli xrReloadConfigs
printf "list tokens\n"
./blocknet-cli dxGetLocalTokens
printf "XrStatus\n"
./blocknet-cli xrStatus
printf "send service node ping\n"
./blocknet-cli servicenodesendping

With that we can setup another container for xrproxy docker. With lxc container we can run nested to run docker. Create a container and at the end go to Options -> Features and checkmark Nesting

image.png.3d544c2645a59be32c1e99d47bb157b5.png

Setup xrouter enterprise behind full cloudflare tls/ssl proxy like here 

 

Now edit your /xrproxy/uwsgi.ini to something like this

## SPV sample configuration file
[uwsgi]
processes = 8
threads = 2

# Place your Service Node private key here (this is not a wallet private key!)
# Allows the XRouter Proxy to sign packets on your Service Node's behalf
# DO NOT SHARE THIS KEY
set-ph = SERVICENODE_PRIVKEY=YOURSUPERSECRETSERVICENODEPRIVKEY

#  mainnet or testnet
set-ph = BLOCKNET_CHAIN=mainnet

# Handle XRouter payments
set-ph = HANDLE_PAYMENTS=true
set-ph = HANDLE_PAYMENTS_RPC_HOSTIP=192.168.4.102
set-ph = HANDLE_PAYMENTS_RPC_PORT=41414
set-ph = HANDLE_PAYMENTS_RPC_USER=blocknetusername
set-ph = HANDLE_PAYMENTS_RPC_PASS=blocknetpassword
set-ph = HANDLE_PAYMENTS_RPC_VER=2.0

# Sample SPV RPC configuration
set-ph = RPC_BLOCK_HOSTIP=192.168.4.102
set-ph = RPC_BLOCK_PORT=41414
set-ph = RPC_BLOCK_USER=blocknetusername
set-ph = RPC_BLOCK_PASS=blocknetpassword
set-ph = RPC_BLOCK_VER=2.0
set-ph = RPC_BLOCK_METHOD=getblockcount

#Bitcoin
set-ph = RPC_BTC_HOSTIP=192.168.4.82
set-ph = RPC_BTC_PORT=8332
set-ph = RPC_BTC_USER=bitcoinusername
set-ph = RPC_BTC_PASS=bitcoinpassword
set-ph = RPC_BTC_VER=2.0
set-ph = RPC_BTC_METHOD=getblockcount
set-ph = RPC_BTC_METHOD=getblock
set-ph = RPC_BTC_METHOD=getblocks

Then port forward your enterprise xrouter port. Settings -> Advanced Features -> Advanced Gateway Settings -> Create New Port Forwarding. I used ports 443 and 80 since I am testing some stuff. I think you just need 443, but could be wrong.

image.thumb.png.ff9f804d7b739cc4351b981e3c6d14cc.png

Its a bit of figuring stuff out to sync it all together with more than just Blocknet and Bitcoin daemons, but now your Proxmox block service node is running in its own VLAN, the daemons only talk to themselves, and I am taking a wild guess very hard to break out of this monstrosity. Also since docker container is the one touching the internet behind a cloudflare proxy, someone would first have to breakout of the docker container, then the vlan, which the firewall stops the vlan from talking to anything else on your network.

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Link to post
Share on other sites
  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Link to post
Share on other sites
4 minutes ago, buzzkillb said:

https://api.denarius.pro/xr/D/xrGetBlockCount doesnt seem to return anything

Founder of BlockForums.org - PM me for any help - Join our Discord Server: https://discord.gg/UPpQy3n

Link to post
Share on other sites
6 minutes ago, Ghost said:

https://api.denarius.pro/xr/D/xrGetBlockCount doesnt seem to return anything

Forgot to change denarius.conf, denarius is slightly different than the current Bitcoin daemon. Example denarius.conf below, including how tor onion hidden service is behind this particular daemon. Have to allow 2 ip's, 1 for the block service node and 1 for the xrproxy docker container. Both inside their lxc containers.

rpcuser=denariususername
rpcpassword=denariuspassword
rpcport=32369
rpcallowip=192.168.4.102
rpcallowip=192.168.4.157
port=33369
daemon=1
listen=1
server=1
txindex=1
externalip=iuby4liuvnsh5fqp.onion
tor=127.0.0.1:9050
discover=1

 

  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Link to post
Share on other sites
8 minutes ago, buzzkillb said:

Forgot to change denarius.conf, denarius is slightly different than the current Bitcoin daemon. Example denarius.conf below, including how tor onion hidden service is behind this particular daemon. Have to allow 2 ip's, 1 for the block service node and 1 for the xrproxy docker container. Both inside their lxc containers.

rpcuser=denariususername
rpcpassword=denariuspassword
rpcport=32369
rpcallowip=192.168.4.102
rpcallowip=192.168.4.157
port=33369
daemon=1
listen=1
server=1
txindex=1
externalip=iuby4liuvnsh5fqp.onion
tor=127.0.0.1:9050
discover=1

 

Confirmed working now....sweet :)

  • Denarius 1

Founder of BlockForums.org - PM me for any help - Join our Discord Server: https://discord.gg/UPpQy3n

Link to post
Share on other sites

Ubiquiti's new controller is confusing, but once the settings are found its more intuitive setting up a VLAN. To adjust the DHCP subnet, range and DNS settings go into the VLAN itself, disable Auto Scale Network and then DHCP Name Server to Manual.

image.thumb.png.8955124dac677ca75d06217e0b0fdcb2.png

  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...