For the past 4 years, I've been using this configuration to obfuscate my node from the network. I employ two full nodes, one of which exclusively communicates with the node connected to the internet. The rationale behind this setup is to ensure that the node hosting my wallet isn't directly accessible from the internet, significantly reducing the risk of a hack and increased privacy. My question is whether this is the optimal approach or if there's a more efficient solution that doesn't require two nodes.
pull down to refresh
100 sats \ 0 replies \ @justin_shocknet 9 Dec
What you want is a reverse jumphost in place of PC1.
The jumphost is the internet facing system, and better it be a cheap VPS, these are good for this because it gives you an IP somewhere else.
Since it's only for connectivity it doesn't need hardly any resources, can be a few dollar a month option from a lowendbox deal.
On your actual full node system, you'll use iptables/firewall (ideally a firewall appliance infront of it too) to prevent any connectivity into this system to keep it dark.
The only rule you allow is an outbound rule to the external jumphost from PC2, can be over SSH for simplicity or wireguard if you're so inclined.
End result is your full node at your home looks like it has the VPS IP, and the only traffic that can hit it comes from the jumphost on the port specificed (bitcoin traffic port)
To go a step further, the jumphost could itself have another firewall that only allows traffic to select gossip peers or applications you might use.
Ignore anyone telling you to use Tor, they're just parroting nonsense they read somewhere else:
reply
54 sats \ 6 replies \ @DarthCoin 9 Dec
If you are using this scenario for onchain only, is not necessary the decoy node, is kind of useless. But yes, in some cases you can use it like that, for example running a core node alone and to that you link a neutrino client for a LN node or multiple other LN nodes as "clients".
If you are using this scenario for a LN node, then yes, could add more obfuscation 👍
reply
10 sats \ 5 replies \ @0xbitcoiner OP 9 Dec
I don't use this setup for LN, why do you say it's not necessary the decoy node (PC1 right?)?
reply
22 sats \ 4 replies \ @DarthCoin 9 Dec
PC1 full BTC core node is just a simple node that broadcast and verify txs in public blocks, will never reveal anything about your wallets connected to it.
You can connect to that node multiple wallets from many local or remote IPs without revealing anything. You do not need another node to connect to a local node.
Example: https://www.sparrowwallet.com/docs/connect-node.html
Also you can run an Electrum server / Fulcrum or Esplora server that is connected to that full node and offer SPV sync for your multiple wallets (remote or local IPs).
reply
0 sats \ 3 replies \ @0xbitcoiner OP 9 Dec
By storing the wallet on PC1, am I not increasing the risk of being hacked? Considering that the node broadcasting the transactions can be identified?
reply
11 sats \ 2 replies \ @DarthCoin 9 Dec
No, why is a risk? Is just an app that sign a tx (I suppose you are using Electrum or Sparrow).
No it can't. Is just a random node. Even if I know your public IP, I can't "hack" your wallet behind that node. I need a "door" to enter and that door is only when you open it (phishing attacks, spyware, malware scanning your keyboard). I think you watched too many "hacker movies"...
You can't know that a bitcoin node have behind 1 or 1000 other clients using its block sync.
reply
0 sats \ 1 reply \ @0xbitcoiner OP 9 Dec
The risk is that it will become a hot wallet. I don't use Electrum or Sparrow in this wallet.
From what I've read in the past, it's not that random. When the full node connects to peers, it connects to the closest peers and I think it has a limit (maybe configurable, but I think the normal limit is 10).
reply
21 sats \ 0 replies \ @DarthCoin 9 Dec
Bad.
Yes a simple node have a limit of 10 peers. You can increase that limit but that will imply also to open the port 8333 and will have huge impact on your bandwidth used, IP etc. I would not recommend doing that, only if you really want to be a REAL public seeder node.
reply
11 sats \ 2 replies \ @DarthCoin 9 Dec
Here is a transcript that answer your question in a more detailed way:
https://btctranscripts.com/andreas-antonopoulos/2018-08-30-andreas-antonopoulos-home-network-security
reply
21 sats \ 1 reply \ @0xbitcoiner OP 9 Dec
this ?
reply
11 sats \ 0 replies \ @DarthCoin 9 Dec
I saved you time sharing that part of the transcript.
Reading also his book "Mastering Bitcoin" could help you a lot understanding all these technical aspects.
My advice: don't complicate things too much. The biggest threat is the user's sloppiness not how many levels of security you add.
Very good question anyways!
reply
0 sats \ 0 replies \ @LowK3y19 9 Dec
Sus much?
reply
0 sats \ 2 replies \ @DesertDave 9 Dec
I keep mine under a blanket so no one can see it.
reply
0 sats \ 1 reply \ @0xbitcoiner OP 9 Dec
But that makes it a hot wallet!
reply
0 sats \ 0 replies \ @DesertDave 9 Dec
It's fine. It has a fan in it.
reply
0 sats \ 2 replies \ @OT 9 Dec
I could be wrong, but I think running an electrum server is what you need.
reply
0 sats \ 1 reply \ @0xbitcoiner OP 9 Dec
Can you elaborate on that?
reply
33 sats \ 0 replies \ @OT 9 Dec
Yeah, so you run a bitcoin node like you're doing and the seperate electrum server queries and indexes UTXO'S that your wallet needs. It basically stops other nodes from gathering info from your Bitcoin node.
Probably someone more technical can explain it better than that.
reply
0 sats \ 8 replies \ @ama 9 Dec
Why not use tor instead?
reply
0 sats \ 7 replies \ @0xbitcoiner OP 9 Dec
I'm asking because I don't know. Explain how it's done and the advantages and disadvantages of using tor.
reply
32 sats \ 6 replies \ @ama 9 Dec
Bitcoin Core includes Tor integration
When Tor is correctly setup on your system, Bitcoin Core automatically identifies Tor and creates an anonymous service. Little configuration is required to be 'off the grid' and, just a tiny bit more to be completely anonymous if that is important to you, with none of your Bitcoin traffic reaching out onto the public internet.
Using these steps you can be anonymous in only five minutes.
With the full privacy setup, transactions will of course still be broadcast but will only be broadcast actually onto the public internet by other Bitcoin nodes. With the standard 'off-the-grid' Tor setup, your Bitcoin traffic will be routed through the anonymous Tor network before reaching the public internet and other Bitcoin nodes on and off the Tor network to be effectively untraceable.
From: https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor#70070
reply
0 sats \ 5 replies \ @0xbitcoiner OP 9 Dec
Doesn't using TOR have any disadvantages?
reply
33 sats \ 0 replies \ @justin_shocknet 9 Dec
This isn't keeping your system dark, it's just drawing attention to it as a Tor peer. This person didn't understand the assignment.
reply
33 sats \ 0 replies \ @DarthCoin 9 Dec
For a private core node only, no disadvantages. As a private node (that only sync blocks from others and only add a tx to a block when you do it for yourself) the Tor connection is not making it slower or less available. If you lost a connection, you can wait a bit more for the next ones, not a big deal.
Things changes when you want to be a PUBLIC node that share more than leech, because you will have to be a reliable, fast and 24/7 online node SERVING the blocks sync fast.
Please make the difference between PUBLIC and PRIVATE nodes. Many people are confused, thinking that if they just run a bitcoincore node at home in full sync, automatically became a so called "Full Node". It is not like that, is a misconception.
reply
0 sats \ 2 replies \ @ama 9 Dec
Like what?
reply
0 sats \ 1 reply \ @0xbitcoiner OP 9 Dec
I asked first! Ahah
reply
11 sats \ 0 replies \ @ama 9 Dec
I don't see any. Well, maybe that using tor is slower than using clearnet, but I think it's worth it. Not sure if it might affect solo miners or mining pools, though.
reply