Default Ports and Firewalls
Erigon Ports
Component | Port | Protocol | Purpose | Should Expose |
---|---|---|---|---|
engine | 9090 | TCP | gRPC Server | Private |
engine | 42069 | TCP & UDP | Snap sync (Bittorrent) | Public |
engine | 8551 | TCP | Engine API (JWT auth) | Private |
sentry | 30303 | TCP & UDP | eth/68 peering | Public |
sentry | 30304 | TCP & UDP | eth/67 peering | Public |
sentry | 9091 | TCP | incoming gRPC Connections | Private |
rpcdaemon | 8545 | TCP | HTTP & WebSockets & GraphQL | Private |
Typically, 30303 and 30304 are exposed to the internet to allow incoming peering connections. 9090 is exposed only internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon). Port 8551 (JWT authenticated) is exposed only internally for Engine API JSON-RPC queries from the Consensus Layer node.
Caplin ports
Component | Port | Protocol | Purpose | Should Expose |
---|---|---|---|---|
sentinel | 4000 | UDP | Peering | Public |
sentinel | 4001 | TCP | Peering | Public |
If you are using --internalcl
aka caplin
as your consensus client, then also look at the chart above
Shared ports
Component | Port | Protocol | Purpose | Should Expose |
---|---|---|---|---|
all | 6060 | TCP | pprof | Private |
all | 6060 | TCP | metrics | Private |
Optional flags can be enabled that enable pprof or metrics (or both) - however, they both run on 6060 by default, so
you'll have to change one if you want to run both at the same time. use --help
with the binary for more info.
Other ports
Reserved for future use: gRPC ports: 9092
consensus engine, 9093
snapshot downloader, 9094
TxPool
Hetzner firewall rules
Hetzner may apply strict firewall rules:
Same in IpTables syntax.
Last updated