I recently received my Bobcat 300 miner* after months of waiting. Much of the advice I’d read/seen on the subject suggested to leave the hotspot alone and that it takes a very long time to sync.
This is true but it assumes you configured your network correctly first and have the correct port opened to the outside world. If it’s not it will take even longer to sync the blockchain and your hotspot will have a yellow “Relayed” status. This is slowing down your sync and will harm your rewards even when it finishes since your responses to challenges will be “relayed” and will often time out before they are relayed through other hotspots.
In this guide I’ll show you how to get your network configured correctly for your hotspot to sync as fast as possible and remove the “Relayed” status!
Overview
The Helium hotspot uses peer to peer networking similar to other cryptocurrency wallets (with “nodes” etc.) as well as BitTorrent and other peer to peer applications. Xbox Live and PSN also both use peer to peer networking where one console with a high quality internet connection will be chosen to be the “host” and the other players in the game lobby create a peer to peer connection to the host console.
Just like every other peer to peer application not having the correct ports open on your firewall impacts your speed. On our Xbox Live/PSN example you would get a “poor” connection rating and never be chosen as a host. With Helium the “Relayed” status is the equivalent of the Xbox Live/PSN “Poor” connection quality rating. The ports are not publicly accessible over the internet and you get penalized / a downgraded experience for this.
Here’s an example of a relayed hotspot:
Relayed Helium Hotspot
The solution is to open the correct port on your firewall by creating a “port forwarding” entry in your router.
Port Forwarding
The specific instructions for your router will vary but can be found with a quick Google search. It’s likely you’ve encountered this before for something else but if you haven’t it isn’t too difficult.
Once you feel confident you have the knowledge/instructions you need ready to set up port forwarding the main critical port you need to forward on your router is TCP Port:
44158
This is the port that will eliminate the “relayed” status and allow inbound connections to your device. This will also speed up your sync as outbound only points are at a disadvantage here since sometimes the people who connect to you end up sending you blocks!
Once you’ve set up the port forwarding it should update the status on it’s own eventually or if you want to speed things up you can unplug the power cable from the hotspot for about 10 seconds and then plug it back in. With all the hotspots joining it may take 15-30+ minutes (depending on many factors) but it should show up as solid green with no “relayed” status:
Happy Status Helium Hotspot
Observe that even though I am not 100% sync’d I still am green status with 91.31% sync’d. This can get very sluggish to update sometimes but unless you’re seeing no activity whatsoever for at least a few hours I would urge leaving it alone for the most part.
Note on Offline Status
It’s not unusual for the hotspots to go offline when trying to sync with the blockchain. They should however still be connecting periodically and you should see your sync slowly making progress.
My hotspot has got stuck several times where it went off for the entire night and when I turned it back on it had made no progress.
My best rule of thumb is to leave it alone as long as the light is “green” (for the Bobcat miner*) unless you aren’t seeing any change or progress for a long period of time. This may vary based on your miner but the problems actually seem to be with the Helium network as a whole. Which miner you have can have an impact but most of the congestion is on the Helium network itself from so many new hotspots joining and syncing at once!
Conclusion
I’m still not fully synchronized yet with the blockchain but it’s staying green and doesn’t have the relay status. So many points are joining the network that the hardware is having a difficult time keeping up!
Remember, the relay status does penalize your mining rewards. It also prevents you from participating in several other features in the Helium blockchain so make sure you have a green non-relayed status.
It’s definitely frustrating how slow it can be but as long as you periodically monitor that the percentage is going up (wait a few hours minimum before power cycling) and have your ports opened you will sync as fast as anyone else is (slowly) but you won’t be at a disadvantage!
I woke up this morning to find the hotspot 99.79% sync’d. It was offline and after a quick unplug and plug back in I’m syncing again and at 99.81%. This is the way folks, open that port and get out of relayed!
Update 6/24/2021
Success! My hotspot has completely sync’d. I’ve issued and completed a challenge now and am just waiting to witness my first hotspot and even earned 0.05 HNT for some reason (maybe my issued or successfully completed challenge?):
Helium Hotspot Fully Sync’dHotspot First Earnings
All in all it took about 5.5-6 days. This is because of so many new hotspots coming online so if you’re in a similar time range don’t panic unless you’re still at a really low % sync’d. Don’t give up, mine took forever but it’s finally working.
Update 6/29/2021
I’ve investigated the effects of relayed vs. non relayed status. If you observe the connections with an enterprise firewall you can see how many connections it has at a time. When you are in relayed status you will only have about 4 connections. When your ports are opened you’ll have closer to 20-100 connections! All of these connections are transferring data so it definitely helps speed things up.
The point has been running for a few days now and has already earned about 15 HNT! Hang in there, it’s worth it!
Update 8/7/2021
If your miner and radio aren’t the same unit (not the case with newer miners) you should also port forward UDP port:
The document says that if your miner and radio are the same unit then port forwarding this from the internet is not important so the Bobcat 300 (and all other Helium miners that have a name) do not need this but I wanted to add it here for completeness.
In other words, your Bobcat 300 (and the other newer “approved” models) and your radio are already the same device so they don’t need any ports opened or forwarded to talk to each other even though you can see it listening on the diagnostics. On older miners (back when you were able to make your own homebrew frankenminers and join the network without a special enrollment key) this wasn’t necessarily the case and then you would need to forward this port.
A port forward should not be necessary for most people unless you know your radio is separate from your miner (it probably isn’t, and you can’t make these types of miners anymore).
If you didn’t build your hotspot yourself, from parts, by hand, you do not have this. An external antenna does not apply, That is NOT a radio unit. It’s just an antenna and it can’t do anything by itself without a radio unit controlling it.
A “radio unit” is the computer/device that the end of your antenna plugs into. It has to have a CPU to process signals from / send signals to the antenna. If your antenna plugs directly into your miner then your miner *IS* the radio unit for sure and this is almost certainly the case for you.
It’s no longer possible to do this (only approved manufacturer hotspots can join the Helium network now, but you used to be able to homebrew) and hasn’t been for a long time because people used to make tons of hacked/spoofed hotspots (still a problem to this day but it used to be much, much worse).
Was your hotspot manufactured by a company like Bobcat, RAK, Synchrobit, any of them? Then you didn’t build a homebrew hotspot from parts by hand so you don’t have one and this does not apply to you. There has never been one sold like this that has a name or brand. If you can tell me what your hotspot “is” and that actually means something you don’t have it!
Hopefully this clears up some confusion for anyone else who is investigating this. The new Bobcat 300 diagnostic tool will undoubtedly make many other people wonder about this as well. The answer is that yes the Bobcat is listening on that port, but it’s talking to another chip that is also literally a part of the Bobcat. It’s like a computer talking to localhost or 127.0.0.1.
It doesn’t matter what your internet connection’s firewall is doing in this situation. It’s only a “localhost” connection in a modern Helium miner’s case because it doesn’t need to make any external connections like old school homebrew setups may have had to at some point.
You for sure do not have to worry about this now with any hotspot that has a “brand” or “name” and you didn’t build yourself!
Hey. I appreciate your content on here. I’ve been stuck in Relayed mode on my Nebra coming up on 9 days. Unfortunately I’ve got about 20 hrs troubleshooting my Fortigate 81E-POE. I’ve sent up a DHCP Reservation, Virtual IP, Group Policy and IPv4 Policies. I even had a Fortinet Engineer working on it for about 4 hrs. I can’t seem to get the port open and getting really frustrated. I noticed you switched away from Fortinet, were you able to get the port forwarding setup? Thanks in advance for any advice.
Absolutely, that only happened yesterday/today that I’ve been building a different network. Which device is your internet gateway? Keep in mind that I was using my Fortigate FG-61F as a PPPoE modem to connect with my ONT box (the box on the outside wall) for CenturyLink fiber so my Fortigate was my literal internet gateway. This is not usually the case though.
Where is your internet coming from? Do you have a cable modem or something like that? That’s where the port forward usually needs to go so unless you are also using your Fortigate as a PPPoE modem or some other setup where it literally is your cable/DSL/fiber modem then this probably isn’t where your port forward needs to go would be my guess. If you can describe the setup in more detail I may be able to help further here!
Kurt
3 years ago
Hey! I’ve read a ton of your posts here and they’re very knowledgeable and I appreciate all the help you give to the community!
I just received 2 of my bobcats and have 2 more on the way. (The second order I made shipped and the first hasn’t yet. Weird! order #145,000 and 155,000)
Here is my only concern currently, and I was hoping you could help me a little!
All of my hotspot locations use the stupid ATT modem/router combo unit in one way or another.
My 2 current locations use a Unifi setup behind the router which the Bobcats are directly plugged into.
I currently have both hotspots in the same location, just because I’m not ready to deploy the second one. They’re not synced yet and both are relayed. It’s been 15 hours since I forwarded.
I port forwarded almost immediately after setup + set static IPs on the unifi router.
I was able to open port 44158 and 22. . For some reason I couldn’t get port 443 to open. Confirmed they were open with portchecker on my PC that’s on the same network.
I also setup a port forward to the IP of the second bobcat miner, just to get it up to speed on the blockchain. My router allowed me to make the rule, but I’ve read that you can’t forward the same port to two different devices on the same network.. Is that true??
My main problem right now is figuring out how to properly configure the routers together without breaking the network. The first location is at a church which has a ton of IP sensitive devices and a pretty robust network setup.. So I don’t wanna break it or cause the church any issues. I work there so it’s not the end of the world if I have to do some reboots and junk here and there.
I’m assuming my fix for relayed might be in setting the ATT modem to bridge mode? I’ve also read people set UPNP to ON in the modem/router so that the router behind the network could request to open ports.
Welcome and great questions! I actually just set up a Unifi network yesterday and switched my internet gateway from a Fortigate to a Edge Router X (I eliminated my CenturyLink modem/gateway which is garbage and connect directly to my fiber box outside and ditched my ISP’s provided modem, I wrote about this journey here) with 2 Unifi long range APs at my house. I decided to do this instead of one of those IoT mesh networks (honestly partly because of my conversations with the trouble / limitations people were having with them in the comments right here on this article) and I am really pleased with it so far!
So the answer to the question about whether you can forward the same port to different IPs is no. The reason is because of what is actually happening when you forward a port. Let’s say your public IP address is 251.121.121.41. Every Helium miner in the world will see you on the network as 251.121.121.41. That means that *all* miners will connect to you with the following syntax:
251.121.121.41:44158
So what actually happens when this connection is made? In your current case nothing. The Unifi system will never receive any incoming connections. How could it? That isn’t an internet connection. It doesn’t link up with Comcast or the internet or anything like that. It has to talk to a *different* device to get to the internet like a modem. Sometimes these are combo devices from your ISP but obviously that is not the case with Unifi or any premium network equipment. These are not the same. One is your internet gateway (your modem) and the other is just your internal networking equipment that doesn’t have an internet connection on it’s own without some sort of gateway device.
That’s the first issue. The port forward will need to go into the AT&T modem/router combo. Now when it’s in there what happens when someone tries to connect to you an inbound connection will come from the internet through AT&T’s lines right into your house/location. This will *always* hit your internet gateway and will go no further without special port forwarding rules. It’s not going to hit devices behind the internet gateway. The only way it can is if you have a port forward entry in your internet gateway to take it to a different device. This is what the port forward entry is. If you add a port forward for 44158 your AT&T combo modem will receive the connection from the internet and then turn that connection into the IP you put in for your port forward (192.168.x.x).
It may seem like the Unifi is your internet gateway but it’s not. The easiest way to tell is to narrow down where does your “internet” come from by playing the game of “if I take this device out of my network will I have any internet access”. If you remove the Unifi devices will you still have internet? Yes you will (provided you can connect in some other way to the gateway) so they can’t be the internet gateway, all they do is forward messages to/from the real internet gateway. If you remove the AT&T combo gateway will you have internet even with the Unifi devices? Nope. Not even with 100 APs would you have any internet access with the Unifi devices because they aren’t an internet gateway and that is how you know for sure where your port forward needs to go.
If the way I’m explaining this sounds patronizing in any way it’s not. Networks are *incredibly* complex and I literally break down enterprise networks I work with in my head the exact same way. I ask myself these exact same simple questions. Where is the internet really coming from? What is the internet gateway? Which devices can I take away and the network will still function / won’t function and why?
This really helps understand what is happening in your head because it’s really easy to get lost in technical terms talking about this stuff. If you boil them down to to their most simple “where my internet device at” terms it’s much easier to think about this stuff for sure. It’s really easy to get lost in the weeds with really technical terms.
I find it easier to think about what is actually happening. A connection is coming from the internet to your internet gateway and your gateway needs to turn that into a local IP address. That’s all that is happening basically. Now with this framework we can try to tackle the second question of is it possible to port forward a port to 2 different IP addresses.
Let’s say you have your two miners on the network that we’ll call BobcatA and BobcatB. If someone is trying to challenge your hotspot and get you to send a beacon from BobcatA they would naturally try to connect to your public IP address and port like this: 251.121.121.41:44158. Your internet gateway (ATT combo) will now translate that connection to 44158 into 192.168.x.x:44158. Now let’s say it’s BobcatB’s turn for a beacon. A new challenger wants to connect to BobcatB and what does that look like: 251.121.121.41:44158.
Now you see the problem. If we were writing a letter to multiple people at the same address then you obviously put the name of the person you are sending a letter to as a “extra” field besides just the address. You can’t do that with an IP address / port. That *is* the final destination. Your router has no way to know which miner it was supposed to go to. Connecting to both miners will look exactly the same: 251.121.121.41:44158.
You only have one public IP address and one port 44158. That’s why you can’t have two miners on there. If they allowed you to change the port (essentially the port is like writing the name of the person on the address of a letter, but in this case that needs to always be 44158) you could but you can’t (probably by design, or at the very least this limitation suited them as they generally don’t want a ton of points in a single place).
You would need an extra IP address to do this. It’s possible, but the bottom line is you would need a second IP. This is where something like built in 5G would really help for multiple points or something that actually has it’s own gateway so it can have a unique IP address / port.
Now like I said I just did a Unifi setup last night and there are literally zero port forwards or any configuration I did in the Unifi. None. It was all done in the Edge Router X in my case! On my network I also did not need to put the Unifi devices in bridge mode. They already were in bridge mode and are assigning addresses for my regular network which is incredibly nice.
Your Unifi devices (if they’re like mine, UAP-AC-LR with a VM running the Unifi networking software, don’t have a cloud key yet) are theoretically bridging for you unless you changed/configured it differently. This is the first device I’ve *ever* worked with that came with bridging capabilities as the DEFAULT settings out of the box (where other routers don’t the Unifi has an “auto” setting for like DNS servers, DHCP management, etc.). This completely took care of all bridging for me out of the box.
Putting your modem into bridge mode may be a solution and some others here in the comments have done this in the past. It’s a backwards way of doing it for a typical household but it does get all your devices on the same network so it will work and might even be ideal / expected in an enterprise environment that your entire network would not at all be controlled by the internet gateway. In large networks the internet gateway would only serve the purpose of an internet gateway and not do DHCP, DNS or anything else pretty much. Even in these networks though it would still be the internet gateway and getting it to all the other devices (especially being able to still port forward all the way to the end of the route) is why the network engineers have jobs!
Given your understandable reluctance to modify the church’s infrastructure in a way that is going to have an undesirable impact though the backwards way might be the best way for your circumstances and should reach the same goal of having the device you are port forwarding to be on the same private network as the device being forwarded to (the hotspot/miner). It makes no difference which device(s) is/are bridged as long as they are on the same private network.
It’s usually done the other way around but I did not have to do this with my new Unifi APs and they seemed smart enough to bridge already (although there were options for changing this). The important part is that the Bobcat needs to be on the same private network as your port forwarding device. If your modem is giving out IPs that are different than Unifi (192.168.0.x vs 192.168.100.x for example) then port forwarding will never work across such a setup with two private networks.
I would try just putting your port forward into the AT&T combo device first and see if your Unifi is already bridging (or in more complicated enterprise setups there are other ways to deal with this that are very complex and even I barely understand and would have to ask a senior network engineer like being “trunked” to a different network and then routed, but this is unlikely for the setup you’re describing). At any rate this is your main problem so test this before changing anything else and see if the Unifi devices are smart enough to get it the rest of the way (mine were with the default settings) as that may get it. (Update: I ended up setting up a DHCP relay and turning the Unifi’s DHCP server off).
Hopefully that clarifies, thanks for the questions and kind words and if you’d like me to clarify/expand on anything let me know. This was a lot of ground to cover but hopefully it helps clear some things up!
Harold
3 years ago
Just got my Bobcat setup yesterday via Ethernet, its online green light is on the Bobcat box and syncing now currently @12 hours i get it can take a few days but
About 2 hours into the sync process the Relayed light came up on the helium phone app : ( …
Started to do all the port forward stuff in the router but have the private IP and wasn’t working so I deleted those port forward settings within the router for now
I tried to enable DMZ on same ip that didn’t work either, so disabled that aswell.
Bobcat miner DHCP local private iP currently is 192.168.0.162
“Error: This is a private LAN address, it can neither be routed, geolocated or publicly looked up in the internet”
The port forward needs to be set up in your Arris device since that is your modem / internet connection device. It will receive the connections to forward.
The problem is your TP Link device is not in bridge mode. It is issuing different IPs. 192.168.100.x is a different private network than 192.168.0.x. If you put the TP Link device in bridge mode all devices on your network will have 192.168.0.x IPs. This is what you want.
Next you will need to gain access to that Arris/modem device. That is where the port forward needs to go since that’s where all inbound internet connections will go to. Putting the port forward in the TP Link will do nothing because it is not the internet gateway in your network. It needs to go where your internet lines come in / your modem and that should get it working!
I put the router into AP mode aka “Bridge mode” that killed the whole network and I couldn’t access anything I had to factory reset to put it back in to “Router mode”
The Bobcat new private iP is now
192.168.0.161
Put on Reserve list now in router
The Arris TM1602 is from spectrum all it is, is a cable modem with one RJ45 port and two RJ11 ports that are not being used.
I have
1 RJ45 wire from modem going to the WAN port on router
On the router LAN ports I have 4
1 going to TV
1 going to Sound system
1 going to Bobcat
4th LAN port empty
I don’t have a switch unless I go buy one
I currently cannot access the Arris cable modem, im going to have to call Spectrum for some daily changing password.
Without it working in bridge mode it can’t work. There’s no way to forward across two private networks. They need to all be 192.168.0.x.
Your other option is to plug the Bobcat directly into your Arris modem. You will need access to it no matter what to set up the port forward. I’d look for some documents specific to your router. I’m not sure why bridge mode would not work for you as it definitely should not disable internet access or anything like that!
Mike
3 years ago
Hey James,
Can you plug a miner directly into the modem to avoid port forwarding the router? I have an extra port on my modem and was thinking this might help with my relayed status.
Great question. Yes, this would avoid having to do this to plug it directly into the router. You are basically cutting the wireless network out of the equation. Your main router (which is usually where your internet comes in) will have the miner be on the same network as it is so the port forward will work in this situation.
The only negative consequence of this is that if you try to connect with the miner directly by typing in it’s local IP from the wireless network it won’t work. You’d also have to be wired / plugged into the router (if you try from a phone or wireless device it won’t be able to directly connect to it) but you can absolutely do this (especially if you have a WiFi setup that can’t enable bridge mode). Hopefully that helps!
Jay
3 years ago
Hi. I have a Nebra indoor. It is connected (wired) to my comcast modem. I have done all of the port forwarding, DMZ-ing the device’s IP address, allowing device discovery, UPNP, power cycling the modem and miner, etc. But I’m still in relay after 2 days. You seem to have done much more research than the other authors that I have read. Any ideas would be greatly appreciated. Thanks!
It sounds like a tricky configuration for sure. I would say we should narrow things down with a few tests.
What happens if you type in your public IP in your browser to the right port? For mine it is:
httx://174.23.158.254:44158/
That’s my real IP (for something like 24/48 hours probably until it switches, I’m not static) so you can literally try this on me and see the output you should get. If you try it and the person has a valid port forward your browser will say something like this:
This page isn’t working
174.23.158.254 sent an invalid response.
ERR_INVALID_HTTP_RESPONSE
If you see this the person has a valid port forward entry. If you get server not found / invalid connection it doesn’t.
Your complication actually sounds complicated. DMZ can be tricky. This is the test to start with for sure. It’s even better if you have a cell phone and can disable WiFi to make sure you aren’t being routed internally differently than you will be externally.
Punch in your IP and port 44158 into this tool and it will connect from an external web server. This tool may also give you slightly more detailed information about the port status.
If you are not getting connections through this tool then your port forward is not set up correctly. Is it on your actual internet gateway? Most people I’ve seen having issues are trying to put their port forward in the the wrong device (that isn’t their real internet gateway, it’s like their internal wireless router etc) but I actually don’t think this will be the case with you. It may be the DMZ. Does your ISP require a DMZ configuration? I’ve seen that a couple of times but you may want to try just a basic port forwarding configuration unless that isn’t possible.
UPNP or any type of firewall/port negotiation unfortunately is not used. This needs to be a legit port forward and you have to set it up 100% correctly yourself or it won’t work. The DMZ is the same way. If you are not getting a response from any of these tools/methods then for sure the DMZ/port forward is not functioning.
I can definitely assist further if you want to get into the nuts and bolts for sure like posting any of your config / a diagram etc. and I’m certain we can figure it out but let’s see what your results are from testing connecting to the port/IP externally with something like your browser!
A second test to do (useful of putting your IP in your browser on the local network causes different results)
Marie
3 years ago
Great article! By radio do you mean the antenna? Meaning if I’m using a different one than the stock antenna I should port forward?
Great question! I just added that section yesterday so it’s not super clear yet.
Nope. You will absolutely 100% know if you have this. No RAK, Bobcat, etc. works this way or any device that’s been approved to be sold (to my knowledge). It would literally be a separate computer controlling your radio with it’s own network connection. It might not even be on the same network at which point without a port forward proof of coverage (beacons, witnessing, how you get money) would not work at all.
If you didn’t build your hotspot yourself from parts by hand then you literally cannot have this as it’s never been “approved” in this design that I’ve ever seen (correct me if anyone knows about some obscure hotspot I don’t know about that still managed to get approved with a separate radio controller CPU/board).
This is from when you could make your own hotspots. You can’t, so you don’t have one. I discovered this open port using the diagnostics but then once I read the Helium documentation I realized that nobody who has ever purchased a hotspot will have anything like this. It’s essentially old information that’s only useful for people grandfathered in (who should know this better than anyone already). You used to be able to build a hotspot like a PC believe it or not. Buy a bunch of separate antennas, some sort of computer and other parts and slap them together!
This was eliminated long before 95%+ of people had ever heard of Helium or even preordered a hotspot. People used to build hacked hotspots (hacked as in way more powerful antennas than they were reporting, gps spoofing, or much worse) and cheat using this. It’s still a problem to this day honestly but much less so now that new points have to have a special key from the Helium team (only given to approved manufacturers, and the bar for approval is high).
It won’t work at all if you needed this and don’t have it. It says you can’t participate in proof of coverage without it. Have you ever issued a challenge or sent a ping? Then your hotspot has already proven it doesn’t need this forward. If you had a separate radio CPU/unit from your main processing/communication unit it would never beacon, never witness, none of it without this port communicating because that is all proof of coverage.
This is almost certainly why it’s not mentioned anymore. It does not apply to you, and if it did you would have known a long time ago because it means you would have built your own hotspot (all the components) yourself by hand. Hopefully that clarifies!
James! Thanks for your posts and dedication to Helium mining. Been most helpful for a newbie!
Thanks for the kind words Timbo, take care!
Hey. I appreciate your content on here. I’ve been stuck in Relayed mode on my Nebra coming up on 9 days. Unfortunately I’ve got about 20 hrs troubleshooting my Fortigate 81E-POE. I’ve sent up a DHCP Reservation, Virtual IP, Group Policy and IPv4 Policies. I even had a Fortinet Engineer working on it for about 4 hrs. I can’t seem to get the port open and getting really frustrated. I noticed you switched away from Fortinet, were you able to get the port forwarding setup? Thanks in advance for any advice.
Hey Schop,
Absolutely, that only happened yesterday/today that I’ve been building a different network. Which device is your internet gateway? Keep in mind that I was using my Fortigate FG-61F as a PPPoE modem to connect with my ONT box (the box on the outside wall) for CenturyLink fiber so my Fortigate was my literal internet gateway. This is not usually the case though.
Where is your internet coming from? Do you have a cable modem or something like that? That’s where the port forward usually needs to go so unless you are also using your Fortigate as a PPPoE modem or some other setup where it literally is your cable/DSL/fiber modem then this probably isn’t where your port forward needs to go would be my guess. If you can describe the setup in more detail I may be able to help further here!
Hey! I’ve read a ton of your posts here and they’re very knowledgeable and I appreciate all the help you give to the community!
I just received 2 of my bobcats and have 2 more on the way. (The second order I made shipped and the first hasn’t yet. Weird! order #145,000 and 155,000)
Here is my only concern currently, and I was hoping you could help me a little!
All of my hotspot locations use the stupid ATT modem/router combo unit in one way or another.
My 2 current locations use a Unifi setup behind the router which the Bobcats are directly plugged into.
I currently have both hotspots in the same location, just because I’m not ready to deploy the second one. They’re not synced yet and both are relayed. It’s been 15 hours since I forwarded.
I port forwarded almost immediately after setup + set static IPs on the unifi router.
I was able to open port 44158 and 22. . For some reason I couldn’t get port 443 to open. Confirmed they were open with portchecker on my PC that’s on the same network.
I also setup a port forward to the IP of the second bobcat miner, just to get it up to speed on the blockchain. My router allowed me to make the rule, but I’ve read that you can’t forward the same port to two different devices on the same network.. Is that true??
My main problem right now is figuring out how to properly configure the routers together without breaking the network. The first location is at a church which has a ton of IP sensitive devices and a pretty robust network setup.. So I don’t wanna break it or cause the church any issues. I work there so it’s not the end of the world if I have to do some reboots and junk here and there.
I’m assuming my fix for relayed might be in setting the ATT modem to bridge mode? I’ve also read people set UPNP to ON in the modem/router so that the router behind the network could request to open ports.
What do you recommend?
Thanks in advance!!
-Kurt
Hey Kurt,
Welcome and great questions! I actually just set up a Unifi network yesterday and switched my internet gateway from a Fortigate to a Edge Router X (I eliminated my CenturyLink modem/gateway which is garbage and connect directly to my fiber box outside and ditched my ISP’s provided modem, I wrote about this journey here) with 2 Unifi long range APs at my house. I decided to do this instead of one of those IoT mesh networks (honestly partly because of my conversations with the trouble / limitations people were having with them in the comments right here on this article) and I am really pleased with it so far!
So the answer to the question about whether you can forward the same port to different IPs is no. The reason is because of what is actually happening when you forward a port. Let’s say your public IP address is 251.121.121.41. Every Helium miner in the world will see you on the network as 251.121.121.41. That means that *all* miners will connect to you with the following syntax:
251.121.121.41:44158So what actually happens when this connection is made? In your current case nothing. The Unifi system will never receive any incoming connections. How could it? That isn’t an internet connection. It doesn’t link up with Comcast or the internet or anything like that. It has to talk to a *different* device to get to the internet like a modem. Sometimes these are combo devices from your ISP but obviously that is not the case with Unifi or any premium network equipment. These are not the same. One is your internet gateway (your modem) and the other is just your internal networking equipment that doesn’t have an internet connection on it’s own without some sort of gateway device.
That’s the first issue. The port forward will need to go into the AT&T modem/router combo. Now when it’s in there what happens when someone tries to connect to you an inbound connection will come from the internet through AT&T’s lines right into your house/location. This will *always* hit your internet gateway and will go no further without special port forwarding rules. It’s not going to hit devices behind the internet gateway. The only way it can is if you have a port forward entry in your internet gateway to take it to a different device. This is what the port forward entry is. If you add a port forward for 44158 your AT&T combo modem will receive the connection from the internet and then turn that connection into the IP you put in for your port forward (192.168.x.x).
It may seem like the Unifi is your internet gateway but it’s not. The easiest way to tell is to narrow down where does your “internet” come from by playing the game of “if I take this device out of my network will I have any internet access”. If you remove the Unifi devices will you still have internet? Yes you will (provided you can connect in some other way to the gateway) so they can’t be the internet gateway, all they do is forward messages to/from the real internet gateway. If you remove the AT&T combo gateway will you have internet even with the Unifi devices? Nope. Not even with 100 APs would you have any internet access with the Unifi devices because they aren’t an internet gateway and that is how you know for sure where your port forward needs to go.
If the way I’m explaining this sounds patronizing in any way it’s not. Networks are *incredibly* complex and I literally break down enterprise networks I work with in my head the exact same way. I ask myself these exact same simple questions. Where is the internet really coming from? What is the internet gateway? Which devices can I take away and the network will still function / won’t function and why?
This really helps understand what is happening in your head because it’s really easy to get lost in technical terms talking about this stuff. If you boil them down to to their most simple “where my internet device at” terms it’s much easier to think about this stuff for sure. It’s really easy to get lost in the weeds with really technical terms.
I find it easier to think about what is actually happening. A connection is coming from the internet to your internet gateway and your gateway needs to turn that into a local IP address. That’s all that is happening basically. Now with this framework we can try to tackle the second question of is it possible to port forward a port to 2 different IP addresses.
Let’s say you have your two miners on the network that we’ll call BobcatA and BobcatB. If someone is trying to challenge your hotspot and get you to send a beacon from BobcatA they would naturally try to connect to your public IP address and port like this:
251.121.121.41:44158. Your internet gateway (ATT combo) will now translate that connection to 44158 into 192.168.x.x:44158. Now let’s say it’s BobcatB’s turn for a beacon. A new challenger wants to connect to BobcatB and what does that look like:251.121.121.41:44158.Now you see the problem. If we were writing a letter to multiple people at the same address then you obviously put the name of the person you are sending a letter to as a “extra” field besides just the address. You can’t do that with an IP address / port. That *is* the final destination. Your router has no way to know which miner it was supposed to go to. Connecting to both miners will look exactly the same:
251.121.121.41:44158.You only have one public IP address and one port 44158. That’s why you can’t have two miners on there. If they allowed you to change the port (essentially the port is like writing the name of the person on the address of a letter, but in this case that needs to always be 44158) you could but you can’t (probably by design, or at the very least this limitation suited them as they generally don’t want a ton of points in a single place).
You would need an extra IP address to do this. It’s possible, but the bottom line is you would need a second IP. This is where something like built in 5G would really help for multiple points or something that actually has it’s own gateway so it can have a unique IP address / port.
Now like I said I just did a Unifi setup last night and there are literally zero port forwards or any configuration I did in the Unifi. None. It was all done in the Edge Router X in my case! On my network I also did not need to put the Unifi devices in bridge mode. They already were in bridge mode and are assigning addresses for my regular network which is incredibly nice.
Your Unifi devices (if they’re like mine, UAP-AC-LR with a VM running the Unifi networking software, don’t have a cloud key yet) are theoretically bridging for you unless you changed/configured it differently. This is the first device I’ve *ever* worked with that came with bridging capabilities as the DEFAULT settings out of the box (where other routers don’t the Unifi has an “auto” setting for like DNS servers, DHCP management, etc.). This completely took care of all bridging for me out of the box.
Putting your modem into bridge mode may be a solution and some others here in the comments have done this in the past. It’s a backwards way of doing it for a typical household but it does get all your devices on the same network so it will work and might even be ideal / expected in an enterprise environment that your entire network would not at all be controlled by the internet gateway. In large networks the internet gateway would only serve the purpose of an internet gateway and not do DHCP, DNS or anything else pretty much. Even in these networks though it would still be the internet gateway and getting it to all the other devices (especially being able to still port forward all the way to the end of the route) is why the network engineers have jobs!
Given your understandable reluctance to modify the church’s infrastructure in a way that is going to have an undesirable impact though the backwards way might be the best way for your circumstances and should reach the same goal of having the device you are port forwarding to be on the same private network as the device being forwarded to (the hotspot/miner). It makes no difference which device(s) is/are bridged as long as they are on the same private network.
It’s usually done the other way around but I did not have to do this with my new Unifi APs and they seemed smart enough to bridge already (although there were options for changing this). The important part is that the Bobcat needs to be on the same private network as your port forwarding device. If your modem is giving out IPs that are different than Unifi (192.168.0.x vs 192.168.100.x for example) then port forwarding will never work across such a setup with two private networks.
I would try just putting your port forward into the AT&T combo device first and see if your Unifi is already bridging (or in more complicated enterprise setups there are other ways to deal with this that are very complex and even I barely understand and would have to ask a senior network engineer like being “trunked” to a different network and then routed, but this is unlikely for the setup you’re describing). At any rate this is your main problem so test this before changing anything else and see if the Unifi devices are smart enough to get it the rest of the way (mine were with the default settings) as that may get it. (Update: I ended up setting up a DHCP relay and turning the Unifi’s DHCP server off).
Hopefully that clarifies, thanks for the questions and kind words and if you’d like me to clarify/expand on anything let me know. This was a lot of ground to cover but hopefully it helps clear some things up!
Just got my Bobcat setup yesterday via Ethernet, its online green light is on the Bobcat box and syncing now currently @12 hours i get it can take a few days but
About 2 hours into the sync process the Relayed light came up on the helium phone app : ( …
My Wifi Router is a TP Link Archer AX20/AX1800
Started to do all the port forward stuff in the router but have the private IP and wasn’t working so I deleted those port forward settings within the router for now
I tried to enable DMZ on same ip that didn’t work either, so disabled that aswell.
Bobcat miner DHCP local private iP currently is 192.168.0.162
“Error: This is a private LAN address, it can neither be routed, geolocated or publicly looked up in the internet”
My Modem is an Arris TM1602
no extra ports other than the Combo phone ports which are not being used
Modem iP 192.168.100.1
When I try to log in to it says
“In order to access advanced features you must enter the password of the day”:
No username it just ask for a pass all the generic usual ones don’t work
Cant figure that out…
No password is on the stickers of the modem anywhere
Im just stuck, I understand why its Relayed just not sure how to fix it if changing it in the router wont fix it.
The public iP that is given out is 35.135.177.118
Can you help?
Hey Harold,
The port forward needs to be set up in your Arris device since that is your modem / internet connection device. It will receive the connections to forward.
The problem is your TP Link device is not in bridge mode. It is issuing different IPs. 192.168.100.x is a different private network than 192.168.0.x. If you put the TP Link device in bridge mode all devices on your network will have 192.168.0.x IPs. This is what you want.
Next you will need to gain access to that Arris/modem device. That is where the port forward needs to go since that’s where all inbound internet connections will go to. Putting the port forward in the TP Link will do nothing because it is not the internet gateway in your network. It needs to go where your internet lines come in / your modem and that should get it working!
Hey James thanks for the quick reply
I put the router into AP mode aka “Bridge mode” that killed the whole network and I couldn’t access anything I had to factory reset to put it back in to “Router mode”
The Bobcat new private iP is now
192.168.0.161
Put on Reserve list now in router
The Arris TM1602 is from spectrum all it is, is a cable modem with one RJ45 port and two RJ11 ports that are not being used.
I have
1 RJ45 wire from modem going to the WAN port on router
On the router LAN ports I have 4
1 going to TV
1 going to Sound system
1 going to Bobcat
4th LAN port empty
I don’t have a switch unless I go buy one
I currently cannot access the Arris cable modem, im going to have to call Spectrum for some daily changing password.
Without it working in bridge mode it can’t work. There’s no way to forward across two private networks. They need to all be 192.168.0.x.
Your other option is to plug the Bobcat directly into your Arris modem. You will need access to it no matter what to set up the port forward. I’d look for some documents specific to your router. I’m not sure why bridge mode would not work for you as it definitely should not disable internet access or anything like that!
Hey James,
Can you plug a miner directly into the modem to avoid port forwarding the router? I have an extra port on my modem and was thinking this might help with my relayed status.
Hey Mike,
Great question. Yes, this would avoid having to do this to plug it directly into the router. You are basically cutting the wireless network out of the equation. Your main router (which is usually where your internet comes in) will have the miner be on the same network as it is so the port forward will work in this situation.
The only negative consequence of this is that if you try to connect with the miner directly by typing in it’s local IP from the wireless network it won’t work. You’d also have to be wired / plugged into the router (if you try from a phone or wireless device it won’t be able to directly connect to it) but you can absolutely do this (especially if you have a WiFi setup that can’t enable bridge mode). Hopefully that helps!
Hi. I have a Nebra indoor. It is connected (wired) to my comcast modem. I have done all of the port forwarding, DMZ-ing the device’s IP address, allowing device discovery, UPNP, power cycling the modem and miner, etc. But I’m still in relay after 2 days. You seem to have done much more research than the other authors that I have read. Any ideas would be greatly appreciated. Thanks!
Hey Jay,
It sounds like a tricky configuration for sure. I would say we should narrow things down with a few tests.
What happens if you type in your public IP in your browser to the right port? For mine it is:
httx://174.23.158.254:44158/That’s my real IP (for something like 24/48 hours probably until it switches, I’m not static) so you can literally try this on me and see the output you should get. If you try it and the person has a valid port forward your browser will say something like this:
This page isn’t working174.23.158.254 sent an invalid response.
ERR_INVALID_HTTP_RESPONSE
If you see this the person has a valid port forward entry. If you get server not found / invalid connection it doesn’t.
Your complication actually sounds complicated. DMZ can be tricky. This is the test to start with for sure. It’s even better if you have a cell phone and can disable WiFi to make sure you aren’t being routed internally differently than you will be externally.
Another useful site to test:
yougetsignal
Punch in your IP and port 44158 into this tool and it will connect from an external web server. This tool may also give you slightly more detailed information about the port status.
If you are not getting connections through this tool then your port forward is not set up correctly. Is it on your actual internet gateway? Most people I’ve seen having issues are trying to put their port forward in the the wrong device (that isn’t their real internet gateway, it’s like their internal wireless router etc) but I actually don’t think this will be the case with you. It may be the DMZ. Does your ISP require a DMZ configuration? I’ve seen that a couple of times but you may want to try just a basic port forwarding configuration unless that isn’t possible.
UPNP or any type of firewall/port negotiation unfortunately is not used. This needs to be a legit port forward and you have to set it up 100% correctly yourself or it won’t work. The DMZ is the same way. If you are not getting a response from any of these tools/methods then for sure the DMZ/port forward is not functioning.
I can definitely assist further if you want to get into the nuts and bolts for sure like posting any of your config / a diagram etc. and I’m certain we can figure it out but let’s see what your results are from testing connecting to the port/IP externally with something like your browser!
A second test to do (useful of putting your IP in your browser on the local network causes different results)
Great article! By radio do you mean the antenna? Meaning if I’m using a different one than the stock antenna I should port forward?
Hey Marie,
Great question! I just added that section yesterday so it’s not super clear yet.
Nope. You will absolutely 100% know if you have this. No RAK, Bobcat, etc. works this way or any device that’s been approved to be sold (to my knowledge). It would literally be a separate computer controlling your radio with it’s own network connection. It might not even be on the same network at which point without a port forward proof of coverage (beacons, witnessing, how you get money) would not work at all.
If you didn’t build your hotspot yourself from parts by hand then you literally cannot have this as it’s never been “approved” in this design that I’ve ever seen (correct me if anyone knows about some obscure hotspot I don’t know about that still managed to get approved with a separate radio controller CPU/board).
This is from when you could make your own hotspots. You can’t, so you don’t have one. I discovered this open port using the diagnostics but then once I read the Helium documentation I realized that nobody who has ever purchased a hotspot will have anything like this. It’s essentially old information that’s only useful for people grandfathered in (who should know this better than anyone already). You used to be able to build a hotspot like a PC believe it or not. Buy a bunch of separate antennas, some sort of computer and other parts and slap them together!
This was eliminated long before 95%+ of people had ever heard of Helium or even preordered a hotspot. People used to build hacked hotspots (hacked as in way more powerful antennas than they were reporting, gps spoofing, or much worse) and cheat using this. It’s still a problem to this day honestly but much less so now that new points have to have a special key from the Helium team (only given to approved manufacturers, and the bar for approval is high).
It won’t work at all if you needed this and don’t have it. It says you can’t participate in proof of coverage without it. Have you ever issued a challenge or sent a ping? Then your hotspot has already proven it doesn’t need this forward. If you had a separate radio CPU/unit from your main processing/communication unit it would never beacon, never witness, none of it without this port communicating because that is all proof of coverage.
This is almost certainly why it’s not mentioned anymore. It does not apply to you, and if it did you would have known a long time ago because it means you would have built your own hotspot (all the components) yourself by hand. Hopefully that clarifies!