Open Port 8333 for Bitcoin?

Overview

In this guide, I will explain what you need to know in relation to opening a port for your Bitcoin node, and how to do it. I will cover…

Basics of IP Addresses and Ports

Not everyone actually knows what an IP address is. Think of it like a telephone number, or a letter box number to a computer – some way to know how to send messages to a different machine.

What about ports? Think of them like phone extension numbers for an office in a larger building. The building has a phone number (IP address) which puts you through to the operator, who then dials a shorter number (port) to reach a specific phone in the building and puts you through. Think of domain names, eg “google.com”, like names in a phone book. Somewhere out there, there are people running computers called DNS servers that are like phone books with people’s names (domain names) with their phone numbers (IP addresses).

When you browse “google.com”, a few things happen that are generally hidden from you, but good to know about for better understanding.

If you don’t specify, the browser will prepend "https://" before the domain name, which is a secure transfer protocol (encrypted). Even if you specify the alternative "http://", which is unencrypted, sometimes websites won’t accept it, and sometimes your browser will automatically revert to "https://".

The other thing to note is that computers (actually, the routers of the computer) on the internet have publicly exposed IP addresses, eg 142.250.70.206 (the “phone numbers” or “letterbox numbers” of the computers). The IP, 142.250.70.206 is Google’s computer number. If you navigate to "https://142.250.70.206", then your computer will talk to Google’s computer, “Hey there, nice to meet you, please send me your main page so I can search for Bitcoin hopium content”. It then sends data, and your browser prints their page to your screen.

But that’s somewhat the reverse way of thinking about it. In reality, you type in “google.com” (not 142.250.70.206″, and hidden in the background, your request gets converted to "https://142.250.70.206". This “Domain Name System” is a mapping system of numbers to words for the internet protocol, similar to how BIP39 is a mapping system of numbers to words for Bitcoin wallets. Remember I mentioned, Domain Name Servers (“phone books”), which in a way are also like bitcoin nodes, in that have a copy of the “phone book”, and they synchronise with each other.

So, how do ports fit into this?

I lied before when I said "https://142.250.70.206", it’s actually "https://142.250.70.206:443" or "https://google.com:443", and if unencrypted, http://google.com:80

After the colon, there is 443, which is the port that is used for https communication. It’s generally omitted because it’s the default value for https. When you use http, the default value is 80. Servers can use custom values, but then visitors have to type the port as well, which is not convenient. Eg, if I served a webpage on port 420, then instead of armantheparman.com, you’d need to type armantheparman.com:420, which is harder for people to remember. If you omit 420, the browser will try 443 or 80, and there will be no response.

When you run a website, you are serving your pages to the rest of the world. You put them on a computer (your home or you hire a server), and then publish your contact information to a DNS server (“phone book”). That involves buying a domain name and then forwarding all requests to that domain name to your computer’s public IP address. Smol plug, if you need help making a website for your business and help to accept Bitcoin directly, contact me because that’s my jam.

It’s important to realise that there is a big difference between external IP addresses and internal IP addresses. Try to make sense of the image below first, and then see my explanation afterwards.

The vertical black lines in the image above just represent the division of four computers (including the router). Remember, the router is like a letterbox with a number. That number is your home’s external (public) IP address, and generally, you never see it unless you go looking for it. This number is how other computers reach you and your home network. Each of your devices that connect to the home network are assigned an internal IP address by the router, but these are not visible from outside the home network – all traffic from outside must pass through the router, and by default, gets blocked – it’s the “door bitch”, so to speak. But devices in the home network (devices that connect to the router) can all see each other and speak to each other via the internal IP addresses.

Looking at the diagram above, the Phone and Laptop might have a Bitcoin wallet, which can connect to the iMac’s electrs server to get Bitcoin balances.

On the phone or laptop, the network settings entered into the wallet would but the iMac’s internal IP address (192.168.0.42) and the Electrum server port (50002). Then traffic flows from the wallet, to router (192.168.0.1 – the router’s internal IP, not shown in the image), to iMac (192.168.42), to the electrs program (port 50002). The electrs program then sends data backwards along the same pathway to the wallet.

Once you leave home with the phone, it loses connection to the router and connects to the mobile network. From there, the phone can’t reach the iMac. It can reach the router’s external IP address (121.65.111.82), but the router won’t allow it to talk to any internal IP addresses, so it can’t reach the Mac this way. Sidenote – the IPS (Internet service provider) assigns external IPs to routers in the same way that routers assign IPs to the devices in the home.

The next natural question is, “If no traffic can come in, how come I can visit web pages from the devices in the home and get replies coming back?”

When you browse to google.com, for example, part of the data being sent includes a “reply address”, which you don’t see – it’s actually your router’s IP, and a temporary port number that the router marks as open. The response then flows back along the path it came from. It requests your home router and the temporary port. Then the router sees this and recognises the port and rewrites the request to go the the computer requesting the webpage. When the connection is finished, that particular port “mapping” is closed.

That’s a brief intro to IPs and ports, and will suffice for understanding the rest of this essay. If you found it interesting so far, I recommend further reading, Charles Severance’s “Introduction to Networking” which is excellent – a free PDF book available with the free Parmanode software.

How Bitcoin Nodes talk to each other (basics).

In my essay “A not too technical overview of this Bitcoin thing“, I explain what Bitcoin nodes are and that they communicate with each other to keep in sync. But now, I’ll go a little deeper about how they do that.

When you start Bitcoin, how does the program find the other nodes out there? Well, if you ever pay attention to the log file, it mentions DNS seeds. These are addresses hardcoded into the software, and your program reaches out to connect to these computers. Your computer then receives a list of IP addresses of other Bitcoin nodes out there.

These are external IP addresses, as I introduced earlier. The port default is 8333, but that can be changed, but generally, it isn’t.

Your computer then reaches out to such computers and says, “Hey, let’s connect”. The two computers then keep a connection and share data. Each node might have 10 or so such connections, which forms the network.

Even though you might be the one initiating the connection, once two nodes find each other and are connected, the subsequent communication is a symmetrical two-way channel, in that there is no difference between the two machines in hierarchy, nor in how they behave. If the other computer had connected to you, there’d be no difference. Put another way, initially, the two nodes have different connection properties, but afterwards, they behave the same.

The reason you can connect to another machine out there in the first place is because of how their router is configured. They would have made a rule allowing any traffic requesting port 8333 to be directed to one of its computers via an internal IP address (see step 3 in the diagram below). Their router is configured such that any traffic coming to the external IP with port 8333 gets forwarded to the private internal IP address of the computer that has the Bitcoin node.

When replying to you, you don’t need port 8333 open on your router, because the other computer isn’t INITIATING the connection; they are just replying to you, the way a webpage replies to you. They just send data back to your external IP (the router), and include the temporary port that your router assigned for the connection. Then, when the reply comes back, the router recognises it needs to send it to your bitcoin node (using an internal IP address that’s normally shielded from the outside). See reply 82.242.66.12:55321 in the picture below.

To summarise, for the setup of a two-way channel to be possible, two things are necessary:

1. The two machines must be able to find each other. The “listening computer” advertises itself as being available and opens a port. This information spreads to the DNS seeds mentioned earlier.
2. The “connecting-computer” must know which listening-computers exist (looks up DNS seed tables).

What happens if I do or don’t open a port?

If you don’t have port 8333 open, your node will continue to work just fine. In fact, most people don’t have the port open. They don’t know how or what it’s for.

But you can help the network somewhat if you do it.

With the port closed, your Bitcoin node will initiate connections to other nodes, and then will maintain a two-way channel with a list of maximum 10 or so nodes.

If you have port 8333 open, the connections themselves are identical, but you can maintain more, up to 100 or so. Here you can see after I did the ‘gcc’ otpion, it shows I have 112 connections:

You can also see details (big scrollable list) about the other nodes if you select ‘gpi’, getpeerinfo:

So far I’ve only mentioned port 8333. But Bitcoin uses port 8332 as well, which many would have come across. This is for a different purpose. 8333 is the “phone extension” for Bitcoin NODES to talk to each other. But 8332 is the RPC port (Remote Procedure Call). When your WALLET or DATABASE (eg Electrum Server) wants data from the Bitcoin node, then it connects on port 8332, not 8333.

How do I open a port?

Step 1: For the computer that has the Bitcoin node, find its internal IP address.

You can do this by opening Parmanode, and in the main menu, it will be printed there.

Another way, on Linux, is to type the command “ip a” into the terminal and look for the inet value.

ip a

It’s easier on the eye if you filter it with the word “inet”, like this:

ip a | grep inet

Another way is to look through the computer’s network connection interface (graphical) and find it. E.g., on a Mac…

Step 2: Log in to your router’s page

Every router has a different system, so I’ll show you mine, and you might have to adapt. Whatever your internal IP for the computer is, eg 192.168.0.65, replace the last set with a 1. So for me, it’s 192.168.0.1.

Put that number in the browser and voila:

Sorry, I don’t know what your password is. It would have come with your router. Next, find the section on port forwarding. This is not standardised, so you have to explore. Here’s mine…

Then, when you enter the page, it will probably be quite bare, as you’ll have no ports forwarded. Click a plus sign or some way of adding a new forwarding rule.

The important parts are the IP address of the Bitcoin node and the internal port 8333. If it gives you a field for the external port, put 8333 for that too. The name you choose doesn’t matter. If you don’t have “all” for protocol, and have to choose, choose TCP. Then make sure you click save, and you should see the forwarding rule listed.

Step 3: Test it’s working

Just go to https://bitnodes.io and enter your EXTERNAL IP in the field and port 8333. You can find your external IP address (your router’s IP) by navigating to https://ifconfig.me

Green! Success!

You can also check in Parmanode, the ‘getconnectioncount’ option, which should show many more nodes.

Thank you for helping the network 🙂

Tips:

Static Lightning Address: dandysack84@walletofsatoshi.com

Donate bitcoin
On-chain or Lightning