d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4f85e0bf0e59e78511998aefc5d2076ed13b0a14
proxmox/docs/11-references/76.53.10.34_CONNECTION_EXPLANATION.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.4 KiB
Raw Blame History

76.53.10.34:8545 Connection Refused - Explanation

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-04
Issue: Connection to 76.53.10.34:8545 is being refused
Status: EXPECTED BEHAVIOR (This is not an error)

Note: ER605 was replaced by the UDM Pro; UDM Pro edge IP is 76.53.10.34. Port forwarding: 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has 192.168.11.166 and .167; only .167 is used in UDM Pro.

🔍 Why Connection is Refused

IP Address Identity

76.53.10.34 is the ER605 router's WAN IP address, not an RPC service endpoint.

  • Device: TP-Link ER605 v2.20 (er605-1)
  • Role: Primary Edge Router (WAN interface)
  • Network: Public WAN IP (Block #1: 76.53.10.32/28)
  • Gateway: 76.53.10.33

Why Port 8545 is Not Available

  1. Router Functionality: Routers forward traffic, they don't host services on port 8545
  2. No RPC Service: The ER605 router does not run a blockchain RPC service
  3. Port Not Forwarded: Even if an RPC service existed internally, port 8545 is not forwarded from the router's WAN interface to any internal service

Correct RPC Endpoints

Internal Network RPC Endpoints

These are accessible from within the internal network (192.168.11.0/24):

VMID IP Address Port Service Purpose
2500 192.168.11.250 8545 Besu HTTP RPC Primary RPC node
2500 192.168.11.250 8546 Besu WebSocket RPC Primary RPC node (WS)
2501 192.168.11.251 8545 Besu HTTP RPC Permissioned RPC node
2502 192.168.11.252 8545 Besu HTTP RPC Public RPC node

Example Internal Access:

# From internal network
curl -X POST http://192.168.11.250:8545 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Public RPC Endpoints

These are accessible from the public internet via Cloudflare:

Domain Type Authentication Routing
https://rpc-http-pub.d-bis.org HTTP RPC No Auth Cloudflare → Tunnel → VMID 2502
https://rpc-ws-pub.d-bis.org WebSocket RPC No Auth Cloudflare → Tunnel → VMID 2502
https://rpc-http-prv.d-bis.org HTTP RPC JWT Required Cloudflare → Tunnel → VMID 2501
https://rpc-ws-prv.d-bis.org WebSocket RPC JWT Required Cloudflare → Tunnel → VMID 2501

Example Public Access:

# Public endpoint (no authentication)
curl -X POST https://rpc-http-pub.d-bis.org \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

🌐 Network Architecture

Request Flow for Public RPC Access

Internet Client
    ↓
Cloudflare DNS (rpc-http-pub.d-bis.org)
    ↓
Cloudflare Edge (SSL Termination, DDoS Protection)
    ↓
Cloudflared Tunnel (VMID 102: 192.168.11.9)
    ↓
Nginx Proxy (VMID 2502: 192.168.11.252:443)
    ↓
Besu RPC Service (VMID 2502: 192.168.11.252:8545)

Important: Traffic does NOT go through the router's WAN IP (76.53.10.34) for RPC services. It goes through Cloudflare Tunnel, which bypasses the router's WAN interface.

Why Router WAN IP is Not Used

  1. Cloudflare Tunnel: Public services use Cloudflare Tunnel (VMID 102) which creates an encrypted connection directly from Cloudflare to internal services
  2. No Port Forwarding Needed: Tunnel bypasses the need for port forwarding on the router
  3. Security: Tunnel provides better security than exposing ports directly on the router's WAN interface
  4. DDoS Protection: Cloudflare provides DDoS protection before traffic reaches internal network

🔧 If You Need to Access RPC from External Network

Option 1: Use Public Endpoints (Recommended)

Use the public domain names that route through Cloudflare:

# Public RPC (no authentication)
curl -X POST https://rpc-http-pub.d-bis.org \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Response:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": "0x8a"
}

Option 2: Connect to Internal Network First

If you're on the internal network (192.168.11.0/24), use internal IPs:

curl -X POST http://192.168.11.250:8545 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Option 3: VPN Access (If Available)

If VPN access is configured, connect to VPN first, then use internal IPs.

📋 Summary

Item Value
76.53.10.34 ER605 Router WAN IP (not an RPC service)
Connection Refused Expected (router doesn't host RPC service)
Internal RPC 192.168.11.250:8545 (and other RPC nodes)
Public RPC https://rpc-http-pub.d-bis.org (via Cloudflare)
Router Role Network routing only, not service hosting

Conclusion

The connection refusal is expected and correct behavior.

  • 76.53.10.34 is a router, not an RPC service
  • Use internal IPs for internal access: 192.168.11.250:8545
  • Use public domains for external access: https://rpc-http-pub.d-bis.org
  • Router WAN IP is not used for RPC service routing

Last Updated: 2026-01-04
Status: EXPECTED BEHAVIOR - NOT AN ERROR

Reference in New Issue View Git Blame Copy Permalink