Firewall settings for harvester


I have two Windows machines.

#1 is my full node. I use it for syncing, plotting, etc.
#2 I use only for plotting.

Until now, #1 accessed #2’s plots via a network share. #1 accesses #2 via a drive letter, set up via mapping #2 as a network drive.

It works, but it is probably not ideal for performance. My guess is that setting up #2 as a harvester is probably a better configuration?

Due to #2 only plotting, I am running an old version of Chia. I am about to install version 1.2.11 on #2. This is where I have a question:

When I install 1.2.11, it is going to ask me to permit some firewall port(s) to be open.
My guess is to answer “No”? Is that correct?

Only #1 should have the port(s) open? If I answer “Yes” for #2, then I will be introducing a conflict?

Once someone confirms that #2 should not have the port(s) open, I will proceed with upgrading to Chia 1.2.11. After that, I will attempt to configure #2 to harvest for #1.

I just want to be sure that using #2 strictly for harvesting (well, plotting too) will not require those port(s) to be open?

When you install the chia gui part of the install a windows pops up and asks you to let the firewall pass this app through, just like you stated. Once complete shut down the gui and start the harvester from command line and your done.

Also once in awhile I let my harvester machine sync up by running the gui for awhile and shut it down when it got synced. (good back up data base)

1 Like

i recommend upgrading the chia version on #1 so that you have the same version on both and use #2 as a harvestern and #1 as full node.
Otherwise both nodes have to fully sync.
Additionally I read from inteferences when claiming block rewards but cannot confirm this.

And I answer “No” to that pop-up?

I agree, and I am already running 1.2.11 on machine #1 (full node).
I only let machine #2 fall behind (versions) because all it was doing was plotting. But now that I want it to harvest, I want both boxes to have 1.2.11.

You answer yes, I have a three havesters setup this way and when you look on your main main node under farm and your harvester network you will see the other hosts.

Your situation necessitates that you answer “Yes” to the firewall request, because you periodically sync your harvester) (you mentioned that in one of your replies, as a form of having a backup).

I will never be syncing machine #2. I back-up machine #1 via copying ~.chia/…/… to an external drive, whenever I reboot the box (whenever the GUI is not running).

Based on my usage case, where #2 will be doing only harvesting (and plotting), and never syncing, is there a need for the firewall to have those ports open on #2?

Or to put it another way, will #2 function normally as a harvester, if I answer “No” to the request to open the ports?

I only let the other machine 2 to sync to have another backup, then shut down the gui and start the harvester from cmd line. You can never be short on a backup system.

You should still answer ‘yes’.

Windows firewall will only open the ports if the application is running.

If you select ‘no’ there may be an impact on your harvester.

You can best see status of farm by command line ‘chia farm summary’ from your full node. This will show which harvesters are connected to your full node, and gives an output like this;

26/02/2022 13:50:32.60 
Farming status: Farming
Total chia farmed: Lots..
User transaction fees: Some..
Block rewards: Lots..
Last height farmed: 1495395
Remote Harvester for IP:
   520 plots of size: 51.473 TiB
Remote Harvester for IP:
   0 plots of size: 0.000 MiB
Remote Harvester for IP:
   296 plots of size: 29.296 TiB
Remote Harvester for IP:
   17 plots of size: 1.683 TiB
Remote Harvester for IP:
   295 plots of size: 29.197 TiB
Remote Harvester for IP:
   215 plots of size: 21.281 TiB
Remote Harvester for IP:
   597 plots of size: 59.093 TiB
Remote Harvester for IP: <Public IP of my remote full node/harvester>
   258 plots of size: 25.536 TiB
Remote Harvester for IP:
   555 plots of size: 54.931 TiB
Remote Harvester for IP:
   391 plots of size: 38.699 TiB
Remote Harvester for IP:
   368 plots of size: 36.425 TiB
Remote Harvester for IP:
   403 plots of size: 39.892 TiB
Remote Harvester for IP:
   398 plots of size: 39.396 TiB
Plot count for all harvesters: 4313
Total size of plots: 426.902 TiB
Estimated network space: 30.327 EiB
Expected time to win: 2 weeks and 2 days

1 Like

lol you sure have some setup! how many drives is that per machine!? Are those raspies or what? :smiley:

Not sure on drive numbers, haven’t actually counted. But a mixture of SATA, USB and SAS across various systems with Windows or FreeBSD. some are NetApp disk shelves.

I am adding disks evenly and proportionally across all systems with a view to reach 1 PB and beyond. Each system is already mining Ethereum, Toncoin and Raptoreum already anyway so they are always on. Chia is merely a side hustle… :grinning_face_with_smiling_eyes:

1 Like

When your two machines are on the same subnet (e.g. 192.168.x.y and 192.168.x.z) most firewalls won’t inferere with IP traffic between them.
If your’s do it will almost certain only act up on the full node machine#1, when the harvester wants to connect to the farmer running there on port 8447.
So in case your harvester reports it can’t connect to the farmer you’d have to setup the machine#1 firewall to allow for port 8447 inbound connnections.

Further setting up the harvester on machine#2 is pretty simple.

copy the …/mainnet/config/ssl/ca folder to a <temp_directory> on machine#2

on machine#2 then (in powershell/cli)
-chia init -c <temp_directory>
-edit config.yaml harvester section and change farmer_peer from localhost to the ip of machine#1

  # The harvester server (if run) will run on this port
  port: 8448
    host: #your machine#1 ip here!!!
    port: 8447

Still in config.yaml harvester section add the directories where your plots are:

  # Plots are searched for in the following directories
  plot_directories: [/mnt/chiafarm/plots1, /mnt/chiafarm/plots2, /mnt/chiafarm/plots3, /mnt/chiafarm/plots4, /mnt/chiafarm/plots5]

mine are linux folders but just use your windows disk/directory naming convention.

-chia start harvester -r


Thats what I did many months ago…

This is the only way I can see my remote harvesters now. They used to show up in my Advanced settings in the GUI? Wonder if it’s a 1.3 issue. Troubleshooting now. Used to see a status on my harvesters CLI, plot count, but no more?

If your harvesters were working before and showed up

After the upgrade they are still there.

I also upgraded the harvesters, so far every bodys happy :crossed_fingers:

I would recomend Windows only for plotting via Powershell.
For Full Node and Farmer and Harvester go with ubuntu or other distro.

Why would you think that?