/etc/i2pd/i2pd.conf contains number of listening ports configuration (actually 10 or more when you look for “port”). Which ones should I open in firewall so other people can connect my node? Excluding ones that are meant for management of my node. I manage the node only locally.
So far I have only open/forwarded one port, one that is set a few lines below the line “## Port to listen for connections” that certainly allows relaying traffic for other I2P peers per the http://127.0.0.1:7070/ traffic stats.
Services HTTP Proxy Enabled
SOCKS Proxy Enabled
BOB Disabled
SAM Enabled
I2CP Enabled
I2PControl Disabled
There is no requirement forward any ports
“Set a port and forward it to your i2pd instance in your router or (if available) use UPnP” https://github.com/PurpleI2P/i2pd/issues/1694 “If a static IP address is available, you need to either forward the port on your router or enable UPnP on it. i2pd supports UPnP and can open the port when the program starts.” https://github.com/PurpleI2P/i2pd/issues/1650 (machine translated, member of a PurpleI2P)
If UPnP is enabled on router and he is firewalled (I2P reports that), then IMO he should try forwarding that port traffic on the router to his LAN IP. But I have not and seen no proof that would show if firewalled and non firewalled makes any difference in I2P. In bittorrent it makes significant difference, it allows peers behind NAT to interconnect and bittorrent is using at least one technique to workaround peer connections behind NAT (but can still fail to establish connections between two passive/firewalled peers).
Port forwarding does help. The problem is that you have forward the right ports. If you don’t don’t know what you are doing it is easy to accidentally forward the management interface which is a major security risk.
Honesty port forwarding is only really needed because of NAT. If you can get native IPv6 is way better