Geth limited to 16 peers if netrestrict is used

[okorolov]

System information

Geth version: 1.10.26 CL client & version: Prysm 3.2.0 OS & Version: Ubuntu 20.04

Expected behaviour

Node is discoverable by remote peers from the defined networks in netrestrict configuration.

Actual behaviour

The connected peer count is eventually locked to 16 (if maxpeers=50) or 32-33 (if maxpeers=100).

Steps to reproduce the behaviour

Restrict some public subnets with live nodes and wait until peers start connecting

When submitting logs: please submit them as text and not screenshots.

Additional information

I'm trying to limit Geth communication with some big public subnets (mostly cloud providers). With this scenario, my node is struggling to add more peers and will be eventually locked to 16/33 peers depending on the maxpeers configuration. Based on https://github.com/ethereum/go-ethereum/issues/19864 it seems that remote peers are not able to find my node. The configuration from my side should be correct. I am using nat extip configuration (Running on EC2 instance with Elastic IP attached). A similar configuration on Prysm works as expected.

The confusing part here is that the Prysm client with a similar configuration quickly finds peers and I'm able to see that part of those are "inbound" which means that external peers were able to detect the node and perform the connection.