1SYNCTHING-NETWORKING(7) Syncthing SYNCTHING-NETWORKING(7)
2
3
4
6 syncthing-networking - Firewall Setup
7
9 If you have a NAT router which supports UPnP, the easiest way to get a
10 working port forward is to make sure UPnP setting is enabled on both
11 Syncthing and the router – Syncthing will try to handle the rest. If it
12 succeeds you will see a message in the console saying:
13
14 Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
15
16 If this is not possible or desirable you should set up a port forward
17 for port 22000/TCP, or the port set in the Sync Protocol Listen Address
18 setting. The external forwarded port and the internal destination port
19 has to be the same (i.e. 22000/TCP).
20
21 Communication in Syncthing works both ways. Therefore if you set up
22 port forwards for one device, other devices will be able to connect to
23 it even when they are behind a NAT network or firewall.
24
25 In the absence of port forwarding, relaying may work well enough to get
26 devices connected and synced, but will perform poorly in comparison to
27 a direct connection.
28
30 If your PC has a local firewall, you will need to open the following
31 ports for incoming and outgoing traffic:
32
33 · Port 22000/TCP (or the actual listening port if you have changed the
34 Sync Protocol Listen Address setting.)
35
36 · Port 21027/UDP (for discovery broadcasts on IPv4 and multicasts on
37 IPv6)
38
39 Uncomplicated Firewall (ufw)
40 If you’re using ufw on Linux and have installed the Syncthing package
41 <https://apt.syncthing.net/>, you can allow the necessary ports by run‐
42 ning:
43
44 sudo ufw allow syncthing
45
46 If you also want to allow external access to the Syncthing web GUI,
47 run:
48
49 sudo ufw allow syncthing-gui
50
51 Allowing external access is not necessary for a typical installation.
52
53 You can then verify that the ports mentioned above are allowed:
54
55 sudo ufw status verbose
56
57 In case you installed Syncthing manually you can follow the
58 instructions to manually add the syncthing preset
59 <https://github.com/syncthing/syncthing/tree/master/etc/firewall-ufw>
60 to ufw.
61
63 To be able to access the web GUI from other computers, you need to
64 change the GUI Listen Address setting from the default 127.0.0.1:8384
65 to 0.0.0.0:8384. You also need to open the port in your local firewall
66 if you have one.
67
68 Tunneling via SSH
69 If you have SSH access to the machine running Syncthing but would
70 rather not open the web GUI port to the outside world, you can access
71 it through a SSH tunnel instead. You can start a tunnel with a command
72 like the following:
73
74 ssh -L 9999:localhost:8384 machine
75
76 This will bind to your local port 9999 and forward all connections from
77 there to port 8384 on the target machine. This still works even if
78 Syncthing is bound to listen on localhost only.
79
81 Syncthing can use a SOCKS5 proxy for outbound connections. Please see
82 proxying.
83
85 The Syncthing Authors
86
88 2014-2019, The Syncthing Authors
89
90
91
92
93v1 Apr 13, 2019 SYNCTHING-NETWORKING(7)