1SYNCTHING-NETWORKING(7)            Syncthing           SYNCTHING-NETWORKING(7)
2
3
4

NAME

6       syncthing-networking - Firewall Setup
7

PORT FORWARDS

9       If  you have a NAT router which supports UPnP, the easiest way to get a
10       working port forward is to make sure UPnP setting is  enabled  on  both
11       Syncthing and the router – Syncthing will try to handle the rest. If it
12       succeeds you will see a message in the console saying:
13
14          Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
15
16       If this is not possible or desirable you should set up a  port  forward
17       for port 22000/TCP, or the port set in the Sync Protocol Listen Address
18       setting.  The external forwarded port and the internal destination port
19       has to be the same (i.e. 22000/TCP).
20
21       Communication  in  Syncthing  works  both ways. Therefore if you set up
22       port forwards for one device, other devices will be able to connect  to
23       it even when they are behind a NAT network or firewall.
24
25       In the absence of port forwarding, relaying may work well enough to get
26       devices connected and synced, but will perform poorly in comparison  to
27       a direct connection.
28

LOCAL FIREWALL

30       If  your  PC  has a local firewall, you will need to open the following
31       ports for incoming and outgoing traffic:
32
33       · Port 22000/TCP (or the actual listening port if you have changed  the
34         Sync Protocol Listen Address setting.)
35
36       · Port  21027/UDP  (for  discovery broadcasts on IPv4 and multicasts on
37         IPv6)
38
39   Uncomplicated Firewall (ufw)
40       If you’re using ufw on Linux and have installed the  Syncthing  package
41       <https://apt.syncthing.net/>, you can allow the necessary ports by run‐
42       ning:
43
44          sudo ufw allow syncthing
45
46       If you also want to allow external access to  the  Syncthing  web  GUI,
47       run:
48
49          sudo ufw allow syncthing-gui
50
51       Allowing external access is not  necessary for a typical installation.
52
53       You can then verify that the ports mentioned above are allowed:
54
55          sudo ufw status verbose
56
57       In   case   you   installed  Syncthing  manually  you  can  follow  the
58       instructions    to    manually     add     the     syncthing     preset
59       <https://github.com/syncthing/syncthing/tree/master/etc/firewall-ufw>
60       to ufw.
61

REMOTE WEB GUI

63       To be able to access the web GUI from  other  computers,  you  need  to
64       change  the  GUI Listen Address setting from the default 127.0.0.1:8384
65       to 0.0.0.0:8384. You also need to open the port in your local  firewall
66       if you have one.
67
68   Tunneling via SSH
69       If  you  have  SSH  access  to  the machine running Syncthing but would
70       rather not open the web GUI port to the outside world, you  can  access
71       it  through a SSH tunnel instead. You can start a tunnel with a command
72       like the following:
73
74          ssh -L 9999:localhost:8384 machine
75
76       This will bind to your local port 9999 and forward all connections from
77       there  to  port  8384  on  the target machine. This still works even if
78       Syncthing is bound to listen on localhost only.
79

VIA A PROXY

81       Syncthing can use a SOCKS5 proxy for outbound connections.  Please  see
82       proxying.
83

AUTHOR

85       The Syncthing Authors
86
88       2014-2019, The Syncthing Authors
89
90
91
92
93v1                               Jun 11, 2019          SYNCTHING-NETWORKING(7)
Impressum