1SYNCTHING-NETWORKING(7)            Syncthing           SYNCTHING-NETWORKING(7)
2
3
4

NAME

6       syncthing-networking - Firewall Setup
7

PORT FORWARDS

9       If  you have a NAT router which supports UPnP, the easiest way to get a
10       working port forward is to make sure UPnP setting is  enabled  on  both
11       Syncthing and the router – Syncthing will try to handle the rest. If it
12       succeeds you will see a message in the console saying:
13
14          Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
15
16       If this is not possible or desirable you should set up a  port  forward
17       for port 22000/TCP, or the port set in the Sync Protocol Listen Address
18       setting.  The external forwarded port and the internal destination port
19       has to be the same (i.e. 22000/TCP).
20
21       Communication  in  Syncthing  works  both ways. Therefore if you set up
22       port forwards for one device, other devices will be able to connect  to
23       it even when they are behind a NAT network or firewall.
24
25       In the absence of port forwarding, relaying may work well enough to get
26       devices connected and synced, but will perform poorly in comparison  to
27       a direct connection.
28

LOCAL FIREWALL

30       If  your  PC  has a local firewall, you will need to open the following
31       ports for incoming and outgoing traffic:
32
33       · Port 22000/TCP (or the actual listening port if you have changed  the
34         Sync Protocol Listen Address setting.)
35
36       · Port  21027/UDP  (for  discovery broadcasts on IPv4 and multicasts on
37         IPv6)
38
39   Uncomplicated Firewall (ufw)
40       If you’re using ufw on Linux and have installed the  Syncthing  package
41       <https://apt.syncthing.net/>, you can allow the necessary ports by run‐
42       ning:
43
44          sudo ufw allow syncthing
45
46       If you also want to allow external access to  the  Syncthing  web  GUI,
47       run:
48
49          sudo ufw allow syncthing-gui
50
51       Allowing external access is not  necessary for a typical installation.
52
53       You can then verify that the ports mentioned above are allowed:
54
55          sudo ufw status verbose
56
57       In   case   you   installed  Syncthing  manually  you  can  follow  the
58       instructions    to    manually     add     the     syncthing     preset
59       <https://github.com/syncthing/syncthing/tree/master/etc/firewall-ufw>
60       to ufw.
61
62   Firewalld
63       If you are using [Firewalld](https://www.firewalld.org) it has included
64       support  for syncthing (since version 0.5.0, January 2018), and you can
65       enable it with
66          sudo  firewall-cmd  –zone=public  –add-service=syncthing  –permanent
67          sudo firewall-cmd –reload
68
69       Similarly there is also a syncthing-gui service.
70

REMOTE WEB GUI

72       To  be  able  to  access  the web GUI from other computers, you need to
73       change the GUI Listen Address setting from the  default  127.0.0.1:8384
74       to  0.0.0.0:8384. You also need to open the port in your local firewall
75       if you have one.
76
77   Tunneling via SSH
78       If you have SSH access to  the  machine  running  Syncthing  but  would
79       rather  not  open the web GUI port to the outside world, you can access
80       it through a SSH tunnel instead. You can start a tunnel with a  command
81       like the following:
82
83          ssh -L 9999:localhost:8384 machine
84
85       This will bind to your local port 9999 and forward all connections from
86       there to port 8384 on the target machine.  This  still  works  even  if
87       Syncthing is bound to listen on localhost only.
88

VIA A PROXY

90       Syncthing  can  use a SOCKS5 proxy for outbound connections. Please see
91       proxying.
92

AUTHOR

94       The Syncthing Authors
95
97       2014-2019, The Syncthing Authors
98
99
100
101
102v1                               Mar 17, 2020          SYNCTHING-NETWORKING(7)
Impressum