2015-05-30 13:05:37 +02:00
|
|
|
|
.\" Man page generated from reStructuredText.
|
|
|
|
|
.
|
2016-04-01 07:33:42 +00:00
|
|
|
|
.TH "SYNCTHING-NETWORKING" "7" "March 30, 2016" "v0.12" "Syncthing"
|
2015-05-30 13:05:37 +02:00
|
|
|
|
.SH NAME
|
|
|
|
|
syncthing-networking \- Firewall Setup
|
|
|
|
|
.
|
|
|
|
|
.nr rst2man-indent-level 0
|
|
|
|
|
.
|
|
|
|
|
.de1 rstReportMargin
|
|
|
|
|
\\$1 \\n[an-margin]
|
|
|
|
|
level \\n[rst2man-indent-level]
|
|
|
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
|
-
|
|
|
|
|
\\n[rst2man-indent0]
|
|
|
|
|
\\n[rst2man-indent1]
|
|
|
|
|
\\n[rst2man-indent2]
|
|
|
|
|
..
|
|
|
|
|
.de1 INDENT
|
|
|
|
|
.\" .rstReportMargin pre:
|
|
|
|
|
. RS \\$1
|
|
|
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
|
|
|
. nr rst2man-indent-level +1
|
|
|
|
|
.\" .rstReportMargin post:
|
|
|
|
|
..
|
|
|
|
|
.de UNINDENT
|
|
|
|
|
. RE
|
|
|
|
|
.\" indent \\n[an-margin]
|
|
|
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
|
.nr rst2man-indent-level -1
|
|
|
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
|
|
|
..
|
|
|
|
|
.SH PORT FORWARDS
|
|
|
|
|
.sp
|
|
|
|
|
If you have a NAT router which supports UPnP, the easiest way to get a working
|
|
|
|
|
port forward is to make sure UPnP setting is enabled on both Syncthing and the
|
|
|
|
|
router – Syncthing will try to handle the rest. If it succeeds you will see a
|
|
|
|
|
message in the console saying:
|
|
|
|
|
.INDENT 0.0
|
|
|
|
|
.INDENT 3.5
|
|
|
|
|
.sp
|
|
|
|
|
.nf
|
|
|
|
|
.ft C
|
|
|
|
|
Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
|
|
|
|
|
.ft P
|
|
|
|
|
.fi
|
|
|
|
|
.UNINDENT
|
|
|
|
|
.UNINDENT
|
|
|
|
|
.sp
|
|
|
|
|
If this is not possible or desirable you should set up a port forward for port
|
|
|
|
|
\fB22000/TCP\fP, or the port set in the \fISync Protocol Listen Address\fP setting.
|
|
|
|
|
The external forwarded port and the internal destination port has to be the same
|
|
|
|
|
(i.e. 22000/TCP).
|
|
|
|
|
.sp
|
|
|
|
|
Communication in Syncthing works both ways. Therefore if you set up port
|
|
|
|
|
forwards for one device, other devices will be able to connect to it even when
|
|
|
|
|
they are behind a NAT network or firewall.
|
2015-11-05 15:47:06 +00:00
|
|
|
|
.sp
|
|
|
|
|
In the absence of port forwarding, relaying may work well enough to get
|
|
|
|
|
devices connected and synced, but will perform poorly in comparison to a
|
|
|
|
|
direct connection.
|
2015-05-30 13:05:37 +02:00
|
|
|
|
.SH LOCAL FIREWALL
|
|
|
|
|
.sp
|
|
|
|
|
If your PC has a local firewall, you will need to open the following ports for
|
2015-11-05 15:47:06 +00:00
|
|
|
|
incoming and outgoing traffic:
|
2015-05-30 13:05:37 +02:00
|
|
|
|
.INDENT 0.0
|
|
|
|
|
.IP \(bu 2
|
|
|
|
|
Port \fB22000/TCP\fP (or the actual listening port if you have changed
|
|
|
|
|
the \fISync Protocol Listen Address\fP setting.)
|
|
|
|
|
.IP \(bu 2
|
2015-11-05 15:47:06 +00:00
|
|
|
|
Port \fB21027/UDP\fP (for discovery broadcasts on IPv4 and multicasts on IPv6)
|
2015-05-30 13:05:37 +02:00
|
|
|
|
.UNINDENT
|
|
|
|
|
.SH REMOTE WEB GUI
|
|
|
|
|
.sp
|
|
|
|
|
To be able to access the web GUI from other computers, you need to change the
|
|
|
|
|
\fIGUI Listen Address\fP setting from the default \fB127.0.0.1:8384\fP to
|
|
|
|
|
\fB0.0.0.0:8384\fP\&. You also need to open the port in your local firewall if you
|
|
|
|
|
have one.
|
|
|
|
|
.SS Tunneling via SSH
|
|
|
|
|
.sp
|
|
|
|
|
If you have SSH access to the machine running Syncthing but would rather not
|
|
|
|
|
open the web GUI port to the outside world, you can access it through a SSH
|
|
|
|
|
tunnel instead. You can start a tunnel with a command like the following:
|
|
|
|
|
.INDENT 0.0
|
|
|
|
|
.INDENT 3.5
|
|
|
|
|
.sp
|
|
|
|
|
.nf
|
|
|
|
|
.ft C
|
|
|
|
|
ssh \-L 9999:localhost:8384 machine
|
|
|
|
|
.ft P
|
|
|
|
|
.fi
|
|
|
|
|
.UNINDENT
|
|
|
|
|
.UNINDENT
|
|
|
|
|
.sp
|
|
|
|
|
This will bind to your local port 9999 and forward all connections from there to
|
|
|
|
|
port 8384 on the target machine. This still works even if Syncthing is bound to
|
|
|
|
|
listen on localhost only.
|
|
|
|
|
.SH AUTHOR
|
|
|
|
|
The Syncthing Authors
|
|
|
|
|
.SH COPYRIGHT
|
|
|
|
|
2015, The Syncthing Authors
|
|
|
|
|
.\" Generated by docutils manpage writer.
|
|
|
|
|
.
|