mirror of
https://github.com/octoleo/syncthing.git
synced 2024-11-14 01:04:14 +00:00
105 lines
3.2 KiB
Groff
105 lines
3.2 KiB
Groff
.\" Man page generated from reStructuredText.
|
||
.
|
||
.TH "SYNCTHING-NETWORKING" "7" "June 07, 2015" "v0.11" "Syncthing"
|
||
.SH NAME
|
||
syncthing-networking \- Firewall Setup
|
||
.
|
||
.nr rst2man-indent-level 0
|
||
.
|
||
.de1 rstReportMargin
|
||
\\$1 \\n[an-margin]
|
||
level \\n[rst2man-indent-level]
|
||
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||
-
|
||
\\n[rst2man-indent0]
|
||
\\n[rst2man-indent1]
|
||
\\n[rst2man-indent2]
|
||
..
|
||
.de1 INDENT
|
||
.\" .rstReportMargin pre:
|
||
. RS \\$1
|
||
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
||
. nr rst2man-indent-level +1
|
||
.\" .rstReportMargin post:
|
||
..
|
||
.de UNINDENT
|
||
. RE
|
||
.\" indent \\n[an-margin]
|
||
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||
.nr rst2man-indent-level -1
|
||
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
||
..
|
||
.SH PORT FORWARDS
|
||
.sp
|
||
If you have a NAT router which supports UPnP, the easiest way to get a working
|
||
port forward is to make sure UPnP setting is enabled on both Syncthing and the
|
||
router – Syncthing will try to handle the rest. If it succeeds you will see a
|
||
message in the console saying:
|
||
.INDENT 0.0
|
||
.INDENT 3.5
|
||
.sp
|
||
.nf
|
||
.ft C
|
||
Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
|
||
.ft P
|
||
.fi
|
||
.UNINDENT
|
||
.UNINDENT
|
||
.sp
|
||
If this is not possible or desirable you should set up a port forward for port
|
||
\fB22000/TCP\fP, or the port set in the \fISync Protocol Listen Address\fP setting.
|
||
The external forwarded port and the internal destination port has to be the same
|
||
(i.e. 22000/TCP).
|
||
.sp
|
||
Communication in Syncthing works both ways. Therefore if you set up port
|
||
forwards for one device, other devices will be able to connect to it even when
|
||
they are behind a NAT network or firewall.
|
||
.SH LOCAL FIREWALL
|
||
.sp
|
||
If your PC has a local firewall, you will need to open the following ports for
|
||
incoming traffic:
|
||
.INDENT 0.0
|
||
.IP \(bu 2
|
||
Port \fB22000/TCP\fP (or the actual listening port if you have changed
|
||
the \fISync Protocol Listen Address\fP setting.)
|
||
.IP \(bu 2
|
||
Port \fB21025/UDP\fP (for discovery broadcasts)
|
||
.UNINDENT
|
||
.SH REMOTE WEB GUI
|
||
.sp
|
||
To be able to access the web GUI from other computers, you need to change the
|
||
\fIGUI Listen Address\fP setting from the default \fB127.0.0.1:8384\fP to
|
||
\fB0.0.0.0:8384\fP\&. You also need to open the port in your local firewall if you
|
||
have one.
|
||
.SS Tunneling via SSH
|
||
.sp
|
||
If you have SSH access to the machine running Syncthing but would rather not
|
||
open the web GUI port to the outside world, you can access it through a SSH
|
||
tunnel instead. You can start a tunnel with a command like the following:
|
||
.INDENT 0.0
|
||
.INDENT 3.5
|
||
.sp
|
||
.nf
|
||
.ft C
|
||
ssh \-L 9999:localhost:8384 machine
|
||
.ft P
|
||
.fi
|
||
.UNINDENT
|
||
.UNINDENT
|
||
.sp
|
||
This will bind to your local port 9999 and forward all connections from there to
|
||
port 8384 on the target machine. This still works even if Syncthing is bound to
|
||
listen on localhost only.
|
||
.sp
|
||
You can forward multiple ports corresponding to many machines this way, but
|
||
because Syncthing uses session cookies for the entire domain (i.e. your local
|
||
machine), you will need to connect to each control panel in a separate browser
|
||
instance or explicitly issue a browser reload when switching between them.
|
||
.SH AUTHOR
|
||
The Syncthing Authors
|
||
.SH COPYRIGHT
|
||
2015, The Syncthing Authors
|
||
.\" Generated by docutils manpage writer.
|
||
.
|