Syncthing, firewall settings

Skeletonix · January 3, 2016, 5:41pm

Hello

how to setup firewall (Yast) rules properly for Syncthing?

The synchronization work when the firewall is stop, when it’s run, I get an error:

INFO: No UPnP device detected
INFO: Failed to parse connection url: tcp://[fe80::8a32:9bff:fe80:4936%eth0]:22000 parse tcp://[fe80::8a32:9bff:fe80:4936%eth0]:22000: hexadecimal escape in host

.

Syncthinkg relevant settings:

Sync protocol local adress: tcp://0.0.0.0:22000
GUI adress: 127.0.0.1:8384
Enable UPnP: on

Based on the Syncthing documentation, I’ve added two Custom rules:

Rule 1:

Source network: 0/0
Protocol: TCP
Destination port:22000
Source Port: 222000
Add. opt.:

Rule 2:

Source network: 0/0
Protocol: UDP
Destination port: 21027
Source Port: 21027
Add. opt.:

Skeletonix · January 3, 2016, 5:44pm

When the firewall is stopped the output looks like:

INFO: API listening on 127.0.0.1:8384
INFO: GUI URL is https://127.0.0.1:8384/
INFO: New UPnP port mapping: external port 7148 to local port 22000.
NFO: Failed to parse connection url: tcp://[fe80::8a32:9bff:fe80:4936%eth0]:22000 parse tcp://[fe80::8a32:9bff:fe80:4936%eth0]:22000: hexadecimal escape in host

grb01 · January 4, 2016, 3:37am

There have been several recent bugs in Syncthing that threw an error of the type you are getting. The latest was a problem with Go itself (the language ST is written in), which appears to have been overcome with Go 1.5.2+. See https://github.com/syncthing/syncthing/issues/2444
So the next ST update will hopefully fix your problem.

PS I am presuming the Source Port in your firewall Rule 1 is actually 22000, not 222000 as shown

Skeletonix · January 4, 2016, 4:54pm

Yes, it is port 22000.

It works when I turn of the firewall. How is that ralated to IPv6 addresses?

Skeletonix · January 4, 2016, 5:10pm

I’ve build the last version:

[2Z53E] 17:05:30 INFO: syncthing v0.12.11+8-g400bfe9 "Beryllium Bedbug" (go1.4.2 linux-amd64)

and the problem with IPv6 addresses is gone, but I don’t see the other devices until I turn of the firewall.

[2Z53E] 17:05:31 INFO: API listening on 127.0.0.1:8384
[2Z53E] 17:05:31 INFO: GUI URL is https://127.0.0.1:8384/
[2Z53E] 17:05:41 INFO: No UPnP device detected

I guess, that I’ve a wrong configuration of the firewall.

tsu2 · January 4, 2016, 5:16pm

The git code and build process looks pretty simple and easy.

If you need the latest stable with all fixes, I’d recommend building it yourself.
http://docs.syncthing.net/dev/building.html#building-unix

The output of the build will be a binary in the code tree, so everything looks very self-contained and isolated from the rest of your system. If you decide to disgard your builds, just delete your cloned local git repo.

If you need help setting up and running the build, just post your questions here.

As for firewall settings, you’ll just need to create a rule specifying in/out TCP port 2200 (my guess) in your YAST FW applet in whatever zone (Public/DMZ/Private) as necessary.

TSU

Skeletonix · January 4, 2016, 6:43pm

I’ve built the latest version and there is no difference. No connection when the firewall runs and it doesn’t I can connect to another devices. How can I check if the port is open?

Whith the running firewall I get:


netstat -lntu | grep 22000
tcp        0      0 :::22000                :::*                    LISTEN

tsu2 · January 4, 2016, 7:10pm

“Read the Docs”
http://docs.syncthing.net/users/firewall.html

You need to open port 21027 UDP to enable device discovery

TSU

Skeletonix · January 4, 2016, 8:00pm

I’ve added to rules:

Source network: 0/0
Protocol: TCP
Destination port:22000
Source Port: 222000
Add. opt.:

Source network: 0/0
Protocol: UDP
Destination port: 21027
Source Port: 21027
Add. opt.:

It also works, when I set the firewall zone to Internal.

Skeletonix · January 5, 2016, 11:06pm

It was port 1900. When I opened in the firewall, it works OK. Not the UPnP, but the local device discovery and it is fine for me. I don’t know how is the port 1900 related to Syncthing.