Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
Apq
/
syncthing
kopia lustrzana https://github.com/syncthing/syncthing.git
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: ff84f075d5
Gałęzie Tagi
syncthing
/
man
/
syncthing-networking.7

syncthing-networking.7 4.5 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. .\" Man page generated from reStructuredText.
    2. 

  2. .
    3. 

  3. .TH "SYNCTHING-NETWORKING" "7" "Aug 04, 2020" "v1" "Syncthing"
    4. 

  4. .SH NAME
    5. 

  5. syncthing-networking \- Firewall Setup
    6. 

  6. .
    7. 

  7. .nr rst2man-indent-level 0
    8. 

  8. .
    9. 

  9. .de1 rstReportMargin
    10. 

  10. \\$1 \\n[an-margin]
    11. 

  11. level \\n[rst2man-indent-level]
    12. 

  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
    13. 

  13. -
    14. 

  14. \\n[rst2man-indent0]
    15. 

  15. \\n[rst2man-indent1]
    16. 

  16. \\n[rst2man-indent2]
    17. 

  17. ..
    18. 

  18. .de1 INDENT
    19. 

  19. .\" .rstReportMargin pre:
    20. 

  20. . RS \\$1
    21. 

  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
    22. 

  22. . nr rst2man-indent-level +1
    23. 

  23. .\" .rstReportMargin post:
    24. 

  24. ..
    25. 

  25. .de UNINDENT
    26. 

  26. . RE
    27. 

  27. .\" indent \\n[an-margin]
    28. 

  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
    29. 

  29. .nr rst2man-indent-level -1
    30. 

  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
    31. 

  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
    32. 

  32. ..
    33. 

  33. .SH PORT FORWARDS
    34. 

  34. .sp
    35. 

  35. If you have a NAT router which supports UPnP, the easiest way to get a working
    36. 

  36. port forward is to make sure UPnP setting is enabled on both Syncthing and the
    37. 

  37. router – Syncthing will try to handle the rest. If it succeeds you will see a
    38. 

  38. message in the console saying:
    39. 

  39. .INDENT 0.0
    40. 

  40. .INDENT 3.5
    41. 

  41. .sp
    42. 

  42. .nf
    43. 

  43. .ft C
    44. 

  44. Created UPnP port mapping for external port XXXXX on UPnP device YYYYY.
    45. 

  45. .ft P
    46. 

  46. .fi
    47. 

  47. .UNINDENT
    48. 

  48. .UNINDENT
    49. 

  49. .sp
    50. 

  50. If this is not possible or desirable you should set up a port forward for port
    51. 

  51. \fB22000/TCP\fP, or the port set in the \fISync Protocol Listen Address\fP setting.
    52. 

  52. The external forwarded port and the internal destination port has to be the same
    53. 

  53. (i.e. 22000/TCP).
    54. 

  54. .sp
    55. 

  55. Communication in Syncthing works both ways. Therefore if you set up port
    56. 

  56. forwards for one device, other devices will be able to connect to it even when
    57. 

  57. they are behind a NAT network or firewall.
    58. 

  58. .sp
    59. 

  59. In the absence of port forwarding, relaying may work well enough to get
    60. 

  60. devices connected and synced, but will perform poorly in comparison to a
    61. 

  61. direct connection.
    62. 

  62. .SH LOCAL FIREWALL
    63. 

  63. .sp
    64. 

  64. If your PC has a local firewall, you will need to open the following ports for
    65. 

  65. incoming and outgoing traffic:
    66. 

  66. .INDENT 0.0
    67. 

  67. .IP \(bu 2
    68. 

  68. Port \fB22000/TCP\fP (or the actual listening port if you have changed
    69. 

  69. the \fISync Protocol Listen Address\fP setting.)
    70. 

  70. .IP \(bu 2
    71. 

  71. Port \fB21027/UDP\fP (for discovery broadcasts on IPv4 and multicasts on IPv6)
    72. 

  72. .UNINDENT
    73. 

  73. .SS Uncomplicated Firewall (ufw)
    74. 

  74. .sp
    75. 

  75. If you’re using \fBufw\fP on Linux and have installed the \fI\%Syncthing package\fP <\fBhttps://apt.syncthing.net/\fP>, you can allow the necessary ports by running:
    76. 

  76. .INDENT 0.0
    77. 

  77. .INDENT 3.5
    78. 

  78. .sp
    79. 

  79. .nf
    80. 

  80. .ft C
    81. 

  81. sudo ufw allow syncthing
    82. 

  82. .ft P
    83. 

  83. .fi
    84. 

  84. .UNINDENT
    85. 

  85. .UNINDENT
    86. 

  86. .sp
    87. 

  87. If you also want to allow external access to the Syncthing web GUI, run:
    88. 

  88. .INDENT 0.0
    89. 

  89. .INDENT 3.5
    90. 

  90. .sp
    91. 

  91. .nf
    92. 

  92. .ft C
    93. 

  93. sudo ufw allow syncthing\-gui
    94. 

  94. .ft P
    95. 

  95. .fi
    96. 

  96. .UNINDENT
    97. 

  97. .UNINDENT
    98. 

  98. .sp
    99. 

  99. Allowing external access is \fBnot\fP  necessary for a typical installation.
    100. 

  100. .sp
    101. 

  101. You can then verify that the ports mentioned above are allowed:
    102. 

  102. .INDENT 0.0
    103. 

  103. .INDENT 3.5
    104. 

  104. .sp
    105. 

  105. .nf
    106. 

  106. .ft C
    107. 

  107. sudo ufw status verbose
    108. 

  108. .ft P
    109. 

  109. .fi
    110. 

  110. .UNINDENT
    111. 

  111. .UNINDENT
    112. 

  112. .sp
    113. 

  113. In case you installed Syncthing manually you can follow the \fI\%instructions to manually add the syncthing preset\fP <\fBhttps://github.com/syncthing/syncthing/tree/main/etc/firewall-ufw\fP> to ufw.
    114. 

  114. .SS Firewalld
    115. 

  115. .sp
    116. 

  116. If you are using [Firewalld](\fI\%https://www.firewalld.org\fP) it has included
    117. 

  117. support for syncthing (since version 0.5.0, January 2018), and you can enable
    118. 

  118. it with
    119. 

  119. .INDENT 0.0
    120. 

  120. .INDENT 3.5
    121. 

  121. sudo firewall\-cmd –zone=public –add\-service=syncthing –permanent
    122. 

  122. sudo firewall\-cmd –reload
    123. 

  123. .UNINDENT
    124. 

  124. .UNINDENT
    125. 

  125. .sp
    126. 

  126. Similarly there is also a syncthing\-gui service.
    127. 

  127. .SH REMOTE WEB GUI
    128. 

  128. .sp
    129. 

  129. To be able to access the web GUI from other computers, you need to change the
    130. 

  130. \fIGUI Listen Address\fP setting from the default \fB127.0.0.1:8384\fP to
    131. 

  131. \fB0.0.0.0:8384\fP\&. You also need to open the port in your local firewall if you
    132. 

  132. have one.
    133. 

  133. .SS Tunneling via SSH
    134. 

  134. .sp
    135. 

  135. If you have SSH access to the machine running Syncthing but would rather not
    136. 

  136. open the web GUI port to the outside world, you can access it through a SSH
    137. 

  137. tunnel instead. You can start a tunnel with a command like the following:
    138. 

  138. .INDENT 0.0
    139. 

  139. .INDENT 3.5
    140. 

  140. .sp
    141. 

  141. .nf
    142. 

  142. .ft C
    143. 

  143. ssh \-L 9999:localhost:8384 machine
    144. 

  144. .ft P
    145. 

  145. .fi
    146. 

  146. .UNINDENT
    147. 

  147. .UNINDENT
    148. 

  148. .sp
    149. 

  149. This will bind to your local port 9999 and forward all connections from there to
    150. 

  150. port 8384 on the target machine. This still works even if Syncthing is bound to
    151. 

  151. listen on localhost only.
    152. 

  152. .SH VIA A PROXY
    153. 

  153. .sp
    154. 

  154. Syncthing can use a SOCKS5 proxy for outbound connections. Please see proxying\&.
    155. 

  155. .SH AUTHOR
    156. 

  156. The Syncthing Authors
    157. 

  157. .SH COPYRIGHT
    158. 

  158. 2014-2019, The Syncthing Authors
    159. 

  159. .\" Generated by docutils manpage writer.
    160. 

  160. .
    161.