I need some quick assistance.
I have 2 servers i’m trying to sync up. They work in relay mode, but I can’t seem to get them to see each other locally.
The servers are in a VPC on AWS and are using local addresses. I’ve opened the required ports but it’s as if there is a firewall in the way (0 NAT devices found)- they just don’t see an open port for that address… They work if I turn on Relay mode, but this is highly secure data we don’t want going off onto the internet.
Here’s the settings I have:
Port 8509 is open as is 22000, as is 21025 and 21027. I don’t know what else to try.
Have you entered the addresses statically or are they dynamic?
Also, the data is encrypted end to end. I would be surprised if the relayed connection was any less secure than AWS.
Hi @kluppy - Thanks so much for responding…
I tried both manually and dynamic - it won’t connect to the relay if I use manual, but otherwise the behavior is identical.
I know the data is encrypted end-to-end, but our IT group has policies I can’t violate - no data is allowed to leave this VPC except on an approved path.
Are those server Linux?
If so, check if is not related to SELINUX.
I cannot see your image, but I guess 8509 is the GUI port and 22000 the actual port for syncing. The port 21025 is not used anymore as far as I know. It was previously used for local discovery, but now that’s 21027.
You should first make sure that the two servers can connect when using the actual IP address instead of “dynamic” for the other device. Did you change the listen address or are you using the default value? Did you check with nmap or another port scanner that your configured listen port (22000) is really open?
I can hit the server on any of the open ports (actually 8509 is what I wanted to use for the syncing, but I opened 22000 as well just in case something was broken with the port changing) from the internet so the port is definitely open… that’s the irony here - I can sync with a server outside the VPC - it’s only when both servers are inside that it’s not working.
Only one side needs an open port for a direct connection to work. If the sync port of your server outside your network is accessible, it will work. So that’s no proof that your VPC servers are correctly configured.
You should see the port that syncthing listens on in its output messages. Somewhere at the top.
Did you check from the other server or from the outside?
If you’ve changed the port and local discovery won’t work (which it probably doesn’t inside AWS), you need to set that in the address you specify for the other device as well, i.e.,
tcp://192.0.2.34:8509. As long as that IP is reachable, and the port is open in the firewall(s), you shouldn’t need any discovery (I presume the servers have static IP) or relays.
Don’t forget that you may have both an AWS provided firewall and a local one on the box, depending on how it’s set up.
Doh! Stupid Windows firewall… Thanks!!!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.