Can't connect directly/TCP

Having with a new NAS connecting directly to other devices. At the moment it only wants to connect through a relay.

I have multiple devices - Windows, Linux, and android that are all working with no issue on the same network so I will presume there is no network or router issue at this point.

Syncthing is installed via docker. I am able to enter the container and ping other devices on the network as well as google.com.

This is my first vanilla Debian nas that I have tried to setup, so I guess I might have messed something up along the way.

I have UFW and Tailscale installed, but disabling both makes no difference.

Really at a loss to what the issue could be. Any help would be appreciated

It sounds like your Docker container might be running in a private subnet that’s not visible to the other devices on your network. Can the other devices ping your Docker container?

In most cases, when running a server app, it makes more sense to enable “host networking” for the container so that it operates within the same subnet as your other devices that need to connect to it (the IP address assigned by your router via DHCP or statically configured).

For more info about Docker networking modes: https://docs.docker.com/compose/networking/

I’ll see if I can figure out how to ping a docker container from another computer, but something to note is that I copied the docker-compose file from a system where Syncthing is working with no issues.

Would you mind posting the docker-compose?

Based on your nudge I decided to restart the container in host mode and everything kicked into life, so I guess the issue is docker related more than Syncthing related.

Would still be nice to find out what the problem is with the regular bridge mode that I use on other machines…

Here is the compose file

services:
  syncthing:
    image: ghcr.io/linuxserver/syncthing
    container_name: syncthing
    hostname: syncthing
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /home/elizabeth/docker/syncthing/:/config
      - /home/mount/media/:/syncthing/
    ports:
      - 8384:8384
      - 22000:22000
      - 21027:21027/udp
    restart: unless-stopped

With your port mappings shown above, your container doesn’t actually need to run with host networking enabled. Your Debian NAS ends up effectively seen as running Syncthing even though Syncthing is inside a Docker container.

You’d mentioned earlier having UFW installed, and I presume enabled? If so, did you insert rules for allowing inbound connections on port 22000?

You probably already know that the command ufw status numbered outputs the list of current active firewall rules in numbered order.

Exactly, which is why I don’t get what is happening. I am familiar enough with docker to use it when it is working, but if I have to troubleshoot things then it starts to go over my head.

Really thought my plan to create a minimal Debian server would be a piece of cake!

Here is the output of sudo ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     DENY IN     Anywhere                  
[ 2] 2212                       ALLOW IN    Anywhere                  
[ 3] Samba                      ALLOW IN    Anywhere                  
[ 4] 22000                      ALLOW IN    Anywhere                  
[ 5] 21027                      ALLOW IN    Anywhere                  
[ 6] 22/tcp (v6)                DENY IN     Anywhere (v6)             
[ 7] 2212 (v6)                  ALLOW IN    Anywhere (v6)             
[ 8] Samba (v6)                 ALLOW IN    Anywhere (v6)             
[ 9] 22000 (v6)                 ALLOW IN    Anywhere (v6)             
[10] 21027 (v6)                 ALLOW IN    Anywhere (v6)

Output from ufw looks fine with both the ports Syncthing uses for syncing and local discovery are open.

Odds are your NAS is on a wired network and your Android device(s) on wireless. What about the Windows and other Linux devices?

If the only thing on the wired network is your NAS and router, while everything else is on wireless, then you’ll need to look at how your wireless router treats connections from the wireless network to the wired one which is almost always a different subnet.

Combined with the fact that switching to host networking for your Docker container allowed Syncthing to make a direct connection instead of relying on a relay definitely points to a routing issue.

One trick to avoiding the use of relaying in Syncthing is understanding how and when it’s used: https://docs.syncthing.net/users/relaying.html