Firewall questions, if it's open "outwards" need I do anything at all?

I have syncthing running on a system on my home LAN which connects to the internet via a standard NAT router. The system that I synchronize with is a virtual server out on the internet.

The router firewall allows outgoing connections on any port but blocks incoming connections except on ports which I have specifically opened. Much to my surprise the two systems seem to be able to synchronize without any incoming ports being opened.

Is this what the following (from the Firewall Setup) means:- “Communication in Syncthing works both ways. Therefore if you set up port forwards for one device, other devices will be able to connect to it even when they are behind a NAT network or firewall.”

I.e. does the above mean that as long as a connection is possible in one direction on port 22000 then everything will work OK?

… or should I open up port 22000? I’ve not tried changing something on the remote system and seeing if it gets back to my LAN.

It will be able to connect even if none of them are forwarding the port via a relay at reduced speed.

If one of them is forwarding, they will connect directly, if both are forwarding they will probably connect faster.

By “one of them is forwarding” do you mean one allows incoming connections on port 22000? The ‘remote’ system is on a publicly accessible virtual server, it’s not behind a firewall so all (standard) ports are open in both directions. So there’s no port forwarding needed.

How can I tell how they are connecting? Will there be something in the log that says if a relay is being used?

The devices list on the right will show “relayed via” in the address if it is through a relay.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.