NAT, ports not responding

Hello, here is thing: Ports that open by Syncthing, not responding, here is details: I have exact behavior on 2 servers. Connections between 2 apps. establishing over proxy , but suppose to be directly.

Virtual server with ephemeral External IP address: 3.8.124.106 (AWS cloud, non routable internal IP address assigned, an External IP NOT assigned to the host)

Local IP Ethernet: IPv4 Address. . . . . . . . . . . : 158.11.34.167 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . : 158.11.34.1

Applicaton started and open ports, as usual: TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1988 TCP 0.0.0.0:8384 0.0.0.0:0 LISTENING 1036 TCP 0.0.0.0:22000 0.0.0.0:0 LISTENING 1036

I added RDP 3389, to show that all configuration correct. All permission, firewall and routing set correctly. Inbound traffic restricted completely, only HTTP\S ports allowed. 2 trusted networks completely open, where sync appl. active

I’m able to establish connection to RDP port. I’m NOT able to establish connection to Syncthink application.

telnet 3.8.124.106 8384 Connecting To 3.8.124.106…Could not open connection to the host, on port 8384: Connect failed

telnet 3.8.124.106 22000 Connecting To 3.8.124.106…Could not open connection to the host, on port 22000: Connect failed

no problem with 3389

LOG: [start] 10:51:52 INFO: syncthing v1.4.0-rc.11 “Fermium Flea” (go1.13.8 windows-amd64) teamcity@build.syncthing.net 2020-03-06 19:52:22 UTC [start] 10:51:52 INFO: Automatic upgrade is always enabled for candidate releases. [RLNX7] 10:51:53 INFO: TCP listener ([::]:22000) starting [RLNX7] 10:51:53 INFO: GUI and API listening on [::]:8384 [RLNX7] 10:51:53 INFO: Access the GUI via the following URL: http://127.0.0.1:8384/ [RLNX7] 10:52:03 INFO: Detected 0 NAT services [RLNX7] 10:54:15 INFO: Established secure connection to 3IWB- [cropped] at 172.31.20.227:64443-107.170.56.60:443/relay-cl ient/TLS1.3-TLS_AES_128_GCM_SHA256 [RLNX7] 10:54:15 INFO: Device 3IWB[cropped] client is “syncthing v1.4.0-rc.11” named “ABCD” at 172.31.20.227:64443-107.170.56.60:443/relay-client/TLS1.3-TLS_AES_128_GCM_SHA256

It sounds to me like you blocked the traffic in the firewall. If not, I’m not following, but the principle is the same – port 22000 must be open (and forwarded etc in case of NAT) on one of the sides or they can’t possibly connect.

As I state … I’m not blocking … RDP port as any other ports completely open by trust network, I whitelisted it. ( like any port , /24 net)

And frankly I have no idea how it happens. but here is it … any open port responding remotely but sync-appl. So it running over proxy …

Well, it’s shown as listening, and you say

But anyway, if it’s listening and you can’t connect, something in between is dropping the packets.

local server, telnet … 11:38:45 INFO: Listen (BEP/tcp): TLS handshake: read tcp 172.31.20.227:22000->172.31.20.227:64531: i/o timeout

yes, locally responding …

so i simulated open port by other application … no connection … will investigate further …

Thanks everyone, seems Strange Thing a new season …

UPD: Silly me , forgot about local firewall …

1 Like