PAT forbidden ?

Hi

  1. I read in Firewall/Networking man that ...The external forwarded port and the internal destination port has to be the same (i.e. 22000/TCP). Do I need to understand PAT won’t work or is forbidden , eg WAN—>22001_GW_22000—>22000node will be KO and has to be the same MUST be read ‘SHALL be the same’ as per rfc2119 ?

  2. Another one question, about a desktop that may be running 2 instances at the same moment: real newb in ipV6 I see in the config file <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>. In one of the 2 configs I must change the 2 isn’t it, e.g. [ff12::8385]:21028 ? Has this 8384 something to do with the web GUI port ? If yes, should it match the

<gui enabled="true" tls="true|false> <address>127.0.0.1:8384</address> port I know I really have to change?

Thank you

  1. If you want global discovery to work with manual port forwards, it must be the same because Syncthing only knows the port you set in its settings (e.g. 22000). This port will be announced to the global discovery servers. So if you don’t forward this exact port, no one will be able to connect to the address and port which is announced to global discovery. The only other way is to use UPnP, as then your router will tell Syncthing which port is forwarded.

  2. If I remember correctly ff12 IPv6 addresses are special addresses for multicast/broadcast and as everything after that is free to set whatever you want, the Syncthing devs used 8384 out of “fun” (btw. 83 84 are the char codes for ST, that’s also why the GUI port was changed to that :wink: ). I don’t know if you need to change both address and port to make two instances work, but I don’t think it can hurt, so just change both to be sure :slight_smile: .

For 2 instances on the same machine, you will have to change the gui port of one f them too, of course.

1 Like

When running more than one instance on the same computer, local discovery will only work for one of them. Sorry. The reason is that the port number must match on all devices for it to work, but two instances on the same computer can’t use the same port number. Theoretically more than one process could listen on the same port, but we haven’t implemented that.

1 Like

Thank you both. I appreciated answers and comments. Jakob, you mean all devices in the lan must use the same port so that local discovery to work on them? Maybe we can hope mitigation by the black sheeps being connected via global discovery and relaying.

Bye bye

Of course you can always enter the ip and port of the device in the device dialog on the other device’s ui.

So If the machine with the two instances has IP 192.168.0.2 and the second instance is listening on port 22001, you can set the device address of that instance on the other machines to tcp://192.168.0.2:22001, dynamic instead of dynamic to circumvent the not working local discovery.

1 Like

Great wweich, far clever!

Is there the same mandatory need to not-PAT for discosrv? We don’t have a “-ext-address” parameter as relaysrv has. Maybe a non-sense question as discosrv are not announced but instead manually or auto/default directed to, isn’t it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.