I am using a self-built NAS (running SUSE tumbleweed) as cloud storage and local server and use syncthing to get around our institutes firewall since I am really really bad with network stuff. So far it worked flawlessly, but since the last maintenance in our IT department my server cant reach the discovery servers anymore. Our IT department is not willing to help since this is a private affair and they dont really care.
At the same time, for some reason, it still works when connected via wlan.
Now since I am also accessing this server as a networkdrive, I cant just unplug the Lan cable to force traffic through the wlan since that would break all my other local setups.
Thus I would like to specifically re-route syncthing traffic and syncthring traffic only through wlan.
I wanted to test settings with
route add [ip] via [gateway ip] dev [device]
but couldn’t find the IPs nessecary…
any help please?
As I said, I am useless with network stuff, but I am comfortable with command line
I suppose routing those specifically could work, with the caveat that it just affects discovery; if incoming and outgoing connections are blocked on the LAN connection you still won’t be able to connect even if discovery works. Finding the discovery server addresses is easy, however:
(There’s also IPv6, though this may not be relevant for you.)
I’m sure there is a way to route traffic based on the source user ID or program using packet marking and whatnot, but it’s above my paygrade of Linux packet juggling.
Thanks! gave it a shot, but sadly didn’t seem to work with the ip route command
it would probably easier if I knew what they are even blocking here… because even this website is inaccessible via lan…
though looks like I would need a different solution regardless…
I have a similar situation in my $work network. In the guest Wi-Fi, it works alright, but when I’m plugged into the LAN, all Syncthing accesses are blocked by a “security appliance” from FortiNet, called FortiGuard Intrusion Prevention. It explicitly recognizes anything Syncthing-related and marks it as malicious, being a P2P software. Which is correct (being peer-to-peer), but that doesn’t necessarily mean it’s something bad.
That same thing even blocks the internet connectivity check from my Ubuntu installation on the laptop, by the way. Really annoying.
I wonder if something could be done to convince FortiNet to disable such rules by default because it really is a wrong classification of the tool (putting it in the same category as Bittorrent and others, just because some usages there have been in conflict with copyright). Maybe if Kastelo Inc. contacted them for blocking a business model?
Convincing IT staff to manually disable the rule locally is really hard - I’m still arguing. I wish you good luck and a very good reasoning if you try going that route.
That would explain so much…
Does it also block this website? because in my case it does…
btw managed to get it working with the ip addresses above and the route command - but can’t seem to get it to work permanently because the rules get overwritten any time the wifi module is deactivated by the system… which occurs in all sorts of situations and I haven’t yet found a good workaround ._.
Yes, it’s all discovery servers, most relays apparently, and even related web pages like this forum, the documentation site and the homepage. In my case at least.
it would probably easier if I knew what they are even blocking here… because even this website is inaccessible via lan…
though looks like I would need a different solution regardless…