[SOLVED] Troubles with syncing over the Internet

Jay_LaCroix · January 15, 2015, 6:17pm

Hi Guys,

I’ve been researching a bit for the last week or so on how to get my laptop to sync with my desktop over the Internet, but I’m unable to get it to work. When I’m on my local LAN at home, there is no issue - everything syncs as it should. But while I’m connected to other networks outside my home (and I’ve tried several) I cannot reach my desktop.

So basically, my home network is set up like the following:

((Internet)) --------- [Hermes] --------- [Pluto]

In that simple diagram, Hermes is my router, and Pluto is my desktop. Both are Debian (yes, my router is actually a Debian PC Tower).

Since there is no UPnP on Hermes, I figured I’d have to do this manually. That’s fine, so I Googled around and discovered I need to open port 22026 for global discovery. (I confirmed that Pluto has this port configured). So I opened port 22026 through iptables:

iptables -A INPUT -p udp -m udp --dport 22026 -j ACCEPT

Nothing. I then read that 22000 needs to be open for local syncing, but it isn’t necessary for syncing outside the LAN. So I enabled it anyway:

iptables -A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 22000 -j ACCEPT

Still nothing.

Then, I tried forwarding port 22026 directly to Pluto:

iptables -A FORWARD -i eth0 -p tcp --dport 22026 -d 10.10.96.10 -j ACCEPT

And darn it, my laptop still can’t see Pluto unless I’m connected to my home LAN.

I admit that I’m not an iptables expert or anything, but I would’ve thought what I had above should’ve worked. Does anything stand out that I may have missed?

AudriusButkevicius · January 15, 2015, 6:51pm

22026 has nothing todo with the protocol. 22026 is used if you run your own discovery server, which I assume you are not doing.

You need to forward port 22000 on Hermes to port 22000 on Pluto. Or any other port X as long as X is the same on Hermes and Pluto. My iptables-fu is a bit rusty, but it seems you are not doing that, at least not on the right port.

Alternatively, you could run a UPnP service on Hermes.

Jay_LaCroix · January 16, 2015, 12:14am

Thanks, that got me on the right track. I did some digging with my config and discovered there is more than what I originally posted in regards to iptables to open this up. I played around with it some more and now it seems to work.

So, to save other people the frustration I went through, below is the relevant section of the bash script that sets up port forwarding and the opening of the required port. It’s possible that there may be redundancies in my config, but hopefully this is of use to someone:

## Set up port forwarding for Syncthing:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22000 -j DNAT --to-destination 10.10.96.10
iptables -A FORWARD -i eth0 -p tcp --dport 22000 -d 10.10.96.10 -j ACCEPT

## Allow Syncthing ports:
iptables -A INPUT -s 10.10.96.0/24 -m state --state NEW -p tcp --dport 22000 -j ACCEPT
iptables -A OUTPUT -s 10.10.96.0/24 -m state --state NEW -p tcp --dport 22000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22000 -j ACCEPT

tuhinbhuiyan · September 20, 2016, 6:44pm

@Jay_LaCroix

This thread might be an year old but Thank you for making list of iptables rule as I was looking for it. But I have a question, if I want this port to be open to only the device that I will add then how do I use them for direct connection?. It is not a LAN sync.