Syncthing behind corporate firewall with cntlm

Kovacs_Janos · April 18, 2018, 11:37am

I use Syncthing via cntlm as socks proxy. Our firewall is very restrictive here, it only allows http and https outbound connections. Syncthing works perfectly. The only thing I’m worried about is the following messages in cntlm’s log:

Apr 18 13:31:51 arch-rf cntlm[545]: Request for CONNECT to 188.36.52.199:28607 denied!
Apr 18 13:33:01 arch-rf cntlm[545]: Request for CONNECT to 188.36.52.199:22000 denied!
Apr 18 13:33:11 arch-rf cntlm[545]: Request for CONNECT to 188.36.52.199:28607 denied!
Apr 18 13:33:25 arch-rf cntlm[545]: 127.0.0.1 SOCKS 195.201.94.137:443
Apr 18 13:34:21 arch-rf cntlm[545]: 127.0.0.1 SOCKS discovery.syncthing.net:443
Apr 18 13:34:21 arch-rf cntlm[545]: Request for CONNECT to 188.36.52.199:22000 denied!

How do I configure Syncthing so that those connections that are denied by the firewall will not even be initiated? I’m using the default configuration right now.

AudriusButkevicius · April 18, 2018, 11:54am

You can’t as syncthing willtry all addresses advertised regardless of what your firewall allows.

Kovacs_Janos · April 18, 2018, 12:28pm

That is a pity. Those addresses are advertised by whom? Maybe I can try something on cntlm.

Tor · April 18, 2018, 12:33pm

I suppose you could just block that (outgoing) port number in a local firewall on your syncthing host, if you just want to avoid creating noise in the corporate firewall logs.

Kovacs_Janos · April 18, 2018, 12:34pm

Yes, that is the direction I will go then.

system · May 18, 2018, 12:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.