syncthing hidden behind 2x NAT

I have a syncthing instance connecting to the internet via a cascade of two NAT-routers. (syncthing (on Solaris) => NAT 1. => NAT 2. => internet) While the first router (NAT 1.) is nicely configured by syncthing using UPNP the second one (NAT 2.) needs to map those setting to it’s public WAN-connection. The aim is to get syncthing advertising it’s port publicly so that other instances can connect to it using the “dynamic” option. Any help is highly appreciated.

Map the same port as Syncthing actually listens on (22000), at each NAT step, manually. Things should work automatically from there.

Will I need to map the UDP-port (21027) as well ?

That’s for local discovery, so no, not for connections to device on the internet. If you do need local discovery, you might need to allow multi-/broadcasts on your routers though for that to work.

Thank you for the advice - I finally got around to try the suggested setup. However, while NAT step 1. seems to work fine (I can see two ports being opened via UPNP: 28285<=>22000 & 23628<=>22000), NAT step 2. seems to deny opening any of the two alternative ports (28285 or 23628). On both devices the port-forward of port 22000 is active and seems to work. Here the syncthing-log:

2020-11-03 20:36:10 New NAT port mapping: external TCP address 10.168.10.10:28285 to local address 0.0.0.0:22000.
2020-11-03 20:36:10 New NAT port mapping: external TCP address 10.168.10.10:23628 to local address 0.0.0.0:22000.
2020-11-03 20:36:10 Detected 2 NAT services
2020-11-03 20:36:24 quic://0.0.0.0:22000 detected NAT type: Port restricted NAT
2020-11-03 20:36:24 quic://0.0.0.0:22000 resolved external address quic://xxx.180.yy.abc:22000 (via stun.syncthing.net:3478)

2020-11-03 20:36:33 Joined relay relay://87.0.34.107:22067

Any idea what I am doing wrong ?

Why do you need it to work with upnp? I doubt that works across two NATs. Just setup port forwards on both NATs and you are good.

Upnp will not work over 2 nat hops, you have to set up ports manually.

I don’t think upnp as a protocol even supports nested nats.

Thank you for letting me know - I deactivated UPNP on NAT 1. and automatic discovery started to work. Thanks to everybody for helping to resolve the issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.