TCP WAN in local network despite setting up the firewall rules


I run Syncthing on a TrueNAS Core server in a jail. Syncthing has it’s own IP address - which is different than the TrueNAS IP - in a different VLAN than my Android devices.

The Syncthing IP is
The Android device IP is
The setting in the Android app is "tcp://, dynamic"

Based on the Syncthing documentation regarding firewalls, the ports 22000 for TCP as well as UDP are open in both directions. ICMP is open as well for testing the direct connections - which works.

However, on Syncthing Server I see that the android device is only connected via TCP WAN instead of directly connected.

Does anyone have a hint for me to solve that issue?

Syncthings LAN detection is based on the networks the node is connected to. If the phone is on a different subnet, the server will treat the connection as WAN.


Yeah probably nothing needs to be solved. The LAN/WAN detection is very rudimentary. You can have many different subnets on a local network all before reaching a WAN. But only the same subnet is displayed as LAN and any different subnet I’d classified as WAN.

You don’t have to solve this. As long as the traffic isn’t reaching the internet and the data is staying local (which you can probably tell based on transfer rates) you don’t have to worry about what the UI says.

1 Like

Great. Thanks for your answers. I can remember that quite a long time ago, the status was flipping between TCP WAN and TCP LAN. That’s why I tought we got an issue here. But your explanation makes absolutely sense.

It’s possible the “jail” on the truenas is creating a different subnet. I don’t know how this works exactly on truenas. I’m running a docker on synology and syncthing is running on a private subnet provided by docker with port forwards.

I understand there are implications with respect to discovery but it works for me.

Good point. But Jails on FreeBSD work different than Docker container in terms of networking. All my jails are in the same subnet as the TrueNAS host.