I installed the latest version of Syncthing onto my headless file server which runs Ubuntu Server v22.04.4. My goal is to keep my headless file server fenced in within my Home LAN. In other words, I do not want to complicate things by installing NGINX to configure port forwarding and thereby give Syncthing the ability to sync files from my Android phone (while I am at Starbucks) to my headless file server located at home. I have no need to do that.
With that said which of the two options shown below is the correct one to apply to the Syncthing Config.xml file if my goal is to keep my Syncthing fenced in within my Home LAN?
<address>127.0.0.1:8384</address> ?
OR
<address>0.0.0.0:8384</address> ?
Additionally, after I finished installing Syncthing my Browser was refusing to load the Syncthing GUI inside my FireFox browser. I was always getting a “Timed Out” error message.
So Google told me to make sure to open port 22000 and Port 80 in the UFW by running the two commands below:
sudo ufw allow 22000/tcp
sudo ufw allow 80/tcp
It did not fix the problem. I was still getting “Timed Out” FireFox errors.
My hope is somebody in this forum can give me some advice on what changes I need to make to my UFW configuration so I could eliminate my FireFox “Timed Out” error problems.
Lastly, I am 100% certain this Syncthing problem is due to a UFW misconfiguration because when I disabled my UFW Firewall using the command below:
sudo ufw disable
The problem disappeared. My Sycthing GUI correctly appears in my FireFox browser. Besides Port 80 and Port 22000 what other ports do I need to open in my UFW Firawall so my Syncthing GUI correctly appears in my FireFox browser?
127.0.0.1:8384 if you only want to reach your Syncthing web-GUI via the machine where Syncthing runs on. If you want to reach the web-GUI from any other device, 0.0.0.0:8384 will be the way to go. As long as you remain within your LAN without any forwards to your Syncthing host, this should be fine.
And please note the :8384 part there. That’s the port you will need to allow in your firewall (ufw in your case) to be able to reach the GUI. So replace 80 with 8384 and it should be fine:).
Note, too, the difference between where you allow port 8384 (the configuration GUI) and port 22000 (device-to-device sync connections). Port 22000 should generally be much more open than port 8384.
er-pa thank you for your post. Your advice fixed my problem with my FireFox browser. My Syncthing GUI now correctly appears in my FireFox browser after I opened 8384 port using the command below:
sudo ufw allow 8384/tcp
I noticed my Syncthing URL works with “http://” and if I try “https://” it gives me a warning that there is a risk. In your opinion, does using Syncthing under a “http://” URL mean my Syncthing is remaining fenced in within my home LAN. And if I attempt to use a “https://” URL am I exposing my syncs to the outside World Wide Web?
Calmh, thank you for your post. You mention Port 22000 should generally be much more open than port 8383. Can you provide more detailed information on what you mean? The reason I am confused is because I know how to enable a port or disable a port in UFW. But I do not know how to make a port much more open compared to another port in UFW? What SUDO command in your opinion makes one port more open than another port in UFW? Thank you for your time.
No. Your Syncthing web-GUI remains fenced in your LAN-environment as long as you don’t use port-forwarding or any other measure to forward traffic from the World Wide Web directly to your Syncthing host on port 8384. If your Syncthing instance is located inside your LAN, using http or https to access the GUI really does not matter nor does it indicate anything.
I think the point regarding 22000 is that it’s designed to be reachable by outside peers, where 8384 should have its accessibility (ideally) limited as that’s the admin-interface.