Hi there,
I using Syncthing locally and sometimes for file sharing I using Relay settings. In this condition it’s bad idea to disable UPnP on my router or DSL-modem?
My devices are Mac and Android phones.
Thanks
What do you want to achieve? The default is there for a purpose: It’s what works and what the Syncthing team believes is the best configuration for general purpose. At the same time people may have other requirements, that’s why there are configuration options. So to get any advice, you need to say what your requirements are, i.e. why you want to change something.
The question is finally, what happens when UPnP is disabled? A lot can be found in the documentation.
https://docs.syncthing.net/users/firewall.html?highlight=upnp
https://docs.syncthing.net/users/config.html?highlight=upnp
I think if there is no automatic UPnP available from the router, Syncthing will try to set up at least one connection via ports 80 and 443 via the relay server. That’s how I know it with restrictive company networks, which, among other things, is a huge advantage of Syncthing. If further ports are to be available for a more usually setting, these must be defined in the software and in the router, e.g. Ports for
Syncthing Instance 1: 22000, 21027, 8384
Syncthing Instance 2: 22001, 21028, 8385
.
.
.
.
Or what are the requirements in the absence of automatic UPnP from the Syncthing point of view?
1 Like
Hi, Actually I concerned about my out dated router and UPnP security risks. So I ask this way sorry about that. Thanks for your help @Andy @imsodin
If you don’t want to enable upnp, I suggest setting up port forwards for Syncthing: https://docs.syncthing.net/users/firewall.html#port-forwards
Here is my take on UPnP; I work in the area of internetworking (routing & switching) and security.
Some programs/applications will simply not work in routed NAT networks without port forwarding turned on. For many people understanding that, and reading through numerous articles, many poorly written, is just to confusing. So UPnP was invented as a way to make it easy. However there are a fair few security reports around UPnP advising against it. And some vendors did a lousy code job so UPnP because a significant security.
Syncthing does not require port forwarding to work in most cases. In most cases it just simply works. However, port forwarding does have its benefits and that is clearly detailed in the Syncthing documentation.
Please seriously consider turning off UPnP and doing port forwarding. Also consider changing the “connections listening” port to something other than default, and not to something well known like 80, 443, 8080, to quickly list three.
I avoid UPnP period.