Encountering issues accessing your Syncthing Graphical User Interface (GUI) on your LInux Server, specifically after enabling the UFW firewall, is a common hurdle. This guide addresses this problem, focusing on configuring your UFW firewall to seamlessly work with Syncthing within your home LAN environment. We’ll explore the necessary port configurations to ensure smooth access to your Syncthing GUI without compromising your Linux server’s security.
Syncthing is a powerful open-source continuous file synchronization program, often deployed on Linux servers for home or small office setups. When securing your Linux server, especially a headless server, with UFW (Uncomplicated Firewall), it’s crucial to correctly configure port rules to allow Syncthing to function properly. A frequent problem arises when users find they can’t access the Syncthing GUI through their web browser after enabling UFW. They might encounter “Timed Out” errors, similar to the user who initially tried opening ports 22000 and 80 without success.
The key to resolving this lies in understanding which ports Syncthing requires and how UFW manages network traffic. By default, Syncthing uses port 22000 for TCP connections for device-to-device communication and port 22000 for UDP for local device discovery. Crucially, the web GUI, by default, operates on port 8384 (not port 80 as mistakenly attempted).
To correctly configure UFW for Syncthing GUI access, you need to allow traffic on these ports. Here are the UFW commands to implement:
sudo ufw allow 22000/tcp
sudo ufw allow 22000/udp
sudo ufw allow 8384/tcpLet’s break down these commands:
sudo ufw allow 22000/tcp: This command opens TCP port 22000, essential for Syncthing to sync files between devices. TCP ensures reliable, connection-oriented communication.sudo ufw allow 22000/udp: This command opens UDP port 22000, used for device discovery on your local network. UDP is connectionless and efficient for broadcasting discovery messages.sudo ufw allow 8384/tcp: This command opens TCP port 8384, the default port for accessing the Syncthing web GUI. This is the port you need to access the Syncthing interface in your browser.
After running these commands, ensure UFW is enabled:
sudo ufw enableYou can verify the UFW status and the newly added rules with:
sudo ufw statusThis command will display the current UFW status and list the allowed ports. You should see rules allowing traffic on ports 22000/tcp, 22000/udp, and 8384/tcp.
Regarding the Syncthing config.xml file and network interfaces, for a typical home LAN setup where you want to access Syncthing from other devices within your network, you should ensure Syncthing is configured to listen on all interfaces. This is often the default, but you can verify the <address> element in your config.xml file (usually located in ~/.config/syncthing/config.xml). It should ideally be set to listen on 0.0.0.0:8384 for the GUI and 0.0.0.0:22000 for syncing, which means listening on all available network interfaces. Avoid binding to 127.0.0.1 if you intend to access the GUI or sync from other machines on your LAN, as 127.0.0.1 restricts access to only the local machine (the Linux server itself).
In conclusion, to resolve Syncthing GUI timeout issues on your Linux server protected by UFW, ensure you have opened TCP port 8384 for GUI access, along with TCP and UDP port 22000 for Syncthing’s core functionality. Correctly configuring these UFW rules will allow you to manage your Syncthing instance through the web GUI while maintaining the security of your Linux server within your home network.
