my situation:
VM with Syncthing → synchronizing with devices which are online via mobile internet (not only local).
I want to get the Qube more “isolated” - and allow only Syncthing app to go online - and nothing else (otherwise no internet connection for this vm necessary).
Via firewall rules - allow all outgoing traffic → syncthing detects my devices and synchronization takes place (but only via WAN IP - local detection not working - but still ok for me).
I tried:
enter local IP of devices
allow TCP 22000 / UDP 22000 / UDP 21027
With this rules - syncthing does not detect the devices.
Does someone have more tips to get syncthing detect the local devices + (more important) to detect and connect in general to my devices (not only local) but at same time allow only Syncthing to go online?
On my preceding Debian 12 system - i used in the same network (same Notebook) the ufw firewall.
Via “sudo ufw allow syncthing” everything was solved. But with Qubes i cant get this to work properly.
ok, it was a rare training for me to look for linux logs (debian user since 2018 - moved from Windows). Which logfile should i look for to see network traffic related things in Qubes?
will check tomorrow - you gave me the direction. Even if i never checked via tcpdump - i will check other sources to find how to check and use and give feedback. Thank you.
I ran into the same problem. I believe it is caused by syncthing using relays that are accessed via port 443. I tried adding a rule to allow 443 but that also didn’t work. If i disable outgoing firewall for my qube then syncthing works perfectly. if anyone has any updates on what the rules should be to resolve this that would be great.
