not seeing computer on different domain controllers

[shallowz]

we have 6 domain controller servers under one domain

computers connected the domain controller site sync with each other no issue

But between sites the sync software does not see each other.

why?

cant be a firewall issue because the computer talk to each other at that site without any adjustment of our domain firewall.

the only issue is if PC from Site A does not see PC from Site B in the BitTorrent Sync software.

why?

how do i get these computers to talk to each other?

[rdebath]

It's a firewall issue.

http://forum.bittorr...dpost&pid=49550

[shallowz]

How could it be a firewall issue if computer inside the same domain controller can see each other?

[eseelke]

A firewall doesn't block computer A from seeing Computer B. It blocks certain ports and/or programs.

Even though your computers can see each other, they could still be blocking BitTorrent Sync if it's not setup in the firewall.

[eseelke]

One way to test this is to disable the firewall on both computers (all profiles). If BitTorrent Sync starts syncing, you know it's the firewall.

[rdebath]

How could it be a firewall issue if computer inside the same domain controller can see each other?

The firewalls are routing traffic between the sites, presumably over a VPN. But, as I said in the linked message, peers on a local lan find each other by using multicast packets. It's very unlikely that you've got the multicast routing right for the peers to see each other between sites over your VPN. Therefore they will have to communicate over the internet by hole punching through your firewalls. As this isn't working it's a firewall issue. (Probably the firewall is blocking all UDP traffic)

If you add the peers as known hosts through the VPN tunnel they'll probably be able to sync with each other that way.

Note: BTSync does not register the internal IP addresses with the tracker so even if they can both communicate with the tracker the data will not be routed through the VPN.

Note: it could also be the Windows firewall on the PC as this does know the difference between local lan and everywhere else. This is unlikely though because the BTSync installer adds the proper rules to the windows firewall on the PC it's installed on.

PS: Windows domain controllers have absolutely nothing to do with it.

[shallowz]

The Windows firewall is turned off on all our computers. We have a corporate firewall to the outside world traffic.

I guess i am asking for a simple answer if it is possible

what do i tell our IT Firewall people to open up so that the computers can talk to each other between the domain controllers?

[Disappointed Cat]

Note: BTSync does not register the internal IP addresses with the tracker so even if they can both communicate with the tracker the data will not be routed through the VPN.

Are you sure about this? Multicasting for some reason doesn't work between my desktop and laptop (bridge, WiFi AP, firewalls, who knows why..) but if both PCs communicate with the tracker they can find eachother.

I did have to disable the relays though.

[rdebath]

I just checked the packet sent to the tracker; it's in bencode and the "la" is a local address which matches the internal IP and port for my client.

la = $(6,"c0a88b0c98d0")
m = 4
peer = $(20,"91aaffb2463df40c6ca21a281470ec915e31b2f7")
share = <<<
: 00 87 10 4f 34 0d da 84 95 8c a9 01 4f 49 ad d9 ...O4.......OI..
: 60 c2 e7 69 f2 c4 b4 e8 f8 c1 67 f9 81 3c 81 a2 `..i......g..<..
>>>

So you're right, the tracker does know the internal address and so can aid in your setup. It seems the reason it didn't work for me was that it only has one internal address, the NAT address, but not the internal VPN address.

[rdebath]

I guess i am asking for a simple answer if it is possible

what do i tell our IT Firewall people to open up so that the computers can talk to each other between the domain controllers?

Try this post.

Absolute minimum is opening to the tracker and relay on UDP port 3000, but best would be a rule something like "All UDP outbound with port numbers over 1024, with solicited replies inbound." This would in fact make it the same as normal TCP configurations. Though, you can configure the range of ports if you have control over all the peers.