MRACHINI Posted August 4, 2013 Report Share Posted August 4, 2013 Hello,I'm trying to setup BTSync on all my RaspberryPi devices, without any kind of connections to the outside world.So i installed "UFW" (the firewall) and i blocked everything except local communications, using these commands:ufw default deny incomingufw default deny outgoingsudo ufw allow from 192.168.0.0/24sudo ufw allow to 192.168.0.0/24firewall is working perfectly.so now my Raspis are all blocked from the internet, and i can browse to BTSync webui 8888 just fine, but when i add the same folder to all of them and my laptop too, they don't discover each other, i enabled DHT just in case.also i should mention that i don't want to add predefined hosts.so i think i should open a port or ip for traker server or something!!!some clarification please Thank You Quote Link to comment Share on other sites More sharing options...
toomanydata Posted August 4, 2013 Report Share Posted August 4, 2013 doesn't the pi need to communicate with the tracker? (thereby making your firewall rules too restrictive)? Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 4, 2013 Author Report Share Posted August 4, 2013 well i blocked everything exept local connectionsbut i want BTSync to work with the least internet bandwidth possible, so what ips or ports should i unblock ? Quote Link to comment Share on other sites More sharing options...
greentown Posted August 5, 2013 Report Share Posted August 5, 2013 Hi,As far as I know, if you mark the "Search LAN" option, it should work on a LAN, using multicast, without any access to the internet. Judging by your firewall rules, multicast should already be allowed. Do you have all devices in the same LAN or is there a router in between? Do you have several network interfaces in your rpi?Also have a look at this, it may help:http://forum.bittorrent.com/topic/20144-local-lan-discovery-sends-multicast-out-eth0/Good luck Quote Link to comment Share on other sites More sharing options...
Guest idef1x Posted August 5, 2013 Report Share Posted August 5, 2013 Local LAN discovery works via multicast, so also allow traffic from/to 239.192.0.0 on port 3838 (UDP)See also post : Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 5, 2013 Author Report Share Posted August 5, 2013 Hi,As far as I know, if you mark the "Search LAN" option, it should work on a LAN, using multicast, without any access to the internet. Judging by your firewall rules, multicast should already be allowed. Do you have all devices in the same LAN or is there a router in between? Do you have several network interfaces in your rpi?Also have a look at this, it may help:http://forum.bittorr...icast-out-eth0/Good luck no i have only one router, and all devices are connected to it.i already tried to allow 239.192.0.0 on all ports just in case but it didn't work, i'll try if i should specify if its udp for it to work.Thank You Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 5, 2013 Author Report Share Posted August 5, 2013 ok i didsudo ufw allow from 239.192.0.0sudo ufw allow to 239.192.0.0&sudo ufw allow from 239.192.0.0 to any port 3838sudo ufw allow to 239.192.0.0 from any port 3838alsoufw allow 3838/udpjust in case but still doesn't work Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 5, 2013 Author Report Share Posted August 5, 2013 Local LAN discovery works via multicast, so also allow traffic from/to 239.192.0.0 on port 3838 (UDP)See also post : http://forum.bittorr...icast-out-eth0/still not working ! Quote Link to comment Share on other sites More sharing options...
Harold Feit Posted August 5, 2013 Report Share Posted August 5, 2013 that multicast range is a /14You may need to add that to the rules. Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 7, 2013 Author Report Share Posted August 7, 2013 that multicast range is a /14You may need to add that to the rules.yep that made it work i guess.Thank You Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 7, 2013 Author Report Share Posted August 7, 2013 i got this at the end:ufw default deny incomingufw default deny outgoingsudo ufw allow from 192.168.0.100/24sudo ufw allow to 192.168.0.100/24sudo ufw allow from 239.192.0.0/14sudo ufw allow to 239.192.0.0/14 Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 8, 2013 Author Report Share Posted August 8, 2013 aahh i spoke too soon, after adding these rules to the RasPi firewall, it detects other devices but doesn't resolve the name from IP address, and other devices don't detect the RasPi at all. Quote Link to comment Share on other sites More sharing options...
greentown Posted August 8, 2013 Report Share Posted August 8, 2013 I haven't used ufw myself, but I think that you should turn logging on and see what's being blocked by the firewall. Then you'll just have to allow that kind of traffic. Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 9, 2013 Author Report Share Posted August 9, 2013 this is all i can c in log, many many lines of this.[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97I've already unblocked this! Quote Link to comment Share on other sites More sharing options...
capi Posted August 9, 2013 Report Share Posted August 9, 2013 I never worked with UFW, but is it possible that your rules allowed only TCP and not UDP? Quote Link to comment Share on other sites More sharing options...
LazyWolf Posted August 9, 2013 Report Share Posted August 9, 2013 this is all i can c in log, many many lines of this.[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97I've already unblocked this!Maybe try...ufw allow from any to 239.192.0.0/14 port 3838 proto udp Quote Link to comment Share on other sites More sharing options...
greentown Posted August 9, 2013 Report Share Posted August 9, 2013 this is all i can c in log, many many lines of this.[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97I've already unblocked this!If you're getting those logs, you've clearly not unblocked it (yet). You almost have it! Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 9, 2013 Author Report Share Posted August 9, 2013 Maybe try...ufw allow from any to 239.192.0.0/14 port 3838 proto udpokaddedufw allow from any to 239.192.0.0/14 port 3838 proto udpufw allow from 239.192.0.0/14 to any port 3838 proto udpstill the same[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97 Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 9, 2013 Author Report Share Posted August 9, 2013 i read about a bug with UFW dropping multicast traffic when policy is set to deny. but its old (2011) Quote Link to comment Share on other sites More sharing options...
LazyWolf Posted August 12, 2013 Report Share Posted August 12, 2013 Maybe...sudo ufw allow out 3838/udp Quote Link to comment Share on other sites More sharing options...
MRACHINI Posted August 21, 2013 Author Report Share Posted August 21, 2013 still the same, I'm gonna use another firewall Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.